FAA-34 0 Denunciar post Postado Dezembro 24, 2010 O Avast ao entrar m uma pagina da internet achou uma vulnerabilidade e um cavalo de troia (Trj)... Esse foi enviado para a quarentena...fiz uma verificação com o Avast e nao achou nada.... O MBAM com a verificação achou dois vírus Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:15:15, on 24/12/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe C:\ARQUIV~1\MICROS~3\rapimgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Casa\Dados de aplicativos\Mozilla\Firefox\Profiles\bkr2uecn.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\hijack\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://www.eset.com O15 - Trusted Zone: http://*.webtorpedos.net O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 8982 bytes Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 24/12/2010 14:05:33 mbam-log-2010-12-24 (14-05-33).txt Tipo de Verificação: Verificação Completa (A:\|C:\|D:\|E:\|) Objetos escaneados: 182987 Tempo decorrido: 47 minuto(s), 38 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 2 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\documents and settings\Casa\configurações locais\Temp\0.18711203778408136.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Casa\dados de aplicativos\Sun\Java\deployment\cache\6.0\6\23894746-197f2520 (Trojan.Agent) -> Quarantined and deleted successfully. Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Dezembro 24, 2010 Olá, FAA-34! *Baixe o RSIT e salve-o no desktop *Execute o RSIT e clique em [Continue] *Ao término do processo, cole os relatórios criados em C:\rsit\log.txt e C:\rsit\info.txt Ficamos no aguardo! Compartilhar este post Link para o post Compartilhar em outros sites
FAA-34 0 Denunciar post Postado Dezembro 24, 2010 Olá, FAA-34! *Baixe o RSIT e salve-o no desktop *Execute o RSIT e clique em [Continue] *Ao término do processo, cole os relatórios criados em C:\rsit\log.txt e C:\rsit\info.txt Ficamos no aguardo! Obrigado pela atenção! Logfile of random's system information tool 1.08 (written by random/random) Run by Casa at 2010-12-24 14:39:08 Microsoft Windows XP Professional Service Pack 2 System drive C: has 10 GB (20%) free of 50 GB Total RAM: 1015 MB (51% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:39:10, on 24/12/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe C:\ARQUIV~1\MICROS~3\rapimgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Casa\Dados de aplicativos\Mozilla\Firefox\Profiles\bkr2uecn.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Casa\Meus documentos\Downloads\RSIT.exe C:\hijack\Casa.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://www.eset.com O15 - Trusted Zone: http://*.webtorpedos.net O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 8852 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Click Maintenance.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-343818398-725345543-1003.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-343818398-725345543-500.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-343818398-725345543-1003.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-343818398-725345543-500.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23 61888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-07-11 341600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll [2010-12-07 251416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-09-21 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-21 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll [2010-12-07 251416] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-01 196608] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464] "avast5"=C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-10-05 114688] "Adobe ARM"=C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288] "TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2010-07-11 202256] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-09-05 15360] "msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840] "TuneUp MemOptimizer"=C:\Arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe [2009-11-16 163144] "H/PC Connection Agent"=C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-09-24 40368] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe [2008-09-26 2356088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\WINDOWS\system32\igfxtray.exe [2006-10-05 98304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] C:\WINDOWS\system32\igfxpers.exe [2006-10-05 94208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-09-21 149280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^InterVideo WinCinema Manager.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do PMB.lnk] C:\ARQUIV~1\Sony\SONYPI~1\PMBCore\SPUVOL~1.EXE [2008-11-13 333088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^LimeWire On Startup.lnk] [] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar Wireless Configuration Utility HW.15.lnk - C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-10-05 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-09-05 239616] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 "NoDriveAutoRun"=0xFFFFFFFF "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=0xFFFFFFFF "NoDriveTypeAutoRun"=255 "HonorAutoRunSetting"=1 "NoResolveSearch"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe"="C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"="C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"="C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Arquivos de programas\America's Army Server Manager\AA Server Remote Control.exe"="C:\Arquivos de programas\America's Army Server Manager\AA Server Remote Control.exe:*:Disabled:TODO: <File description>" "C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Assistente para transferência de arquivos e configurações" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:LiveMsgr" "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Arquivos de programas\America's Army\System\ArmyOps.exe"="C:\Arquivos de programas\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps" "C:\Arquivos de programas\America's Army\System\Server.exe"="C:\Arquivos de programas\America's Army\System\Server.exe:*:Disabled:Server" "G:\Tactical Ops\System\UCC.exe"="G:\Tactical Ops\System\UCC.exe:*:Enabled:UCC" "C:\Arquivos de programas\FrostWire\FrostWire.exe"="C:\Arquivos de programas\FrostWire\FrostWire.exe:*:Enabled:FrostWire" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Disabled:Assistência Remota - Windows Messenger e Voz" "G:\Tactical Ops\System\TacticalOps.exe"="G:\Tactical Ops\System\TacticalOps.exe:*:Disabled:TacticalOps" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe"="C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"="C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"="C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" ======List of files/folders created in the last 1 months====== 2010-12-24 14:39:08 ----D---- C:\rsit 2010-12-02 12:26:42 ----D---- C:\Documents and Settings\Casa\Dados de aplicativos\fltk.org ======List of files/folders modified in the last 1 months====== 2010-12-24 14:39:09 ----D---- C:\hijack 2010-12-24 14:39:02 ----D---- C:\WINDOWS\Prefetch 2010-12-24 14:38:42 ----SD---- C:\WINDOWS\Tasks 2010-12-24 14:31:44 ----AD---- C:\WINDOWS 2010-12-24 14:08:57 ----D---- C:\WINDOWS\Temp 2010-12-24 14:07:56 ----A---- C:\WINDOWS\RTacDbg.txt 2010-12-24 14:07:22 ----D---- C:\WINDOWS\system32\drivers 2010-12-24 14:07:22 ----D---- C:\WINDOWS\Registration 2010-12-24 14:06:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-12-23 15:52:26 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware 2010-12-22 15:55:17 ----D---- C:\WINDOWS\system32\CatRoot2 2010-12-20 23:29:00 ----D---- C:\Documents and Settings\Casa\Dados de aplicativos\FrostWire 2010-12-20 22:32:24 ----D---- C:\WINDOWS\system32 2010-12-20 22:32:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-12-19 20:53:10 ----D---- C:\Arquivos de programas\Wise Registry Cleaner 2010-12-18 15:30:48 ----SHD---- C:\WINDOWS\Installer 2010-12-18 15:30:48 ----SHD---- C:\Config.Msi 2010-12-18 15:30:48 ----RD---- C:\Arquivos de programas 2010-12-18 13:40:05 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Real 2010-12-17 18:38:12 ----D---- C:\Documents and Settings\Casa\Dados de aplicativos\Vso 2010-12-17 11:16:55 ----D---- C:\Arquivos de programas\McAfee 2010-12-16 12:01:39 ----HD---- C:\WINDOWS\inf 2010-12-11 19:42:58 ----D---- C:\Arquivos de programas\Mozilla Firefox 2010-12-09 23:18:49 ----A---- C:\WINDOWS\win.ini 2010-12-03 18:12:36 ----D---- C:\WINDOWS\system32\config 2010-12-03 18:12:27 ----D---- C:\WINDOWS\system32\wbem 2010-12-02 12:27:25 ----D---- C:\Documents and Settings\Casa\Dados de aplicativos\flightgear.org 2010-12-02 12:26:13 ----D---- C:\WINDOWS\WinSxS 2010-11-26 22:33:56 ----D---- C:\Arquivos de programas\TuneUp Utilities 2009 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 52060082;52060082 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\52060082.sys [2009-10-22 37392] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-07-04 44944] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-09 691696] R1 52060081;52060081; C:\WINDOWS\system32\DRIVERS\52060081.sys [2009-09-25 128016] R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672] R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-09-05 40192] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-10-09 21035] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376] R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-21 29696] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-10-05 1181824] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-06-25 47360] R3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys [2007-02-02 306560] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 cpudrv;cpudrv; \??\C:\Arquivos de programas\SystemRequirementsLab\cpudrv.sys [] S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704] S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312] S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488] S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-05-29 13312] S3 PAC207;SoC PC-Camer@; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176] S3 PSSDK42;PSSDK42; \??\C:\WINDOWS\system32\Drivers\pssdk42.sys [] S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-09-06 18176] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2010-03-02 26112] S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2010-03-26 32768] S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 utg4njgz;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\utg4njgz.sys [] S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 XDva332;XDva332; C:\WINDOWS\system32\drivers\XDva332.sys [] S3 XDva336;XDva336; C:\WINDOWS\system32\drivers\XDva336.sys [] S3 XDva337;XDva337; C:\WINDOWS\system32\drivers\XDva337.sys [] S3 XDva341;XDva341; C:\WINDOWS\system32\drivers\XDva341.sys [] S3 XDva342;XDva342; C:\WINDOWS\system32\drivers\XDva342.sys [] S3 XDva343;XDva343; C:\WINDOWS\system32\drivers\XDva343.sys [] S3 XDva346;XDva346; C:\WINDOWS\system32\drivers\XDva346.sys [] S3 XDva347;XDva347; C:\WINDOWS\system32\drivers\XDva347.sys [] S3 XDva348;XDva348; C:\WINDOWS\system32\drivers\XDva348.sys [] S3 XDva349;XDva349; C:\WINDOWS\system32\drivers\XDva349.sys [] S3 XDva352;XDva352; C:\WINDOWS\system32\drivers\XDva352.sys [] S3 XDva359;XDva359; C:\WINDOWS\system32\drivers\XDva359.sys [] S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-09-05 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-09-21 153376] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe [2010-11-24 88176] R2 NMSAccess;NMSAccess; C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe [2010-03-05 71096] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-06-05 75064] R2 SeaPort;SeaPort; C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-05-30 604488] R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-09-05 14336] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 ServiceLayer;ServiceLayer; C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-05-30 361288] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info.txt logfile of random's system information tool 1.08 2010-12-24 14:39:13 ======Uninstall list====== -->C:\Arquivos de programas\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0416 -removeonly -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00-->C:\Arquivos de programas\InstallShield Installation Information\{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}\setup.exe -runfromtemp -l0x0409 Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin Adobe Reader 8.2.5 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A82000000003} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" America's Army-->MsiExec.exe /I{EF434C52-D882-43DB-8777-EC7B10D8943C} Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48} Atheros Communications Inc.® L2 Fast Ethernet Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{0A755762-EED8-47AB-A446-505766F93D43}\Setup.exe" -l0x9 -removeonly Atualização para Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe" Aulete digital-->"C:\Arquivos de programas\Aulete digital\unins000.exe" avast! Free Antivirus-->C:\Arquivos de programas\Alwil Software\Avast5\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast5\Setup\setiface.dll" RunSetup CCleaner-->"C:\Arquivos de programas\CCleaner\uninst.exe" CDBurnerXP-->"C:\Arquivos de programas\CDBurnerXP\unins000.exe" ConvertXtoDVD 4.0.12.327-->"C:\Arquivos de programas\VSO\ConvertX\4\unins000.exe" DVD Shrink 3.2-->"C:\Arquivos de programas\DVD Shrink\unins000.exe" Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} FormatFactory 2.15-->C:\Arquivos de programas\FreeTime\FormatFactory\uninst.exe FrostWire 4.21.1-->C:\Arquivos de programas\FrostWire\Uninstall.exe High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe" Hotfix para Windows XP (KB921411)-->"C:\WINDOWS\$NtUninstallKB921411$\spuninst\spuninst.exe" hp deskjet 656c series (Remover somente)-->C:\Arquivos de programas\hp deskjet 656c series\hpfiui.exe -c -vdivid=HPF -vpnum=89 -vinstport=USB001 -vproduct=656c -huninstall Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} Java 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe" McAfee SiteAdvisor-->C:\Arquivos de programas\McAfee\SiteAdvisor\Uninstall.exe Meu GPS Airis-->MsiExec.exe /I{C713C4AD-31E2-455C-A51B-9CBF05706EE1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0416-0000-0000000FF1CE} Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9} Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox (3.6.13)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Nokia Connectivity Cable Driver-->MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3} Nokia PC Connectivity Solution-->MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D} Nokia PC Suite-->MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375} PC Camer@-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5} /l2070 RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0 Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x416 -removeonly RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Sony Picture Utility-->C:\Arquivos de programas\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0416 uninstall -removeonly Tunatic-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Tunatic TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357} VirusTotal Uploader 2.0-->"C:\Arquivos de programas\VirusTotalUploader2\uninstall.exe" Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)-->C:\ARQUIV~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{F2CD4651-F948-467C-B014-71FD981B7F59} Windows Live Galeria de Fotos-->MsiExec.exe /X{0C405D1F-359E-41C5-A1A9-383A04BBD5E2} Windows Live Mail-->MsiExec.exe /I{74AD1846-2010-4FB1-8E24-B6F2B87150C2} Windows Live Messenger-->MsiExec.exe /X{B5ED7AB0-3838-4389-8549-7C8E22DD48F4} Windows Live Sync-->MsiExec.exe /X{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009} Windows Live Toolbar-->MsiExec.exe /X{624DEAA0-B27D-444B-8BFE-70622B318A4A} Windows Live Writer-->MsiExec.exe /X{9555B4ED-09A3-4722-8E8C-57A49401D059} Wise Registry Cleaner Free 5.53-->"C:\Arquivos de programas\Wise Registry Cleaner\unins001.exe" ======Security center information====== AV: avast! Antivirus ======System event log====== Computer Name: CASA-25CED1FB6F Event Code: 7036 Message: O serviço Serviço de descoberta SSDP entrou no estado executando. Record Number: 56799 Source Name: Service Control Manager Time Written: 20101130164640.000000-120 Event Type: Informações User: Computer Name: CASA-25CED1FB6F Event Code: 7035 Message: O serviço Serviço de descoberta SSDP recebeu com êxito um controle Iniciar. Record Number: 56798 Source Name: Service Control Manager Time Written: 20101130164640.000000-120 Event Type: Informações User: AUTORIDADE NT\SYSTEM Computer Name: CASA-25CED1FB6F Event Code: 7036 Message: O serviço Adaptador de desempenho WMI entrou no estado executando. Record Number: 56797 Source Name: Service Control Manager Time Written: 20101130164638.000000-120 Event Type: Informações User: Computer Name: CASA-25CED1FB6F Event Code: 7035 Message: O serviço Adaptador de desempenho WMI recebeu com êxito um controle Iniciar. Record Number: 56796 Source Name: Service Control Manager Time Written: 20101130164638.000000-120 Event Type: Informações User: AUTORIDADE NT\SYSTEM Computer Name: CASA-25CED1FB6F Event Code: 7036 Message: O serviço Gerenciador de conexão de acesso remoto entrou no estado executando. Record Number: 56795 Source Name: Service Control Manager Time Written: 20101130164638.000000-120 Event Type: Informações User: =====Application event log===== Computer Name: CASA-25CED1FB6F Event Code: 0 Message: Record Number: 17287 Source Name: AFOM Time Written: 20101214102459.000000-120 Event Type: Informações User: Computer Name: CASA-25CED1FB6F Event Code: 0 Message: Record Number: 17286 Source Name: AFOM Time Written: 20101214102418.000000-120 Event Type: Informações User: Computer Name: CASA-25CED1FB6F Event Code: 0 Message: Record Number: 17285 Source Name: AFOM Time Written: 20101214102358.000000-120 Event Type: Informações User: Computer Name: CASA-25CED1FB6F Event Code: 0 Message: Record Number: 17284 Source Name: AFOM Time Written: 20101214102321.000000-120 Event Type: Informações User: Computer Name: CASA-25CED1FB6F Event Code: 0 Message: Record Number: 17283 Source Name: AFOM Time Written: 20101214102306.000000-120 Event Type: Informações User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Arquivos de programas\Arquivos comuns\Ulead Systems\MPEG "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel "PROCESSOR_REVISION"=0605 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Dezembro 27, 2010 FAA-34, 1º *Baixe o AD-Remover e salve-o no desktop *Duplo clique em AD-R.exe *Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa. *Cole o relatório criado em C:\Ad-Report-CLEAN.log 2º *Baixe o ComboFix e salve-o no desktop * Desative seu antivírus temporariamente: Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme. *Execute o Combofix e aceite o contrato *Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação. *Clique em [sIM] para continuar. *Aguarde a conclusão de todas as etapas *Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER. *O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta. No Aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
FAA-34 0 Denunciar post Postado Dezembro 27, 2010 Link do AD-Remover dando erro....Há um link alternativo ? EDIT: baixei aqui (http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe) EDIT 1 : Log AD - Remover ===== REPORT FROM AD-REMOVER 2.0.0.2,C | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 22/12/10 at 11:40 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 22:12:22 on 27/12/2010, Normal boot Microsoft Windows XP Professional Service Pack 2 (X86) Casa@CASA-25CED1FB6F ( ) ============== ACTION(S) ============== (!) -- Temporary files deleted. ============== ADDITIONNAL SCAN ============== ** Mozilla Firefox Version [3.6.13 (pt-BR)] ** -- C:\Documents and Settings\Casa\Dados de aplicativos\Mozilla\FireFox\Profiles\bkr2uecn.default\Prefs.js -- browser.download.lastDir, C:\\Documents and Settings\\Casa\\Meus documentos\\Downloads\\Programas browser.search.defaultenginename, Secure Search browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q= browser.search.selectedEngine, Google browser.startup.homepage, google.com.br browser.startup.homepage_override.mstone, rv:1.9.2.13 keyword.URL, hxxp://br.search.yahoo.com/search?fr=mcafee&p= -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\nmry0qvq.default\Prefs.js -- browser.startup.homepage_override.mstone, rv:1.9.2.12 ======================================== ** Internet Explorer Version [6.0.2900.2180] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Search Asst: no [HKLM\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Arquivos de programas\Ad-Remover\Quarantine: 0 File(s) C:\Arquivos de programas\Ad-Remover\Backup: 15 File(s) C:\Ad-Report-CLEAN[1].txt - 27/12/2010 (444 Byte(s)) C:\Ad-Report-CLEAN[2].txt - 27/12/2010 (483 Byte(s)) C:\Ad-Report-SCAN[1].txt - 27/12/2010 (2477 Byte(s)) End at: 22:13:31, 27/12/2010 ============== E.O.F ============== ________________________________________________/ /___________________________________ EDIT 3 : Assim que eu terminei de fazer o download do Combofix o MCAfee SiteAdvisor disse que era um download potencialmente perigoso e bloqueou ele..Devo proceder com o download? Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Dezembro 28, 2010 FAA-34, 1º *Execute novamente o AD-Remover *Clique em [uninstall] 2º Pode baixar sem nenhum problema e quando for executá-lo desative seu antivírus. Depois poste o resultado da verificação do Combofix; No aguardo! Compartilhar este post Link para o post Compartilhar em outros sites
FAA-34 0 Denunciar post Postado Dezembro 28, 2010 ComboFix 10-12-26.01 - Casa 27/12/2010 22:39:25.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1015.409 [GMT -2:00] Executando de: c:\documents and settings\Casa\Meus documentos\Downloads\Programas\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\CFLog c:\cflog\Black Hawk Down (2001) [ENG] [DVDrip] CD1.srt c:\cflog\Black Hawk Down (2001) [ENG] [DVDrip] CD2.srt c:\documents and settings\Casa\Dados de aplicativos\inst.exe c:\windows\system32\blomc20.txt . (((((((((((((((( Arquivos/Ficheiros criados de 2010-11-28 to 2010-12-28 )))))))))))))))))))))))))))) . 2010-12-28 00:06 . 2010-12-28 00:06 -------- d-----w- C:\Ad-Remover 2010-12-24 16:39 . 2010-12-24 16:39 -------- d-----w- C:\rsit 2010-12-03 20:12 . 2010-12-03 20:12 -------- d-----w- c:\windows\system32\wbem\Repository 2010-12-02 14:26 . 2010-12-02 14:26 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\fltk.org . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 20:09 . 2009-08-15 17:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 20:08 . 2009-08-15 17:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-01 22:55 . 2010-11-01 22:55 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys 2010-10-22 22:20 . 2009-06-05 23:32 189392 ----a-w- c:\windows\system32\PnkBstrB.xtr 2010-10-22 22:19 . 2009-06-05 23:32 138016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-10-22 22:19 . 2009-06-05 23:32 189392 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-10-09 18:03 . 2010-10-09 18:03 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] "TuneUp MemOptimizer"="c:\arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe" [2009-11-16 163144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "avast5"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-07-11 202256] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-05 15360] c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\ setup_9.0.0.722_24.08.2010_03-51.lnk - c:\documents and settings\Casa\Desktop\Virus Removal Tool\setup_9.0.0.722_24.08.2010_03-51\startup.exe [N/A] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Wireless Configuration Utility HW.15.lnk - c:\arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe [2005-9-11 622592] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^InterVideo WinCinema Manager.lnk] backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do PMB.lnk] backup=c:\windows\pss\Ferramenta de Verificação de Mídia do PMB.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-24 09:15 40368 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2008-09-26 14:02 2356088 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2006-10-05 13:11 98304 ----a-r- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2006-10-05 13:10 94208 ----a-r- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-09-21 15:41 149280 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "H/PC Connection Agent"="c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe" "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\America's Army Server Manager\\AA Server Remote Control.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Arquivos de programas\\America's Army\\System\\ArmyOps.exe"= "c:\\Arquivos de programas\\America's Army\\System\\Server.exe"= "c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Arquivos de programas\\Infogrames\\Tactical Ops\\System\\TacticalOps.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 52060082;52060082 Boot Guard Driver;c:\windows\system32\drivers\52060082.sys [24/4/2010 13:26 37392] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/2/2010 13:49 691696] R1 52060081;52060081;c:\windows\system32\drivers\52060081.sys [24/4/2010 13:26 128016] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/7/2010 13:47 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/7/2010 13:47 17744] S2 CLPSLS;COMODO livePCsupport Service; [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquiv~1\mcafee\SITEAD~1\mcsacore.exe [1/8/2010 16:56 88176] S3 cpudrv;cpudrv;\??\c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys --> c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys [?] S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.sys [24/2/2005 13:29 162176] S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [1/11/2010 20:55 38976] S3 utg4njgz;AVZ Kernel Driver;c:\windows\system32\drivers\utg4njgz.sys [1/9/2010 14:57 7168] S3 XDva332;XDva332; [x] S3 XDva336;XDva336; [x] S3 XDva337;XDva337; [x] S3 XDva341;XDva341; [x] S3 XDva342;XDva342; [x] S3 XDva343;XDva343; [x] S3 XDva346;XDva346; [x] S3 XDva347;XDva347; [x] S3 XDva348;XDva348; [x] S3 XDva349;XDva349; [x] S3 XDva352;XDva352; [x] S3 XDva359;XDva359; [x] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Conteúdo da pasta 'Tarefas Agendadas' 2010-12-28 c:\windows\Tasks\1-Click Maintenance.job - c:\arquivos de programas\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 19:54] 2010-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-343818398-725345543-1003.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02] 2010-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-343818398-725345543-500.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02] 2010-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-343818398-725345543-1003.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02] 2010-09-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-343818398-725345543-500.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02] . . ------- Scan Suplementar ------- . IE: Add to AMV Converter... IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: MediaManager tool grab multimedia file Trusted Zone: eset.com\www Trusted Zone: webtorpedos.net FF - ProfilePath - c:\documents and settings\Casa\Dados de aplicativos\Mozilla\Firefox\Profiles\bkr2uecn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com.br FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\arquivos de programas\McAfee\SiteAdvisor FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: VERO - Verificador ortográfico em Português do Brasil: pt-BR@dictionaries.addons.mozilla.org - %profile%\extensions\pt-BR@dictionaries.addons.mozilla.org FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66} FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com FF - Ext: Memory Fox: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} - %profile%\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: network.http.max-persistent-connections-per-server - 4 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-27 22:41 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(560) c:\windows\SYSTEM32\Wireless\WirelessGina.DLL . Tempo para conclusão: 2010-12-27 22:43:25 ComboFix-quarantined-files.txt 2010-12-28 00:43 Pré-execução: 11 pasta(s) 12.301.987.840 bytes disponíveis Pós execução: 15 pasta(s) 12.937.682.944 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 93FCB6F1A901E6DE0E6D709CD02D2E7A Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Dezembro 28, 2010 FAA-34, 1º *Abra a pasta Virus Removal Tool, localizada no desktop, execute o atalho Start *Clique em [Exit] > [Yes] > [sim] > [sim] *O PC será reiniciado *Delete os arquivos setup do Kaspersky e log.txt salvos no desktop 2º *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo: Killall:: Driver:: XDva332 XDva33 XDva337 XDva341 XDva342 XDva343 XDva346 XDva347 XDva348 XDva349 XDva352 XDva359 *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!! *Ao final do procedimento, o programa será fechado automaticamente e será mostrado o relatório *Cole o relatório criado em C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
FAA-34 0 Denunciar post Postado Dezembro 28, 2010 1º *Abra a pasta Virus Removal Tool, localizada no desktop, execute o atalho Start *Clique em [Exit] > [Yes] > [sim] > [sim] *O PC será reiniciado *Delete os arquivos setup do Kaspersky e log.txt salvos no desktop Nao entendi..Nao tem nada com esse nome no desktop Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Dezembro 28, 2010 FAA-34, *Configure o Windows para mostrar pastas e arquivos ocultos e veja se aparece a referida pasta; Compartilhar este post Link para o post Compartilhar em outros sites
FAA-34 0 Denunciar post Postado Dezembro 28, 2010 Negativo Felipe, habilitei a exibição de arquivos e pastas ocultos, olhei no desktop e nao achei nada. fui em ''Procurar'' , coloquei o nome do arquivo e também nao achei nada... Como proceder? Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Dezembro 28, 2010 FAA-34, Ok. Prossiga como orietado anteriormente no uso do combofix; Fico no aguardo! Compartilhar este post Link para o post Compartilhar em outros sites
FAA-34 0 Denunciar post Postado Dezembro 28, 2010 FAA-34, Ok. Prossiga como orietado anteriormente no uso do combofix; Fico no aguardo! Felipe, instalei um jogo que um amigo meu tinha me emprestado e agora estou com receio dele haver virus...Desisntalei ele tilizando o Revo e depois passei o combofix, mas nao tomei nehuma atitude.. ComboFix 10-12-26.01 - Casa 28/01/2010 12:06:46.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1015.534 [GMT -2:00] Executando de: c:\documents and settings\Casa\Meus documentos\Downloads\Programas\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Casa\Meus documentos\cc_20100702_193526.reg . (((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))) . 2010-12-28 00:06 . 2010-12-28 00:06 -------- d-----w- C:\Ad-Remover 2010-12-24 16:39 . 2010-12-24 16:39 -------- d-----w- C:\rsit 2010-12-03 20:12 . 2010-12-03 20:12 -------- d-----w- c:\windows\system32\wbem\Repository 2010-12-02 14:26 . 2010-12-02 14:26 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\fltk.org 2010-11-23 14:45 . 2010-11-23 14:45 -------- d-----w- C:\nv 2010-11-12 22:05 . 2010-11-13 00:22 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Dropbox 2010-11-12 21:36 . 2010-12-21 01:29 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\FrostWire 2010-11-12 21:35 . 2010-11-12 21:37 -------- d-----w- c:\arquivos de programas\FrostWire 2010-11-08 23:22 . 2010-11-09 00:00 -------- d-----w- c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\CrossGL-Reminder-Clock 2010-11-06 19:05 . 2010-11-06 19:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\MGB 2010-11-06 19:05 . 2010-11-06 19:05 -------- d-----w- c:\arquivos de programas\Aulete digital 2010-11-05 23:31 . 2010-11-05 23:31 -------- d-----w- c:\arquivos de programas\Sony Setup 2010-11-01 22:55 . 2010-11-01 22:55 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys 2010-11-01 22:55 . 2010-11-01 23:10 -------- d-----w- c:\arquivos de programas\Tenable 2010-10-24 00:50 . 2010-10-24 00:50 -------- d-----w- c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\stellarium 2010-10-09 18:03 . 2010-10-09 18:03 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-10-09 18:03 . 2010-10-09 18:03 -------- d-----w- c:\windows\system32\Wireless 2010-10-06 22:28 . 2010-10-06 22:28 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Media Player Classic 2010-10-06 22:25 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll 2010-10-01 21:23 . 2010-10-01 21:23 -------- d-----w- c:\arquivos de programas\VirusTotalUploader2 2010-09-23 17:42 . 2010-09-23 17:42 95672 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll 2010-09-20 20:30 . 2010-09-20 20:30 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Process Hacker 2 2010-09-19 18:45 . 2010-09-19 19:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton 2010-09-19 18:45 . 2010-09-19 18:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec 2010-09-19 05:04 . 2010-12-24 16:39 -------- d-----w- C:\hijack 2010-09-18 03:48 . 2010-09-18 03:48 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Ashampoo 2010-09-18 03:47 . 2010-09-18 03:47 -------- d-----w- c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\ashampoo 2010-09-18 03:47 . 2010-09-18 03:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ashampoo 2010-09-11 20:33 . 2001-09-06 02:27 18176 -c--a-w- c:\windows\system32\dllcache\sermouse.sys 2010-09-11 20:33 . 2001-09-06 02:27 18176 ----a-w- c:\windows\system32\drivers\sermouse.sys 2010-09-01 17:41 . 2010-09-01 17:41 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-09-01 17:33 . 2010-09-19 17:31 -------- d-----w- c:\arquivos de programas\Rockstar Games 2010-09-01 16:57 . 2010-09-01 16:57 7168 ----a-w- c:\windows\system32\drivers\utg4njgz.sys 2010-08-24 19:02 . 2010-08-24 19:02 -------- d--h--w- c:\windows\PIF 2010-08-13 22:15 . 2010-08-13 22:15 -------- d-----w- c:\windows\PixArt 2010-08-13 22:15 . 2010-08-13 22:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCCamera 2010-08-13 22:15 . 2010-08-13 22:15 -------- d-----w- c:\arquivos de programas\PC Camer@ 2010-08-01 18:56 . 2010-08-01 18:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\McAfee 2010-08-01 18:53 . 2010-12-17 13:16 -------- d-----w- c:\arquivos de programas\McAfee 2010-08-01 18:53 . 2010-08-01 18:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2010-08-01 00:01 . 2010-08-01 00:01 -------- d-----w- C:\e90de8f2676ead1243c0 2010-07-31 23:59 . 2010-07-31 23:59 -------- d-----w- c:\documents and settings\Casa\PrivacIE 2010-07-31 23:36 . 2010-07-31 23:36 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Qualys 2010-07-31 03:42 . 2010-07-31 03:42 -------- d-----w- c:\documents and settings\LocalService\IETldCache 2010-07-31 03:36 . 2010-07-31 03:38 -------- dc-h--w- c:\windows\ie8 2010-07-31 03:36 . 2010-07-31 03:37 -------- d-----w- c:\windows\system32\pt-BR 2010-07-23 15:57 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr 2010-07-23 15:47 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-07-23 15:47 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-07-23 15:46 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-07-23 15:46 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-07-23 15:46 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-07-23 15:46 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-07-23 15:46 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-07-23 15:46 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-07-23 14:29 . 2010-07-23 14:29 -------- d-----w- c:\documents and settings\Casa\DoctorWeb 2010-07-22 15:05 . 2009-11-12 17:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-07-22 15:05 . 2010-07-22 15:05 -------- d-----w- c:\arquivos de programas\CDBurnerXP 2010-07-21 14:55 . 2010-07-21 15:04 -------- d-----w- c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\VMware 2010-07-21 14:55 . 2010-07-22 20:39 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\VMware 2010-07-21 14:46 . 2010-07-22 20:26 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\VMware 2010-07-21 14:46 . 2010-07-22 20:42 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\VMware 2010-07-21 14:26 . 2010-07-21 14:41 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Download Manager 2010-07-19 18:05 . 2010-07-19 18:05 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Publish Providers 2010-07-19 18:05 . 2010-11-05 22:35 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Sony 2010-07-19 18:04 . 2010-07-19 18:04 -------- d-----w- c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\Sony 2010-07-12 16:02 . 2010-07-14 19:34 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Stellarium 2010-07-11 02:48 . 2010-07-11 02:48 8192 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll 2010-07-11 02:48 . 2010-07-11 02:48 140864 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll 2010-07-11 02:48 . 2010-07-11 02:48 98304 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll 2010-07-11 02:48 . 2010-07-11 02:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared 2010-07-11 02:47 . 2010-07-11 02:47 569397 ----a-w- c:\arquivos de programas\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll 2010-06-25 20:44 . 2010-06-25 20:54 -------- d-----w- c:\arquivos de programas\URUSoft 2010-06-25 15:38 . 2010-06-25 15:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\vsosdk 2010-06-25 02:36 . 2010-12-17 20:38 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Vso 2010-06-25 02:36 . 2010-06-25 02:36 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-06-25 02:36 . 2010-06-25 02:36 47360 ----a-w- c:\documents and settings\Casa\Dados de aplicativos\pcouffin.sys 2010-06-25 02:36 . 2010-02-09 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll 2010-06-25 02:36 . 2010-02-09 19:37 217127 ----a-w- c:\windows\system32\drv43260.dll 2010-06-25 02:36 . 2010-02-09 19:37 208935 ----a-w- c:\windows\system32\drv33260.dll 2010-06-25 02:36 . 2010-02-09 19:37 176165 ----a-w- c:\windows\system32\drv23260.dll 2010-06-25 02:36 . 2010-02-09 19:37 102439 ----a-w- c:\windows\system32\sipr3260.dll 2010-06-25 02:36 . 2010-02-09 19:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll 2010-06-25 02:36 . 2010-02-09 19:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll 2010-06-25 02:35 . 2010-06-25 02:36 -------- d-----w- c:\arquivos de programas\VSO 2010-06-24 16:37 . 2010-06-24 20:18 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\BitTorrent 2010-06-23 16:59 . 2010-12-11 21:42 16856 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugin-container.exe 2010-06-23 16:59 . 2010-12-11 21:42 719832 ----a-w- c:\arquivos de programas\Mozilla Firefox\mozcpp19.dll 2010-06-16 19:50 . 2010-12-25 23:43 -------- d-----w- c:\arquivos de programas\Wise Registry Cleaner 2010-06-16 16:54 . 2010-06-16 16:54 272 ----a-w- c:\windows\system32\drivers\sfi.dat 2010-06-01 22:00 . 2010-04-09 04:26 277240 ----a-w- c:\windows\system32\guard32.dll 2010-06-01 22:00 . 2010-04-09 04:25 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2010-06-01 22:00 . 2010-04-09 04:25 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys 2010-05-30 18:13 . 2010-05-30 18:13 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2010-05-30 18:13 . 2009-11-16 15:25 29000 ----a-w- c:\windows\system32\uxtuneup.dll 2010-05-30 18:13 . 2010-05-30 18:13 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2010-05-30 18:13 . 2010-05-30 18:13 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\TuneUp Software 2010-05-30 18:13 . 2010-05-30 18:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TuneUp Software 2010-05-30 18:12 . 2010-12-27 23:50 -------- d-----w- c:\arquivos de programas\TuneUp Utilities 2009 2010-05-30 18:12 . 2010-05-30 18:12 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\{55A29068-F2CE-456C-9148-C869879E2357} 2010-05-26 22:20 . 2010-12-02 14:27 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\flightgear.org 2010-05-19 16:27 . 2010-05-19 17:01 -------- d-----w- c:\windows\Internet Logs 2010-05-16 18:51 . 2010-05-16 18:51 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativosComodoGroup 2010-05-16 18:49 . 2010-05-16 18:49 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\ComodoGroup 2010-05-06 18:07 . 2010-10-06 22:13 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-05-06 17:57 . 2010-05-06 18:06 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\AnvSoft 2010-04-25 19:48 . 2010-04-25 19:48 -------- d-----w- C:\VritualRoot 2010-04-25 18:09 . 2010-04-25 18:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\COMODO 2010-04-24 19:46 . 2010-04-24 19:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software 2010-04-24 19:46 . 2010-04-24 19:46 -------- d-----w- c:\arquivos de programas\Alwil Software 2010-04-24 15:26 . 2009-10-22 16:54 37392 ----a-w- c:\windows\system32\drivers\52060082.sys 2010-04-24 15:26 . 2009-10-10 02:31 315408 ----a-w- c:\windows\system32\drivers\5206008.sys 2010-04-24 15:26 . 2009-09-25 20:59 128016 ----a-w- c:\windows\system32\drivers\52060081.sys 2010-04-24 12:21 . 2010-08-22 17:02 -------- d-----w- c:\documents and settings\Casa\SystemRequirementsLab 2010-04-22 22:32 . 2010-06-16 16:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Comodo Downloader 2010-03-28 15:43 . 2010-03-28 15:43 -------- d-----r- c:\documents and settings\LocalService\Meus documentos 2010-03-26 19:07 . 2010-03-26 19:07 32768 ----a-w- c:\windows\system32\drivers\taphss.sys 2010-03-10 17:16 . 2010-03-10 17:20 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\DAEMON Tools Lite 2010-03-10 17:16 . 2010-03-10 17:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite 2010-03-09 15:46 . 2010-03-16 23:55 -------- d-----w- c:\arquivos de programas\SlySoft 2010-03-07 01:36 . 2010-03-07 01:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IObit 2010-03-02 04:19 . 2010-03-02 04:19 26112 ----a-w- c:\windows\system32\drivers\tap0901.sys 2010-02-25 16:08 . 2010-12-03 20:12 -------- d-----w- c:\documents and settings\Administrador 2010-02-09 15:49 . 2010-02-09 15:49 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-06 22:41 . 2010-02-06 22:41 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Canneverbe Limited . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 20:09 . 2009-08-15 17:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 20:08 . 2009-08-15 17:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-22 22:20 . 2009-06-05 23:32 189392 ----a-w- c:\windows\system32\PnkBstrB.xtr 2010-10-22 22:19 . 2009-06-05 23:32 138016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-10-22 22:19 . 2009-06-05 23:32 189392 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-07-11 02:47 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-07-11 02:47 . 2003-02-21 07:42 348160 ----a-w- c:\windows\system32\msvcr71.dll . ((((((((((((((((((((((((((((( SnapShot@2010-12-28_00.41.57 ))))))))))))))))))))))))))))))))))))))))) . + 2010-01-28 11:54 . 2010-01-28 11:54 16384 c:\windows\Temp\Perflib_Perfdata_5b0.dat + 2010-01-28 11:54 . 2010-01-28 11:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-03-31 16:34 . 2010-01-28 11:54 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat - 2009-03-31 16:34 . 2010-06-16 19:48 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat + 2009-03-31 16:34 . 2010-01-28 11:54 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat - 2009-03-31 16:34 . 2010-06-16 19:48 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] "TuneUp MemOptimizer"="c:\arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe" [2009-11-16 163144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "avast5"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-07-11 202256] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-05 15360] c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\ setup_9.0.0.722_24.08.2010_03-51.lnk - c:\documents and settings\Casa\Desktop\Virus Removal Tool\setup_9.0.0.722_24.08.2010_03-51\startup.exe [N/A] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Wireless Configuration Utility HW.15.lnk - c:\arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe [2005-9-11 622592] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^InterVideo WinCinema Manager.lnk] backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do PMB.lnk] backup=c:\windows\pss\Ferramenta de Verificação de Mídia do PMB.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-24 09:15 40368 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2008-09-26 14:02 2356088 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2006-10-05 13:11 98304 ----a-r- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2006-10-05 13:10 94208 ----a-r- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-09-21 15:41 149280 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "H/PC Connection Agent"="c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe" "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\America's Army Server Manager\\AA Server Remote Control.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Arquivos de programas\\America's Army\\System\\ArmyOps.exe"= "c:\\Arquivos de programas\\America's Army\\System\\Server.exe"= "c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 52060082;52060082 Boot Guard Driver;c:\windows\system32\drivers\52060082.sys [24/4/2010 13:26 37392] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/2/2010 13:49 691696] R1 52060081;52060081;c:\windows\system32\drivers\52060081.sys [24/4/2010 13:26 128016] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/7/2010 13:47 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/7/2010 13:47 17744] S2 CLPSLS;COMODO livePCsupport Service; [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquiv~1\mcafee\SITEAD~1\mcsacore.exe [1/8/2010 16:56 88176] S3 cpudrv;cpudrv;\??\c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys --> c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys [?] S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.sys [24/2/2005 13:29 162176] S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [1/11/2010 20:55 38976] S3 utg4njgz;AVZ Kernel Driver;c:\windows\system32\drivers\utg4njgz.sys [1/9/2010 14:57 7168] S3 XDva332;XDva332; [x] S3 XDva336;XDva336; [x] S3 XDva337;XDva337; [x] S3 XDva341;XDva341; [x] S3 XDva342;XDva342; [x] S3 XDva343;XDva343; [x] S3 XDva346;XDva346; [x] S3 XDva347;XDva347; [x] S3 XDva348;XDva348; [x] S3 XDva349;XDva349; [x] S3 XDva352;XDva352; [x] S3 XDva359;XDva359; [x] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Conteúdo da pasta 'Tarefas Agendadas' 2010-01-28 c:\windows\Tasks\1-Click Maintenance.job - c:\arquivos de programas\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 19:54] 2010-01-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-343818398-725345543-1003.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02] 2010-01-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-343818398-725345543-1003.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02] . . ------- Scan Suplementar ------- . IE: Add to AMV Converter... IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: MediaManager tool grab multimedia file Trusted Zone: eset.com\www Trusted Zone: webtorpedos.net FF - ProfilePath - c:\documents and settings\Casa\Dados de aplicativos\Mozilla\Firefox\Profiles\bkr2uecn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com.br FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\arquivos de programas\McAfee\SiteAdvisor FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: VERO - Verificador ortográfico em Português do Brasil: pt-BR@dictionaries.addons.mozilla.org - %profile%\extensions\pt-BR@dictionaries.addons.mozilla.org FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66} FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com FF - Ext: Memory Fox: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} - %profile%\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: network.http.max-persistent-connections-per-server - 4 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-28 12:10 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(772) c:\windows\SYSTEM32\Wireless\WirelessGina.DLL . Tempo para conclusão: 2010-01-28 12:11:55 ComboFix-quarantined-files.txt 2010-01-28 14:11 ComboFix2.txt 2010-12-28 00:43 Pré-execução: 14 pasta(s) 13.257.027.584 bytes disponíveis Pós execução: 15 pasta(s) 13.255.426.048 bytes disponíveis - - End Of File - - F2984B060D54070295780CCDC32D7F5B Posso depois disso fazer os mesmo comandos no bloco de notas e utilizar ele mesmo assim? Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Dezembro 28, 2010 FAA-34, Faça conforme orientado abaixo. *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo: Killall::Driver:: XDva332 XDva33 XDva337 XDva341 XDva342 XDva343 XDva346 XDva347 XDva348 XDva349 XDva352 XDva359 *Salve o arquivo no desktop como CFScript.txt*Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!! *Ao final do procedimento, o programa será fechado automaticamente e será mostrado o relatório *Cole o relatório criado em C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
FAA-34 0 Denunciar post Postado Dezembro 28, 2010 FAA-34, Faça conforme orientado abaixo. *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo: Killall::Driver:: XDva332 XDva33 XDva337 XDva341 XDva342 XDva343 XDva346 XDva347 XDva348 XDva349 XDva352 XDva359 *Salve o arquivo no desktop como CFScript.txt*Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!! *Ao final do procedimento, o programa será fechado automaticamente e será mostrado o relatório *Cole o relatório criado em C:\combofix.txt Como solicitado ComboFix 10-12-26.01 - Casa 28/01/2010 16:15:20.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1015.548 [GMT -2:00] Executando de: c:\documents and settings\Casa\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Casa\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_XDVA332 -------\Legacy_XDVA337 -------\Legacy_XDVA341 -------\Legacy_XDVA342 -------\Legacy_XDVA343 -------\Legacy_XDVA346 -------\Legacy_XDVA347 -------\Legacy_XDVA348 -------\Legacy_XDVA349 -------\Legacy_XDVA352 -------\Legacy_XDVA359 -------\Service_XDva332 -------\Service_XDva337 -------\Service_XDva341 -------\Service_XDva342 -------\Service_XDva343 -------\Service_XDva346 -------\Service_XDva347 -------\Service_XDva348 -------\Service_XDva349 -------\Service_XDva352 -------\Service_XDva359 (((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))) . 2010-12-28 00:06 . 2010-12-28 00:06 -------- d-----w- C:\Ad-Remover 2010-12-24 16:39 . 2010-12-24 16:39 -------- d-----w- C:\rsit 2010-12-03 20:12 . 2010-12-03 20:12 -------- d-----w- c:\windows\system32\wbem\Repository 2010-12-02 14:26 . 2010-12-02 14:26 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\fltk.org 2010-11-23 14:45 . 2010-11-23 14:45 -------- d-----w- C:\nv 2010-11-12 22:05 . 2010-11-13 00:22 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Dropbox 2010-11-12 21:36 . 2010-12-21 01:29 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\FrostWire 2010-11-12 21:35 . 2010-11-12 21:37 -------- d-----w- c:\arquivos de programas\FrostWire 2010-11-08 23:22 . 2010-11-09 00:00 -------- d-----w- c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\CrossGL-Reminder-Clock 2010-11-06 19:05 . 2010-11-06 19:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\MGB 2010-11-06 19:05 . 2010-11-06 19:05 -------- d-----w- c:\arquivos de programas\Aulete digital 2010-11-05 23:31 . 2010-11-05 23:31 -------- d-----w- c:\arquivos de programas\Sony Setup 2010-11-01 22:55 . 2010-11-01 22:55 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys 2010-11-01 22:55 . 2010-11-01 23:10 -------- d-----w- c:\arquivos de programas\Tenable 2010-10-24 00:50 . 2010-10-24 00:50 -------- d-----w- c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\stellarium 2010-10-09 18:03 . 2010-10-09 18:03 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-10-09 18:03 . 2010-10-09 18:03 -------- d-----w- c:\windows\system32\Wireless 2010-10-06 22:28 . 2010-10-06 22:28 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Media Player Classic 2010-10-06 22:25 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll 2010-10-01 21:23 . 2010-10-01 21:23 -------- d-----w- c:\arquivos de programas\VirusTotalUploader2 2010-09-23 17:42 . 2010-09-23 17:42 95672 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll 2010-09-20 20:30 . 2010-09-20 20:30 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Process Hacker 2 2010-09-19 18:45 . 2010-09-19 19:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton 2010-09-19 18:45 . 2010-09-19 18:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec 2010-09-19 05:04 . 2010-12-24 16:39 -------- d-----w- C:\hijack 2010-09-18 03:48 . 2010-09-18 03:48 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Ashampoo 2010-09-18 03:47 . 2010-09-18 03:47 -------- d-----w- c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\ashampoo 2010-09-18 03:47 . 2010-09-18 03:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ashampoo 2010-09-11 20:33 . 2001-09-06 02:27 18176 -c--a-w- c:\windows\system32\dllcache\sermouse.sys 2010-09-11 20:33 . 2001-09-06 02:27 18176 ----a-w- c:\windows\system32\drivers\sermouse.sys 2010-09-01 17:41 . 2010-09-01 17:41 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-09-01 17:33 . 2010-09-19 17:31 -------- d-----w- c:\arquivos de programas\Rockstar Games 2010-09-01 16:57 . 2010-09-01 16:57 7168 ----a-w- c:\windows\system32\drivers\utg4njgz.sys 2010-08-24 19:02 . 2010-08-24 19:02 -------- d--h--w- c:\windows\PIF 2010-08-13 22:15 . 2010-08-13 22:15 -------- d-----w- c:\windows\PixArt 2010-08-13 22:15 . 2010-08-13 22:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCCamera 2010-08-13 22:15 . 2010-08-13 22:15 -------- d-----w- c:\arquivos de programas\PC Camer@ 2010-08-01 18:56 . 2010-08-01 18:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\McAfee 2010-08-01 18:53 . 2010-12-17 13:16 -------- d-----w- c:\arquivos de programas\McAfee 2010-08-01 18:53 . 2010-08-01 18:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2010-08-01 00:01 . 2010-08-01 00:01 -------- d-----w- C:\e90de8f2676ead1243c0 2010-07-31 23:59 . 2010-07-31 23:59 -------- d-----w- c:\documents and settings\Casa\PrivacIE 2010-07-31 23:36 . 2010-07-31 23:36 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Qualys 2010-07-31 03:42 . 2010-07-31 03:42 -------- d-----w- c:\documents and settings\LocalService\IETldCache 2010-07-31 03:36 . 2010-07-31 03:38 -------- dc-h--w- c:\windows\ie8 2010-07-31 03:36 . 2010-07-31 03:37 -------- d-----w- c:\windows\system32\pt-BR 2010-07-23 15:57 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr 2010-07-23 15:47 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-07-23 15:47 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-07-23 15:46 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-07-23 15:46 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-07-23 15:46 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-07-23 15:46 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-07-23 15:46 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-07-23 15:46 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-07-23 14:29 . 2010-07-23 14:29 -------- d-----w- c:\documents and settings\Casa\DoctorWeb 2010-07-22 15:05 . 2009-11-12 17:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-07-22 15:05 . 2010-07-22 15:05 -------- d-----w- c:\arquivos de programas\CDBurnerXP 2010-07-21 14:55 . 2010-07-21 15:04 -------- d-----w- c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\VMware 2010-07-21 14:55 . 2010-07-22 20:39 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\VMware 2010-07-21 14:46 . 2010-07-22 20:26 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\VMware 2010-07-21 14:46 . 2010-07-22 20:42 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\VMware 2010-07-21 14:26 . 2010-07-21 14:41 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Download Manager 2010-07-19 18:05 . 2010-07-19 18:05 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Publish Providers 2010-07-19 18:05 . 2010-11-05 22:35 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Sony 2010-07-19 18:04 . 2010-07-19 18:04 -------- d-----w- c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\Sony 2010-07-12 16:02 . 2010-07-14 19:34 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Stellarium 2010-07-11 02:48 . 2010-07-11 02:48 8192 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll 2010-07-11 02:48 . 2010-07-11 02:48 140864 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll 2010-07-11 02:48 . 2010-07-11 02:48 98304 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll 2010-07-11 02:48 . 2010-07-11 02:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared 2010-07-11 02:47 . 2010-07-11 02:47 569397 ----a-w- c:\arquivos de programas\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll 2010-06-25 20:44 . 2010-06-25 20:54 -------- d-----w- c:\arquivos de programas\URUSoft 2010-06-25 15:38 . 2010-06-25 15:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\vsosdk 2010-06-25 02:36 . 2010-12-17 20:38 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Vso 2010-06-25 02:36 . 2010-06-25 02:36 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-06-25 02:36 . 2010-06-25 02:36 47360 ----a-w- c:\documents and settings\Casa\Dados de aplicativos\pcouffin.sys 2010-06-25 02:36 . 2010-02-09 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll 2010-06-25 02:36 . 2010-02-09 19:37 217127 ----a-w- c:\windows\system32\drv43260.dll 2010-06-25 02:36 . 2010-02-09 19:37 208935 ----a-w- c:\windows\system32\drv33260.dll 2010-06-25 02:36 . 2010-02-09 19:37 176165 ----a-w- c:\windows\system32\drv23260.dll 2010-06-25 02:36 . 2010-02-09 19:37 102439 ----a-w- c:\windows\system32\sipr3260.dll 2010-06-25 02:36 . 2010-02-09 19:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll 2010-06-25 02:36 . 2010-02-09 19:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll 2010-06-25 02:35 . 2010-06-25 02:36 -------- d-----w- c:\arquivos de programas\VSO 2010-06-24 16:37 . 2010-06-24 20:18 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\BitTorrent 2010-06-23 16:59 . 2010-12-11 21:42 16856 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugin-container.exe 2010-06-23 16:59 . 2010-12-11 21:42 719832 ----a-w- c:\arquivos de programas\Mozilla Firefox\mozcpp19.dll 2010-06-16 19:50 . 2010-01-28 17:53 -------- d-----w- c:\arquivos de programas\Wise Registry Cleaner 2010-06-16 16:54 . 2010-06-16 16:54 272 ----a-w- c:\windows\system32\drivers\sfi.dat 2010-06-01 22:00 . 2010-04-09 04:26 277240 ----a-w- c:\windows\system32\guard32.dll 2010-06-01 22:00 . 2010-04-09 04:25 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2010-06-01 22:00 . 2010-04-09 04:25 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys 2010-05-30 18:13 . 2010-05-30 18:13 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2010-05-30 18:13 . 2009-11-16 15:25 29000 ----a-w- c:\windows\system32\uxtuneup.dll 2010-05-30 18:13 . 2010-05-30 18:13 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2010-05-30 18:13 . 2010-05-30 18:13 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\TuneUp Software 2010-05-30 18:13 . 2010-05-30 18:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TuneUp Software 2010-05-30 18:12 . 2010-12-27 23:50 -------- d-----w- c:\arquivos de programas\TuneUp Utilities 2009 2010-05-30 18:12 . 2010-05-30 18:12 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\{55A29068-F2CE-456C-9148-C869879E2357} 2010-05-26 22:20 . 2010-12-02 14:27 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\flightgear.org 2010-05-19 16:27 . 2010-05-19 17:01 -------- d-----w- c:\windows\Internet Logs 2010-05-16 18:51 . 2010-05-16 18:51 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativosComodoGroup 2010-05-16 18:49 . 2010-05-16 18:49 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\ComodoGroup 2010-05-06 18:07 . 2010-10-06 22:13 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-05-06 17:57 . 2010-05-06 18:06 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\AnvSoft 2010-04-25 19:48 . 2010-04-25 19:48 -------- d-----w- C:\VritualRoot 2010-04-25 18:09 . 2010-04-25 18:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\COMODO 2010-04-24 19:46 . 2010-04-24 19:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software 2010-04-24 19:46 . 2010-04-24 19:46 -------- d-----w- c:\arquivos de programas\Alwil Software 2010-04-24 15:26 . 2009-10-22 16:54 37392 ----a-w- c:\windows\system32\drivers\52060082.sys 2010-04-24 15:26 . 2009-10-10 02:31 315408 ----a-w- c:\windows\system32\drivers\5206008.sys 2010-04-24 15:26 . 2009-09-25 20:59 128016 ----a-w- c:\windows\system32\drivers\52060081.sys 2010-04-24 12:21 . 2010-08-22 17:02 -------- d-----w- c:\documents and settings\Casa\SystemRequirementsLab 2010-04-22 22:32 . 2010-06-16 16:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Comodo Downloader 2010-03-28 15:43 . 2010-03-28 15:43 -------- d-----r- c:\documents and settings\LocalService\Meus documentos 2010-03-26 19:07 . 2010-03-26 19:07 32768 ----a-w- c:\windows\system32\drivers\taphss.sys 2010-03-10 17:16 . 2010-03-10 17:20 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\DAEMON Tools Lite 2010-03-10 17:16 . 2010-03-10 17:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite 2010-03-09 15:46 . 2010-03-16 23:55 -------- d-----w- c:\arquivos de programas\SlySoft 2010-03-07 01:36 . 2010-03-07 01:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IObit 2010-03-02 04:19 . 2010-03-02 04:19 26112 ----a-w- c:\windows\system32\drivers\tap0901.sys 2010-02-25 16:08 . 2010-12-03 20:12 -------- d-----w- c:\documents and settings\Administrador 2010-02-09 15:49 . 2010-02-09 15:49 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-06 22:41 . 2010-02-06 22:41 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\Canneverbe Limited . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 20:09 . 2009-08-15 17:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 20:08 . 2009-08-15 17:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-22 22:20 . 2009-06-05 23:32 189392 ----a-w- c:\windows\system32\PnkBstrB.xtr 2010-10-22 22:19 . 2009-06-05 23:32 138016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-10-22 22:19 . 2009-06-05 23:32 189392 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-07-11 02:47 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-07-11 02:47 . 2003-02-21 07:42 348160 ----a-w- c:\windows\system32\msvcr71.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] "TuneUp MemOptimizer"="c:\arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe" [2009-11-16 163144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "avast5"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-07-11 202256] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-05 15360] c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\ setup_9.0.0.722_24.08.2010_03-51.lnk - c:\documents and settings\Casa\Desktop\Virus Removal Tool\setup_9.0.0.722_24.08.2010_03-51\startup.exe [N/A] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Wireless Configuration Utility HW.15.lnk - c:\arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe [2005-9-11 622592] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^InterVideo WinCinema Manager.lnk] backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do PMB.lnk] backup=c:\windows\pss\Ferramenta de Verificação de Mídia do PMB.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-24 09:15 40368 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2008-09-26 14:02 2356088 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2006-10-05 13:11 98304 ----a-r- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2006-10-05 13:10 94208 ----a-r- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-09-21 15:41 149280 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "H/PC Connection Agent"="c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe" "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\America's Army Server Manager\\AA Server Remote Control.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Arquivos de programas\\America's Army\\System\\ArmyOps.exe"= "c:\\Arquivos de programas\\America's Army\\System\\Server.exe"= "c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Arquivos de programas\\Infogrames\\Tactical Ops\\System\\TacticalOps.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 52060082;52060082 Boot Guard Driver;c:\windows\system32\drivers\52060082.sys [24/4/2010 13:26 37392] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/2/2010 13:49 691696] R1 52060081;52060081;c:\windows\system32\drivers\52060081.sys [24/4/2010 13:26 128016] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/7/2010 13:47 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/7/2010 13:47 17744] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquiv~1\mcafee\SITEAD~1\mcsacore.exe [1/8/2010 16:56 88176] S2 CLPSLS;COMODO livePCsupport Service; [x] S3 cpudrv;cpudrv;\??\c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys --> c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys [?] S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.sys [24/2/2005 13:29 162176] S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [1/11/2010 20:55 38976] S3 utg4njgz;AVZ Kernel Driver;c:\windows\system32\drivers\utg4njgz.sys [1/9/2010 14:57 7168] S3 XDva336;XDva336; [x] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Conteúdo da pasta 'Tarefas Agendadas' 2010-01-28 c:\windows\Tasks\1-Click Maintenance.job - c:\arquivos de programas\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 19:54] 2010-01-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-343818398-725345543-1003.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02] 2010-01-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-343818398-725345543-1003.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02] . . ------- Scan Suplementar ------- . IE: Add to AMV Converter... IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: MediaManager tool grab multimedia file Trusted Zone: eset.com\www Trusted Zone: webtorpedos.net FF - ProfilePath - c:\documents and settings\Casa\Dados de aplicativos\Mozilla\Firefox\Profiles\bkr2uecn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com.br FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\arquivos de programas\McAfee\SiteAdvisor FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: VERO - Verificador ortográfico em Português do Brasil: pt-BR@dictionaries.addons.mozilla.org - %profile%\extensions\pt-BR@dictionaries.addons.mozilla.org FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66} FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com FF - Ext: Memory Fox: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} - %profile%\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: network.http.max-persistent-connections-per-server - 4 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-28 16:20 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(560) c:\windows\SYSTEM32\Wireless\WirelessGina.DLL - - - - - - - > 'explorer.exe'(3876) c:\arquiv~1\mcafee\SITEAD~1\saHook.dll c:\windows\system32\msi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe c:\windows\RTHDCPL.EXE c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquiv~1\MICROS~3\rapimgr.exe c:\arquivos de programas\CDBurnerXP\NMSAccessU.exe c:\windows\system32\PnkBstrA.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\System32\PAStiSvc.exe c:\windows\System32\TUProgSt.exe c:\windows\system32\rundll32.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Tempo para conclusão: 2010-01-28 16:22:55 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-01-28 18:22 ComboFix2.txt 2010-01-28 14:11 ComboFix3.txt 2010-12-28 00:43 Pré-execução: 14 pasta(s) 12.523.118.592 bytes disponíveis Pós execução: 15 pasta(s) 12.462.546.944 bytes disponíveis - - End Of File - - 497383F1C1A9CD31F71E3536522E64E2 Compartilhar este post Link para o post Compartilhar em outros sites
FAA-34 0 Denunciar post Postado Janeiro 3, 2011 Em função do acontecido estipulamos o prazo de 7 dias para a postagem da resposta. Caso o seu tópico não seja respondido dentro deste prazo responda o mesmo solicitando um novo moderador para analisa-lo e post um novo log do Hijackthis. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:09:06, on 3/1/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe C:\Arquivos de programas\FreeCountdownTimer\FreeCountdownTimer.exe C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe C:\WINDOWS\system32\msiexec.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Casa\Dados de aplicativos\Mozilla\Firefox\Profiles\bkr2uecn.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\hijack\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [FreeCT] C:\Arquivos de programas\FreeCountdownTimer\FreeCountdownTimer.exe -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://www.eset.com O15 - Trusted Zone: http://*.webtorpedos.net O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 7626 bytes Algum moderador poderia olhar o ultimo log do combofix/hijackthis e ver se ele esta limpo?? Posso desisntalar o combofix?? Alguem pls me ajuda!! Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Janeiro 3, 2011 :) Olá FAA-34! :seta: Acesse o site http://virscan.org/ e envie o arquivo C:\Arquivos de programas\FreeCountdownTimer\FreeCountdownTimer.exe para ser analisado nele. Aguarde a conclusão da análise e depois de concluida, copie o link que aparecerá na barra de endereços do seu navegador e poste este link em sua próxima resposta juntamente com os outros logs pedidos abaixo. Obs: Caso o site acima esteja muito sobrecarregado ou com algum problema, é só você ir em um desses endereços abaixo e enviar o arquivo para análise: http://www.virustotal.com/ http://virusscan.jotti.org/ http://www.viruschief.com/ __________________________ :seta: Siga também estas dicas: Tutorial do antivirus Nod32 Online Tutorial do Spyware Doctor Starter Edition ____________________________ :seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis, o log do Spyware Doctor e o link da análise do arquivo que pedimos acima e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
FAA-34 0 Denunciar post Postado Janeiro 3, 2011 :) Olá FAA-34! :seta: Acesse o site http://virscan.org/ e envie o arquivo C:\Arquivos de programas\FreeCountdownTimer\FreeCountdownTimer.exe para ser analisado nele. Aguarde a conclusão da análise e depois de concluida, copie o link que aparecerá na barra de endereços do seu navegador e poste este link em sua próxima resposta juntamente com os outros logs pedidos abaixo. Obs: Caso o site acima esteja muito sobrecarregado ou com algum problema, é só você ir em um desses endereços abaixo e enviar o arquivo para análise: http://www.virustotal.com/ http://virusscan.jotti.org/ http://www.viruschief.com/ __________________________ :seta: Siga também estas dicas: Tutorial do antivirus Nod32 Online Tutorial do Spyware Doctor Starter Edition ____________________________ :seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis, o log do Spyware Doctor e o link da análise do arquivo que pedimos acima e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta. O Free Coutdown é um cronometro pra eu me lembrar das minhas tarefas xD http://virscan.org/report/266354ba7b41040002e1b3cedec778a6.html No aguardo do termino das outras etapas Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Janeiro 3, 2011 O Free Coutdown é um cronometro pra eu me lembrar das minhas tarefas xD http://virscan.org/report/266354ba7b41040002e1b3cedec778a6.html :thumbsup: Ah, sim. Tudo certo. _____________________ No aguardo do termino das outras etapas Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
FAA-34 0 Denunciar post Postado Janeiro 3, 2011 Como o log do Spyware doctor é em formato html. e nao tem como anexar aqui upei ele no mandamais.... http://www.mandamais.com.br/download/il29312011205248 :o :o :o :o :o :o Bagle!!!!!! Esse virus é da pesada :( Tive que desligar o Nod em 37%(chuvas tensas por aqui) Virus Found: C:\Documents and Settings\Casa\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\57\53e8d6f9-4ac5e50d a variant of Java/TrojanDownloader.Agent.NBN trojan deleted - quarantined TEnho que trocar minhas senhas? Compartilhar este post Link para o post Compartilhar em outros sites
