Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

FAA-34

[Arquivado] &nbspAvast e MBAM achando virus

Recommended Posts

O Avast ao entrar m uma pagina da internet achou uma vulnerabilidade e um cavalo de troia (Trj)... Esse foi enviado para a quarentena...fiz uma verificação com o Avast e nao achou nada....

 

O MBAM com a verificação achou dois vírus

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:15:15, on 24/12/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe

C:\ARQUIV~1\MICROS~3\rapimgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Casa\Dados de aplicativos\Mozilla\Firefox\Profiles\bkr2uecn.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe" autostart

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.eset.com

O15 - Trusted Zone: http://*.webtorpedos.net

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 8982 bytes

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

24/12/2010 14:05:33

mbam-log-2010-12-24 (14-05-33).txt

 

Tipo de Verificação: Verificação Completa (A:\|C:\|D:\|E:\|)

Objetos escaneados: 182987

Tempo decorrido: 47 minuto(s), 38 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 2

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

c:\documents and settings\Casa\configurações locais\Temp\0.18711203778408136.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Casa\dados de aplicativos\Sun\Java\deployment\cache\6.0\6\23894746-197f2520 (Trojan.Agent) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, FAA-34!

 

*Baixe o RSIT e salve-o no desktop

*Execute o RSIT e clique em [Continue]

*Ao término do processo, cole os relatórios criados em C:\rsit\log.txt e C:\rsit\info.txt

 

Ficamos no aguardo!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, FAA-34!

 

*Baixe o RSIT e salve-o no desktop

*Execute o RSIT e clique em [Continue]

*Ao término do processo, cole os relatórios criados em C:\rsit\log.txt e C:\rsit\info.txt

 

Ficamos no aguardo!

 

 

Obrigado pela atenção!

Logfile of random's system information tool 1.08 (written by random/random)

Run by Casa at 2010-12-24 14:39:08

Microsoft Windows XP Professional Service Pack 2

System drive C: has 10 GB (20%) free of 50 GB

Total RAM: 1015 MB (51% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:39:10, on 24/12/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe

C:\ARQUIV~1\MICROS~3\rapimgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Casa\Dados de aplicativos\Mozilla\Firefox\Profiles\bkr2uecn.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Casa\Meus documentos\Downloads\RSIT.exe

C:\hijack\Casa.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe" autostart

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~3\INetRepl.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.eset.com

O15 - Trusted Zone: http://*.webtorpedos.net

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 8852 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\1-Click Maintenance.job

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-343818398-725345543-1003.job

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-343818398-725345543-500.job

C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-343818398-725345543-1003.job

C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-343818398-725345543-500.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23 61888]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-07-11 341600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll [2010-12-07 251416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-09-21 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-21 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll [2010-12-07 251416]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-01 196608]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]

"avast5"=C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-10-05 114688]

"Adobe ARM"=C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2010-07-11 202256]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-09-05 15360]

"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

"TuneUp MemOptimizer"=C:\Arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe [2009-11-16 163144]

"H/PC Connection Agent"=C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-09-24 40368]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe [2008-09-26 2356088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

C:\WINDOWS\system32\igfxtray.exe [2006-10-05 98304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

C:\WINDOWS\system32\igfxpers.exe [2006-10-05 94208]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-09-21 149280]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^InterVideo WinCinema Manager.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do PMB.lnk]

C:\ARQUIV~1\Sony\SONYPI~1\PMBCore\SPUVOL~1.EXE [2008-11-13 333088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^LimeWire On Startup.lnk]

[]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Wireless Configuration Utility HW.15.lnk - C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2006-10-05 155648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-09-05 239616]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

"NoDriveAutoRun"=0xFFFFFFFF

"HonorAutoRunSetting"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=0xFFFFFFFF

"NoDriveTypeAutoRun"=255

"HonorAutoRunSetting"=1

"NoResolveSearch"=1

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe"="C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"="C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"="C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Arquivos de programas\America's Army Server Manager\AA Server Remote Control.exe"="C:\Arquivos de programas\America's Army Server Manager\AA Server Remote Control.exe:*:Disabled:TODO: <File description>"

"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Assistente para transferência de arquivos e configurações"

"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:LiveMsgr"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Arquivos de programas\America's Army\System\ArmyOps.exe"="C:\Arquivos de programas\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"

"C:\Arquivos de programas\America's Army\System\Server.exe"="C:\Arquivos de programas\America's Army\System\Server.exe:*:Disabled:Server"

"G:\Tactical Ops\System\UCC.exe"="G:\Tactical Ops\System\UCC.exe:*:Enabled:UCC"

"C:\Arquivos de programas\FrostWire\FrostWire.exe"="C:\Arquivos de programas\FrostWire\FrostWire.exe:*:Enabled:FrostWire"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Disabled:Assistência Remota - Windows Messenger e Voz"

"G:\Tactical Ops\System\TacticalOps.exe"="G:\Tactical Ops\System\TacticalOps.exe:*:Disabled:TacticalOps"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe"="C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"="C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"="C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

 

======List of files/folders created in the last 1 months======

 

2010-12-24 14:39:08 ----D---- C:\rsit

2010-12-02 12:26:42 ----D---- C:\Documents and Settings\Casa\Dados de aplicativos\fltk.org

 

======List of files/folders modified in the last 1 months======

 

2010-12-24 14:39:09 ----D---- C:\hijack

2010-12-24 14:39:02 ----D---- C:\WINDOWS\Prefetch

2010-12-24 14:38:42 ----SD---- C:\WINDOWS\Tasks

2010-12-24 14:31:44 ----AD---- C:\WINDOWS

2010-12-24 14:08:57 ----D---- C:\WINDOWS\Temp

2010-12-24 14:07:56 ----A---- C:\WINDOWS\RTacDbg.txt

2010-12-24 14:07:22 ----D---- C:\WINDOWS\system32\drivers

2010-12-24 14:07:22 ----D---- C:\WINDOWS\Registration

2010-12-24 14:06:54 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-12-23 15:52:26 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2010-12-22 15:55:17 ----D---- C:\WINDOWS\system32\CatRoot2

2010-12-20 23:29:00 ----D---- C:\Documents and Settings\Casa\Dados de aplicativos\FrostWire

2010-12-20 22:32:24 ----D---- C:\WINDOWS\system32

2010-12-20 22:32:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-12-19 20:53:10 ----D---- C:\Arquivos de programas\Wise Registry Cleaner

2010-12-18 15:30:48 ----SHD---- C:\WINDOWS\Installer

2010-12-18 15:30:48 ----SHD---- C:\Config.Msi

2010-12-18 15:30:48 ----RD---- C:\Arquivos de programas

2010-12-18 13:40:05 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Real

2010-12-17 18:38:12 ----D---- C:\Documents and Settings\Casa\Dados de aplicativos\Vso

2010-12-17 11:16:55 ----D---- C:\Arquivos de programas\McAfee

2010-12-16 12:01:39 ----HD---- C:\WINDOWS\inf

2010-12-11 19:42:58 ----D---- C:\Arquivos de programas\Mozilla Firefox

2010-12-09 23:18:49 ----A---- C:\WINDOWS\win.ini

2010-12-03 18:12:36 ----D---- C:\WINDOWS\system32\config

2010-12-03 18:12:27 ----D---- C:\WINDOWS\system32\wbem

2010-12-02 12:27:25 ----D---- C:\Documents and Settings\Casa\Dados de aplicativos\flightgear.org

2010-12-02 12:26:13 ----D---- C:\WINDOWS\WinSxS

2010-11-26 22:33:56 ----D---- C:\Arquivos de programas\TuneUp Utilities 2009

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 52060082;52060082 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\52060082.sys [2009-10-22 37392]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-07-04 44944]

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-09 691696]

R1 52060081;52060081; C:\WINDOWS\system32\DRIVERS\52060081.sys [2009-09-25 128016]

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-09-05 40192]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-10-09 21035]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-21 29696]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-10-05 1181824]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-06-25 47360]

R3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys [2007-02-02 306560]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 cpudrv;cpudrv; \??\C:\Arquivos de programas\SystemRequirementsLab\cpudrv.sys []

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]

S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704]

S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312]

S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]

S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-05-29 13312]

S3 PAC207;SoC PC-Camer@; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]

S3 PSSDK42;PSSDK42; \??\C:\WINDOWS\system32\Drivers\pssdk42.sys []

S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-09-06 18176]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]

S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]

S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2010-03-02 26112]

S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2010-03-26 32768]

S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 utg4njgz;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\utg4njgz.sys []

S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

S3 XDva332;XDva332; C:\WINDOWS\system32\drivers\XDva332.sys []

S3 XDva336;XDva336; C:\WINDOWS\system32\drivers\XDva336.sys []

S3 XDva337;XDva337; C:\WINDOWS\system32\drivers\XDva337.sys []

S3 XDva341;XDva341; C:\WINDOWS\system32\drivers\XDva341.sys []

S3 XDva342;XDva342; C:\WINDOWS\system32\drivers\XDva342.sys []

S3 XDva343;XDva343; C:\WINDOWS\system32\drivers\XDva343.sys []

S3 XDva346;XDva346; C:\WINDOWS\system32\drivers\XDva346.sys []

S3 XDva347;XDva347; C:\WINDOWS\system32\drivers\XDva347.sys []

S3 XDva348;XDva348; C:\WINDOWS\system32\drivers\XDva348.sys []

S3 XDva349;XDva349; C:\WINDOWS\system32\drivers\XDva349.sys []

S3 XDva352;XDva352; C:\WINDOWS\system32\drivers\XDva352.sys []

S3 XDva359;XDva359; C:\WINDOWS\system32\drivers\XDva359.sys []

S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-09-05 12032]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-09-21 153376]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe [2010-11-24 88176]

R2 NMSAccess;NMSAccess; C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe [2010-03-05 71096]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-06-05 75064]

R2 SeaPort;SeaPort; C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-05-30 604488]

R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-09-05 14336]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 ServiceLayer;ServiceLayer; C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-05-30 361288]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

 

 

info.txt logfile of random's system information tool 1.08 2010-12-24 14:39:13

 

======Uninstall list======

 

-->C:\Arquivos de programas\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0416 -removeonly

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00-->C:\Arquivos de programas\InstallShield Installation Information\{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}\setup.exe -runfromtemp -l0x0409

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin

Adobe Reader 8.2.5 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A82000000003}

Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"

America's Army-->MsiExec.exe /I{EF434C52-D882-43DB-8777-EC7B10D8943C}

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}

Atheros Communications Inc.® L2 Fast Ethernet Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{0A755762-EED8-47AB-A446-505766F93D43}\Setup.exe" -l0x9 -removeonly

Atualização para Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"

Aulete digital-->"C:\Arquivos de programas\Aulete digital\unins000.exe"

avast! Free Antivirus-->C:\Arquivos de programas\Alwil Software\Avast5\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast5\Setup\setiface.dll" RunSetup

CCleaner-->"C:\Arquivos de programas\CCleaner\uninst.exe"

CDBurnerXP-->"C:\Arquivos de programas\CDBurnerXP\unins000.exe"

ConvertXtoDVD 4.0.12.327-->"C:\Arquivos de programas\VSO\ConvertX\4\unins000.exe"

DVD Shrink 3.2-->"C:\Arquivos de programas\DVD Shrink\unins000.exe"

Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

FormatFactory 2.15-->C:\Arquivos de programas\FreeTime\FormatFactory\uninst.exe

FrostWire 4.21.1-->C:\Arquivos de programas\FrostWire\Uninstall.exe

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB921411)-->"C:\WINDOWS\$NtUninstallKB921411$\spuninst\spuninst.exe"

hp deskjet 656c series (Remover somente)-->C:\Arquivos de programas\hp deskjet 656c series\hpfiui.exe -c -vdivid=HPF -vpnum=89 -vinstport=USB001 -vproduct=656c -huninstall

Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall

J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

Java 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"

McAfee SiteAdvisor-->C:\Arquivos de programas\McAfee\SiteAdvisor\Uninstall.exe

Meu GPS Airis-->MsiExec.exe /I{C713C4AD-31E2-455C-A51B-9CBF05706EE1}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0416-0000-0000000FF1CE}

Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Mozilla Firefox (3.6.13)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Nokia Connectivity Cable Driver-->MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}

Nokia PC Connectivity Solution-->MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}

Nokia PC Suite-->MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}

PC Camer@-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5} /l2070

RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0

Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x416 -removeonly

RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Sony Picture Utility-->C:\Arquivos de programas\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0416 uninstall -removeonly

Tunatic-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Tunatic

TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}

VirusTotal Uploader 2.0-->"C:\Arquivos de programas\VirusTotalUploader2\uninstall.exe"

Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)-->C:\ARQUIV~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{F2CD4651-F948-467C-B014-71FD981B7F59}

Windows Live Galeria de Fotos-->MsiExec.exe /X{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}

Windows Live Mail-->MsiExec.exe /I{74AD1846-2010-4FB1-8E24-B6F2B87150C2}

Windows Live Messenger-->MsiExec.exe /X{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}

Windows Live Sync-->MsiExec.exe /X{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}

Windows Live Toolbar-->MsiExec.exe /X{624DEAA0-B27D-444B-8BFE-70622B318A4A}

Windows Live Writer-->MsiExec.exe /X{9555B4ED-09A3-4722-8E8C-57A49401D059}

Wise Registry Cleaner Free 5.53-->"C:\Arquivos de programas\Wise Registry Cleaner\unins001.exe"

 

======Security center information======

 

AV: avast! Antivirus

 

======System event log======

 

Computer Name: CASA-25CED1FB6F

Event Code: 7036

Message: O serviço Serviço de descoberta SSDP entrou no estado executando.

 

Record Number: 56799

Source Name: Service Control Manager

Time Written: 20101130164640.000000-120

Event Type: Informações

User:

 

Computer Name: CASA-25CED1FB6F

Event Code: 7035

Message: O serviço Serviço de descoberta SSDP recebeu com êxito um controle Iniciar.

 

Record Number: 56798

Source Name: Service Control Manager

Time Written: 20101130164640.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: CASA-25CED1FB6F

Event Code: 7036

Message: O serviço Adaptador de desempenho WMI entrou no estado executando.

 

Record Number: 56797

Source Name: Service Control Manager

Time Written: 20101130164638.000000-120

Event Type: Informações

User:

 

Computer Name: CASA-25CED1FB6F

Event Code: 7035

Message: O serviço Adaptador de desempenho WMI recebeu com êxito um controle Iniciar.

 

Record Number: 56796

Source Name: Service Control Manager

Time Written: 20101130164638.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: CASA-25CED1FB6F

Event Code: 7036

Message: O serviço Gerenciador de conexão de acesso remoto entrou no estado executando.

 

Record Number: 56795

Source Name: Service Control Manager

Time Written: 20101130164638.000000-120

Event Type: Informações

User:

 

=====Application event log=====

 

Computer Name: CASA-25CED1FB6F

Event Code: 0

Message:

Record Number: 17287

Source Name: AFOM

Time Written: 20101214102459.000000-120

Event Type: Informações

User:

 

Computer Name: CASA-25CED1FB6F

Event Code: 0

Message:

Record Number: 17286

Source Name: AFOM

Time Written: 20101214102418.000000-120

Event Type: Informações

User:

 

Computer Name: CASA-25CED1FB6F

Event Code: 0

Message:

Record Number: 17285

Source Name: AFOM

Time Written: 20101214102358.000000-120

Event Type: Informações

User:

 

Computer Name: CASA-25CED1FB6F

Event Code: 0

Message:

Record Number: 17284

Source Name: AFOM

Time Written: 20101214102321.000000-120

Event Type: Informações

User:

 

Computer Name: CASA-25CED1FB6F

Event Code: 0

Message:

Record Number: 17283

Source Name: AFOM

Time Written: 20101214102306.000000-120

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Arquivos de programas\Arquivos comuns\Ulead Systems\MPEG

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel

"PROCESSOR_REVISION"=0605

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

FAA-34,

 

*Baixe o AD-Remover

e salve-o no desktop

*Duplo clique em AD-R.exe

*Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa.

*Cole o relatório criado em C:\Ad-Report-CLEAN.log

 

*Baixe o ComboFix e salve-o no desktop

* Desative seu antivírus temporariamente:

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Execute o Combofix e aceite o contrato

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

recovery-console-prompt.jpg

*Clique em [sIM] para continuar.

recovery-console-installed.jpg

*Aguarde a conclusão de todas as etapas

etapas.jpg

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

 

No Aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Link do AD-Remover dando erro....Há um link alternativo ?

 

 

EDIT: baixei aqui (http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe)

 

 

EDIT 1 : Log AD - Remover

 

===== REPORT FROM AD-REMOVER 2.0.0.2,C | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 22/12/10 at 11:40

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 22:12:22 on 27/12/2010, Normal boot

 

Microsoft Windows XP Professional Service Pack 2 (X86)

Casa@CASA-25CED1FB6F ( )

 

============== ACTION(S) ==============

 

 

 

(!) -- Temporary files deleted.

 

 

 

 

============== ADDITIONNAL SCAN ==============

 

** Mozilla Firefox Version [3.6.13 (pt-BR)] **

 

-- C:\Documents and Settings\Casa\Dados de aplicativos\Mozilla\FireFox\Profiles\bkr2uecn.default\Prefs.js --

browser.download.lastDir, C:\\Documents and Settings\\Casa\\Meus documentos\\Downloads\\Programas

browser.search.defaultenginename, Secure Search

browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=

browser.search.selectedEngine, Google

browser.startup.homepage, google.com.br

browser.startup.homepage_override.mstone, rv:1.9.2.13

keyword.URL, hxxp://br.search.yahoo.com/search?fr=mcafee&p=

 

-- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\nmry0qvq.default\Prefs.js --

browser.startup.homepage_override.mstone, rv:1.9.2.12

 

========================================

 

** Internet Explorer Version [6.0.2900.2180] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Search Asst: no

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 0 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 15 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 27/12/2010 (444 Byte(s))

C:\Ad-Report-CLEAN[2].txt - 27/12/2010 (483 Byte(s))

C:\Ad-Report-SCAN[1].txt - 27/12/2010 (2477 Byte(s))

 

End at: 22:13:31, 27/12/2010

 

============== E.O.F ==============

 

________________________________________________/ /___________________________________

 

 

EDIT 3 : Assim que eu terminei de fazer o download do Combofix o MCAfee SiteAdvisor disse que era um download potencialmente perigoso e bloqueou ele..Devo proceder com o download?

Compartilhar este post


Link para o post
Compartilhar em outros sites

FAA-34,

 

*Execute novamente o AD-Remover

*Clique em [uninstall]

 

Pode baixar sem nenhum problema e quando for executá-lo desative seu antivírus.

 

Depois poste o resultado da verificação do Combofix;

 

No aguardo!

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-12-26.01 - Casa 27/12/2010 22:39:25.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1015.409 [GMT -2:00]

Executando de: c:\documents and settings\Casa\Meus documentos\Downloads\Programas\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - WINDOWS: deleted 24 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\CFLog

c:\cflog\Black Hawk Down (2001) [ENG] [DVDrip] CD1.srt

c:\cflog\Black Hawk Down (2001) [ENG] [DVDrip] CD2.srt

c:\documents and settings\Casa\Dados de aplicativos\inst.exe

c:\windows\system32\blomc20.txt

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-28 to 2010-12-28 ))))))))))))))))))))))))))))

.

 

2010-12-28 00:06 . 2010-12-28 00:06 -------- d-----w- C:\Ad-Remover

2010-12-24 16:39 . 2010-12-24 16:39 -------- d-----w- C:\rsit

2010-12-03 20:12 . 2010-12-03 20:12 -------- d-----w- c:\windows\system32\wbem\Repository

2010-12-02 14:26 . 2010-12-02 14:26 -------- d-----w- c:\documents and settings\Casa\Dados de aplicativos\fltk.org

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-20 20:09 . 2009-08-15 17:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-20 20:08 . 2009-08-15 17:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-01 22:55 . 2010-11-01 22:55 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys

2010-10-22 22:20 . 2009-06-05 23:32 189392 ----a-w- c:\windows\system32\PnkBstrB.xtr

2010-10-22 22:19 . 2009-06-05 23:32 138016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-10-22 22:19 . 2009-06-05 23:32 189392 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-10-09 18:03 . 2010-10-09 18:03 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"TuneUp MemOptimizer"="c:\arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe" [2009-11-16 163144]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]

"avast5"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-07-11 202256]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-05 15360]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

setup_9.0.0.722_24.08.2010_03-51.lnk - c:\documents and settings\Casa\Desktop\Virus Removal Tool\setup_9.0.0.722_24.08.2010_03-51\startup.exe [N/A]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Wireless Configuration Utility HW.15.lnk - c:\arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe [2005-9-11 622592]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^InterVideo WinCinema Manager.lnk]

backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do PMB.lnk]

backup=c:\windows\pss\Ferramenta de Verificação de Mídia do PMB.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^LimeWire On Startup.lnk]

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-24 09:15 40368 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

2008-09-26 14:02 2356088 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2006-10-05 13:11 98304 ----a-r- c:\windows\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2006-10-05 13:10 94208 ----a-r- c:\windows\system32\igfxpers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-09-21 15:41 149280 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"H/PC Connection Agent"="c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\America's Army Server Manager\\AA Server Remote Control.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\America's Army\\System\\ArmyOps.exe"=

"c:\\Arquivos de programas\\America's Army\\System\\Server.exe"=

"c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Arquivos de programas\\Infogrames\\Tactical Ops\\System\\TacticalOps.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R0 52060082;52060082 Boot Guard Driver;c:\windows\system32\drivers\52060082.sys [24/4/2010 13:26 37392]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/2/2010 13:49 691696]

R1 52060081;52060081;c:\windows\system32\drivers\52060081.sys [24/4/2010 13:26 128016]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/7/2010 13:47 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/7/2010 13:47 17744]

S2 CLPSLS;COMODO livePCsupport Service; [x]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquiv~1\mcafee\SITEAD~1\mcsacore.exe [1/8/2010 16:56 88176]

S3 cpudrv;cpudrv;\??\c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys --> c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys [?]

S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.sys [24/2/2005 13:29 162176]

S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [1/11/2010 20:55 38976]

S3 utg4njgz;AVZ Kernel Driver;c:\windows\system32\drivers\utg4njgz.sys [1/9/2010 14:57 7168]

S3 XDva332;XDva332; [x]

S3 XDva336;XDva336; [x]

S3 XDva337;XDva337; [x]

S3 XDva341;XDva341; [x]

S3 XDva342;XDva342; [x]

S3 XDva343;XDva343; [x]

S3 XDva346;XDva346; [x]

S3 XDva347;XDva347; [x]

S3 XDva348;XDva348; [x]

S3 XDva349;XDva349; [x]

S3 XDva352;XDva352; [x]

S3 XDva359;XDva359; [x]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-12-28 c:\windows\Tasks\1-Click Maintenance.job

- c:\arquivos de programas\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 19:54]

 

2010-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-343818398-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

 

2010-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-343818398-725345543-500.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

 

2010-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-343818398-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

 

2010-09-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-343818398-725345543-500.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

.

.

------- Scan Suplementar -------

.

IE: Add to AMV Converter...

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file

Trusted Zone: eset.com\www

Trusted Zone: webtorpedos.net

FF - ProfilePath - c:\documents and settings\Casa\Dados de aplicativos\Mozilla\Firefox\Profiles\bkr2uecn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com.br

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\arquivos de programas\McAfee\SiteAdvisor

FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: VERO - Verificador ortográfico em Português do Brasil: pt-BR@dictionaries.addons.mozilla.org - %profile%\extensions\pt-BR@dictionaries.addons.mozilla.org

FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org

FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}

FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com

FF - Ext: Memory Fox: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} - %profile%\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: network.http.max-persistent-connections-per-server - 4

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-27 22:41

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(560)

c:\windows\SYSTEM32\Wireless\WirelessGina.DLL

.

Tempo para conclusão: 2010-12-27 22:43:25

ComboFix-quarantined-files.txt 2010-12-28 00:43

 

Pré-execução: 11 pasta(s) 12.301.987.840 bytes disponíveis

Pós execução: 15 pasta(s) 12.937.682.944 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 93FCB6F1A901E6DE0E6D709CD02D2E7A

Compartilhar este post


Link para o post
Compartilhar em outros sites

FAA-34,

 

*Abra a pasta Virus Removal Tool, localizada no desktop, execute o atalho Start

*Clique em [Exit] > [Yes] > [sim] > [sim]

*O PC será reiniciado

*Delete os arquivos setup do Kaspersky e log.txt salvos no desktop

 

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

Killall::

Driver::

XDva332

XDva33

XDva337

XDva341

XDva342

XDva343

XDva346

XDva347

XDva348

XDva349

XDva352

XDva359

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

CFScript.gif

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!

*Ao final do procedimento, o programa será fechado automaticamente e será mostrado o relatório

*Cole o relatório criado em C:\combofix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Abra a pasta Virus Removal Tool, localizada no desktop, execute o atalho Start

*Clique em [Exit] > [Yes] > [sim] > [sim]

*O PC será reiniciado

*Delete os arquivos setup do Kaspersky e log.txt salvos no desktop

 

 

Nao entendi..Nao tem nada com esse nome no desktop

Compartilhar este post


Link para o post
Compartilhar em outros sites

FAA-34,

 

*Configure o Windows para mostrar pastas e arquivos ocultos e veja se aparece a referida pasta;

Compartilhar este post


Link para o post
Compartilhar em outros sites

Negativo Felipe, habilitei a exibição de arquivos e pastas ocultos, olhei no desktop e nao achei nada. fui em ''Procurar'' , coloquei o nome do arquivo e também nao achei nada...

 

Como proceder?

Compartilhar este post


Link para o post
Compartilhar em outros sites

FAA-34,

 

Ok. Prossiga como orietado anteriormente no uso do combofix;

 

Fico no aguardo!

Compartilhar este post


Link para o post
Compartilhar em outros sites

FAA-34,

 

Ok. Prossiga como orietado anteriormente no uso do combofix;

 

Fico no aguardo!

 

 

Felipe, instalei um jogo que um amigo meu tinha me emprestado e agora estou com receio dele haver virus...Desisntalei ele tilizando o Revo e depois passei o combofix, mas nao tomei nehuma atitude..

 

ComboFix 10-12-26.01 - Casa 28/01/2010  12:06:46.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.55.1046.18.1015.534 [GMT -2:00]
Executando de: c:\documents and settings\Casa\Meus documentos\Downloads\Programas\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Casa\Meus documentos\cc_20100702_193526.reg

.
((((((((((((((((   Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-28  ))))))))))))))))))))))))))))
.

2010-12-28 00:06 . 2010-12-28 00:06	--------	d-----w-	C:\Ad-Remover
2010-12-24 16:39 . 2010-12-24 16:39	--------	d-----w-	C:\rsit
2010-12-03 20:12 . 2010-12-03 20:12	--------	d-----w-	c:\windows\system32\wbem\Repository
2010-12-02 14:26 . 2010-12-02 14:26	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\fltk.org
2010-11-23 14:45 . 2010-11-23 14:45	--------	d-----w-	C:\nv
2010-11-12 22:05 . 2010-11-13 00:22	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Dropbox
2010-11-12 21:36 . 2010-12-21 01:29	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\FrostWire
2010-11-12 21:35 . 2010-11-12 21:37	--------	d-----w-	c:\arquivos de programas\FrostWire
2010-11-08 23:22 . 2010-11-09 00:00	--------	d-----w-	c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\CrossGL-Reminder-Clock
2010-11-06 19:05 . 2010-11-06 19:05	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\MGB
2010-11-06 19:05 . 2010-11-06 19:05	--------	d-----w-	c:\arquivos de programas\Aulete digital
2010-11-05 23:31 . 2010-11-05 23:31	--------	d-----w-	c:\arquivos de programas\Sony Setup
2010-11-01 22:55 . 2010-11-01 22:55	38976	----a-w-	c:\windows\system32\drivers\pssdk42.sys
2010-11-01 22:55 . 2010-11-01 23:10	--------	d-----w-	c:\arquivos de programas\Tenable
2010-10-24 00:50 . 2010-10-24 00:50	--------	d-----w-	c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\stellarium
2010-10-09 18:03 . 2010-10-09 18:03	21035	----a-w-	c:\windows\system32\drivers\AegisP.sys
2010-10-09 18:03 . 2010-10-09 18:03	--------	d-----w-	c:\windows\system32\Wireless
2010-10-06 22:28 . 2010-10-06 22:28	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Media Player Classic
2010-10-06 22:25 . 2010-03-15 09:31	165376	----a-w-	c:\windows\system32\unrar.dll
2010-10-01 21:23 . 2010-10-01 21:23	--------	d-----w-	c:\arquivos de programas\VirusTotalUploader2
2010-09-23 17:42 . 2010-09-23 17:42	95672	----a-w-	c:\arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll
2010-09-20 20:30 . 2010-09-20 20:30	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Process Hacker 2
2010-09-19 18:45 . 2010-09-19 19:14	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Norton
2010-09-19 18:45 . 2010-09-19 18:45	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Symantec
2010-09-19 05:04 . 2010-12-24 16:39	--------	d-----w-	C:\hijack
2010-09-18 03:48 . 2010-09-18 03:48	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Ashampoo
2010-09-18 03:47 . 2010-09-18 03:47	--------	d-----w-	c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\ashampoo
2010-09-18 03:47 . 2010-09-18 03:47	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\ashampoo
2010-09-11 20:33 . 2001-09-06 02:27	18176	-c--a-w-	c:\windows\system32\dllcache\sermouse.sys
2010-09-11 20:33 . 2001-09-06 02:27	18176	----a-w-	c:\windows\system32\drivers\sermouse.sys
2010-09-01 17:41 . 2010-09-01 17:41	98304	----a-w-	c:\windows\system32\CmdLineExt.dll
2010-09-01 17:33 . 2010-09-19 17:31	--------	d-----w-	c:\arquivos de programas\Rockstar Games
2010-09-01 16:57 . 2010-09-01 16:57	7168	----a-w-	c:\windows\system32\drivers\utg4njgz.sys
2010-08-24 19:02 . 2010-08-24 19:02	--------	d--h--w-	c:\windows\PIF
2010-08-13 22:15 . 2010-08-13 22:15	--------	d-----w-	c:\windows\PixArt
2010-08-13 22:15 . 2010-08-13 22:15	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\PCCamera
2010-08-13 22:15 . 2010-08-13 22:15	--------	d-----w-	c:\arquivos de programas\PC Camer@
2010-08-01 18:56 . 2010-08-01 18:56	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\McAfee
2010-08-01 18:53 . 2010-12-17 13:16	--------	d-----w-	c:\arquivos de programas\McAfee
2010-08-01 18:53 . 2010-08-01 18:56	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\McAfee
2010-08-01 00:01 . 2010-08-01 00:01	--------	d-----w-	C:\e90de8f2676ead1243c0
2010-07-31 23:59 . 2010-07-31 23:59	--------	d-----w-	c:\documents and settings\Casa\PrivacIE
2010-07-31 23:36 . 2010-07-31 23:36	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Qualys
2010-07-31 03:42 . 2010-07-31 03:42	--------	d-----w-	c:\documents and settings\LocalService\IETldCache
2010-07-31 03:36 . 2010-07-31 03:38	--------	dc-h--w-	c:\windows\ie8
2010-07-31 03:36 . 2010-07-31 03:37	--------	d-----w-	c:\windows\system32\pt-BR
2010-07-23 15:57 . 2010-09-07 15:12	38848	----a-w-	c:\windows\avastSS.scr
2010-07-23 15:47 . 2010-09-07 14:52	165584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-07-23 15:47 . 2010-09-07 14:47	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-07-23 15:46 . 2010-09-07 14:52	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2010-07-23 15:46 . 2010-09-07 14:47	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2010-07-23 15:46 . 2010-09-07 14:47	100176	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2010-07-23 15:46 . 2010-09-07 14:47	94544	----a-w-	c:\windows\system32\drivers\aswmon.sys
2010-07-23 15:46 . 2010-09-07 14:46	28880	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2010-07-23 15:46 . 2010-09-07 15:11	167592	----a-w-	c:\windows\system32\aswBoot.exe
2010-07-23 14:29 . 2010-07-23 14:29	--------	d-----w-	c:\documents and settings\Casa\DoctorWeb
2010-07-22 15:05 . 2009-11-12 17:48	7168	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2010-07-22 15:05 . 2010-07-22 15:05	--------	d-----w-	c:\arquivos de programas\CDBurnerXP
2010-07-21 14:55 . 2010-07-21 15:04	--------	d-----w-	c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\VMware
2010-07-21 14:55 . 2010-07-22 20:39	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\VMware
2010-07-21 14:46 . 2010-07-22 20:26	--------	d-----w-	c:\documents and settings\LocalService\Dados de aplicativos\VMware
2010-07-21 14:46 . 2010-07-22 20:42	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\VMware
2010-07-21 14:26 . 2010-07-21 14:41	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Download Manager
2010-07-19 18:05 . 2010-07-19 18:05	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Publish Providers
2010-07-19 18:05 . 2010-11-05 22:35	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Sony
2010-07-19 18:04 . 2010-07-19 18:04	--------	d-----w-	c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\Sony
2010-07-12 16:02 . 2010-07-14 19:34	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Stellarium
2010-07-11 02:48 . 2010-07-11 02:48	8192	----a-w-	c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll
2010-07-11 02:48 . 2010-07-11 02:48	140864	----a-w-	c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll
2010-07-11 02:48 . 2010-07-11 02:48	98304	----a-w-	c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll
2010-07-11 02:48 . 2010-07-11 02:48	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\xing shared
2010-07-11 02:47 . 2010-07-11 02:47	569397	----a-w-	c:\arquivos de programas\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
2010-06-25 20:44 . 2010-06-25 20:54	--------	d-----w-	c:\arquivos de programas\URUSoft
2010-06-25 15:38 . 2010-06-25 15:38	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\vsosdk
2010-06-25 02:36 . 2010-12-17 20:38	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Vso
2010-06-25 02:36 . 2010-06-25 02:36	47360	----a-w-	c:\windows\system32\drivers\pcouffin.sys
2010-06-25 02:36 . 2010-06-25 02:36	47360	----a-w-	c:\documents and settings\Casa\Dados de aplicativos\pcouffin.sys
2010-06-25 02:36 . 2010-02-09 19:37	65602	----a-w-	c:\windows\system32\cook3260.dll
2010-06-25 02:36 . 2010-02-09 19:37	217127	----a-w-	c:\windows\system32\drv43260.dll
2010-06-25 02:36 . 2010-02-09 19:37	208935	----a-w-	c:\windows\system32\drv33260.dll
2010-06-25 02:36 . 2010-02-09 19:37	176165	----a-w-	c:\windows\system32\drv23260.dll
2010-06-25 02:36 . 2010-02-09 19:37	102439	----a-w-	c:\windows\system32\sipr3260.dll
2010-06-25 02:36 . 2010-02-09 19:37	626688	----a-w-	c:\windows\system32\vp7vfw.dll
2010-06-25 02:36 . 2010-02-09 19:37	1184984	----a-w-	c:\windows\system32\wvc1dmod.dll
2010-06-25 02:35 . 2010-06-25 02:36	--------	d-----w-	c:\arquivos de programas\VSO
2010-06-24 16:37 . 2010-06-24 20:18	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\BitTorrent
2010-06-23 16:59 . 2010-12-11 21:42	16856	----a-w-	c:\arquivos de programas\Mozilla Firefox\plugin-container.exe
2010-06-23 16:59 . 2010-12-11 21:42	719832	----a-w-	c:\arquivos de programas\Mozilla Firefox\mozcpp19.dll
2010-06-16 19:50 . 2010-12-25 23:43	--------	d-----w-	c:\arquivos de programas\Wise Registry Cleaner
2010-06-16 16:54 . 2010-06-16 16:54	272	----a-w-	c:\windows\system32\drivers\sfi.dat
2010-06-01 22:00 . 2010-04-09 04:26	277240	----a-w-	c:\windows\system32\guard32.dll
2010-06-01 22:00 . 2010-04-09 04:25	25240	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 22:00 . 2010-04-09 04:25	15464	----a-w-	c:\windows\system32\drivers\cmderd.sys
2010-05-30 18:13 . 2010-05-30 18:13	604488	----a-w-	c:\windows\system32\TUProgSt.exe
2010-05-30 18:13 . 2009-11-16 15:25	29000	----a-w-	c:\windows\system32\uxtuneup.dll
2010-05-30 18:13 . 2010-05-30 18:13	361288	----a-w-	c:\windows\system32\TuneUpDefragService.exe
2010-05-30 18:13 . 2010-05-30 18:13	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\TuneUp Software
2010-05-30 18:13 . 2010-05-30 18:13	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\TuneUp Software
2010-05-30 18:12 . 2010-12-27 23:50	--------	d-----w-	c:\arquivos de programas\TuneUp Utilities 2009
2010-05-30 18:12 . 2010-05-30 18:12	--------	d-sh--w-	c:\documents and settings\All Users\Dados de aplicativos\{55A29068-F2CE-456C-9148-C869879E2357}
2010-05-26 22:20 . 2010-12-02 14:27	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\flightgear.org
2010-05-19 16:27 . 2010-05-19 17:01	--------	d-----w-	c:\windows\Internet Logs
2010-05-16 18:51 . 2010-05-16 18:51	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativosComodoGroup
2010-05-16 18:49 . 2010-05-16 18:49	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\ComodoGroup
2010-05-06 18:07 . 2010-10-06 22:13	--------	d---a-w-	c:\documents and settings\All Users\Dados de aplicativos\TEMP
2010-05-06 17:57 . 2010-05-06 18:06	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\AnvSoft
2010-04-25 19:48 . 2010-04-25 19:48	--------	d-----w-	C:\VritualRoot
2010-04-25 18:09 . 2010-04-25 18:10	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\COMODO
2010-04-24 19:46 . 2010-04-24 19:46	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Alwil Software
2010-04-24 19:46 . 2010-04-24 19:46	--------	d-----w-	c:\arquivos de programas\Alwil Software
2010-04-24 15:26 . 2009-10-22 16:54	37392	----a-w-	c:\windows\system32\drivers\52060082.sys
2010-04-24 15:26 . 2009-10-10 02:31	315408	----a-w-	c:\windows\system32\drivers\5206008.sys
2010-04-24 15:26 . 2009-09-25 20:59	128016	----a-w-	c:\windows\system32\drivers\52060081.sys
2010-04-24 12:21 . 2010-08-22 17:02	--------	d-----w-	c:\documents and settings\Casa\SystemRequirementsLab
2010-04-22 22:32 . 2010-06-16 16:33	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Comodo Downloader
2010-03-28 15:43 . 2010-03-28 15:43	--------	d-----r-	c:\documents and settings\LocalService\Meus documentos
2010-03-26 19:07 . 2010-03-26 19:07	32768	----a-w-	c:\windows\system32\drivers\taphss.sys
2010-03-10 17:16 . 2010-03-10 17:20	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\DAEMON Tools Lite
2010-03-10 17:16 . 2010-03-10 17:16	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite
2010-03-09 15:46 . 2010-03-16 23:55	--------	d-----w-	c:\arquivos de programas\SlySoft
2010-03-07 01:36 . 2010-03-07 01:36	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\IObit
2010-03-02 04:19 . 2010-03-02 04:19	26112	----a-w-	c:\windows\system32\drivers\tap0901.sys
2010-02-25 16:08 . 2010-12-03 20:12	--------	d-----w-	c:\documents and settings\Administrador
2010-02-09 15:49 . 2010-02-09 15:49	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-02-06 22:41 . 2010-02-06 22:41	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Canneverbe Limited

.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 20:09 . 2009-08-15 17:28	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 20:08 . 2009-08-15 17:28	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-22 22:20 . 2009-06-05 23:32	189392	----a-w-	c:\windows\system32\PnkBstrB.xtr
2010-10-22 22:19 . 2009-06-05 23:32	138016	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2010-10-22 22:19 . 2009-06-05 23:32	189392	----a-w-	c:\windows\system32\PnkBstrB.exe
2010-07-11 02:47 . 2003-03-19 01:14	499712	----a-w-	c:\windows\system32\msvcp71.dll
2010-07-11 02:47 . 2003-02-21 07:42	348160	----a-w-	c:\windows\system32\msvcr71.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-12-28_00.41.57   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-28 11:54 . 2010-01-28 11:54	16384              c:\windows\Temp\Perflib_Perfdata_5b0.dat
+ 2010-01-28 11:54 . 2010-01-28 11:54	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-31 16:34 . 2010-01-28 11:54	32768              c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-31 16:34 . 2010-06-16 19:48	32768              c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-31 16:34 . 2010-01-28 11:54	32768              c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
- 2009-03-31 16:34 . 2010-06-16 19:48	32768              c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"TuneUp MemOptimizer"="c:\arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe" [2009-11-16 163144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"avast5"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-07-11 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-05 15360]

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
setup_9.0.0.722_24.08.2010_03-51.lnk - c:\documents and settings\Casa\Desktop\Virus Removal Tool\setup_9.0.0.722_24.08.2010_03-51\startup.exe [N/A]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Wireless Configuration Utility HW.15.lnk - c:\arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe [2005-9-11 622592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do PMB.lnk]
backup=c:\windows\pss\Ferramenta de Verificação de Mídia do PMB.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37	932288	----a-w-	c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15	40368	----a-w-	c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-09-26 14:02	2356088	----a-r-	c:\arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-10-05 13:11	98304	----a-r-	c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-10-05 13:10	94208	----a-r-	c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-21 15:41	149280	----a-w-	c:\arquivos de programas\Java\jre6\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe"  -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\America's Army Server Manager\\AA Server Remote Control.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Arquivos de programas\\America's Army\\System\\ArmyOps.exe"=
"c:\\Arquivos de programas\\America's Army\\System\\Server.exe"=
"c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 52060082;52060082 Boot Guard Driver;c:\windows\system32\drivers\52060082.sys [24/4/2010 13:26 37392]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/2/2010 13:49 691696]
R1 52060081;52060081;c:\windows\system32\drivers\52060081.sys [24/4/2010 13:26 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/7/2010 13:47 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/7/2010 13:47 17744]
S2 CLPSLS;COMODO livePCsupport Service; [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquiv~1\mcafee\SITEAD~1\mcsacore.exe [1/8/2010 16:56 88176]
S3 cpudrv;cpudrv;\??\c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys --> c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys [?]
S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.sys [24/2/2005 13:29 162176]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [1/11/2010 20:55 38976]
S3 utg4njgz;AVZ Kernel Driver;c:\windows\system32\drivers\utg4njgz.sys [1/9/2010 14:57 7168]
S3 XDva332;XDva332; [x]
S3 XDva336;XDva336; [x]
S3 XDva337;XDva337; [x]
S3 XDva341;XDva341; [x]
S3 XDva342;XDva342; [x]
S3 XDva343;XDva343; [x]
S3 XDva346;XDva346; [x]
S3 XDva347;XDva347; [x]
S3 XDva348;XDva348; [x]
S3 XDva349;XDva349; [x]
S3 XDva352;XDva352; [x]
S3 XDva359;XDva359; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-01-28 c:\windows\Tasks\1-Click Maintenance.job
- c:\arquivos de programas\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 19:54]

2010-01-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-343818398-725345543-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

2010-01-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-343818398-725345543-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]
.
.
------- Scan Suplementar -------
.
IE: Add to AMV Converter...
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file
Trusted Zone: eset.com\www
Trusted Zone: webtorpedos.net
FF - ProfilePath - c:\documents and settings\Casa\Dados de aplicativos\Mozilla\Firefox\Profiles\bkr2uecn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com.br
FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\arquivos de programas\McAfee\SiteAdvisor
FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: VERO - Verificador ortográfico em Português do Brasil: pt-BR@dictionaries.addons.mozilla.org - %profile%\extensions\pt-BR@dictionaries.addons.mozilla.org
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com
FF - Ext: Memory Fox: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} - %profile%\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 12:10
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ... 

Procurando entradas auto inicializáveis ocultas ... 

Procurando ficheiros/arquivos ocultos ... 

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\SYSTEM32\Wireless\WirelessGina.DLL
.
Tempo para conclusão: 2010-01-28  12:11:55
ComboFix-quarantined-files.txt  2010-01-28 14:11
ComboFix2.txt  2010-12-28 00:43

Pré-execução: 14 pasta(s) 13.257.027.584 bytes disponíveis
Pós execução: 15 pasta(s) 13.255.426.048 bytes disponíveis

- - End Of File - - F2984B060D54070295780CCDC32D7F5B

 

 

Posso depois disso fazer os mesmo comandos no bloco de notas e utilizar ele mesmo assim?

Compartilhar este post


Link para o post
Compartilhar em outros sites

FAA-34,

 

Faça conforme orientado abaixo.

 

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

Killall::

Driver::

XDva332

XDva33

XDva337

XDva341

XDva342

XDva343

XDva346

XDva347

XDva348

XDva349

XDva352

XDva359

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

CFScript.gif

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!

*Ao final do procedimento, o programa será fechado automaticamente e será mostrado o relatório

*Cole o relatório criado em C:\combofix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

FAA-34,

 

Faça conforme orientado abaixo.

 

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

Killall::

Driver::

XDva332

XDva33

XDva337

XDva341

XDva342

XDva343

XDva346

XDva347

XDva348

XDva349

XDva352

XDva359

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

CFScript.gif

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!

*Ao final do procedimento, o programa será fechado automaticamente e será mostrado o relatório

*Cole o relatório criado em C:\combofix.txt

 

 

Como solicitado

 

 

ComboFix 10-12-26.01 - Casa 28/01/2010  16:15:20.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.55.1046.18.1015.548 [GMT -2:00]
Executando de: c:\documents and settings\Casa\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Casa\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA332
-------\Legacy_XDVA337
-------\Legacy_XDVA341
-------\Legacy_XDVA342
-------\Legacy_XDVA343
-------\Legacy_XDVA346
-------\Legacy_XDVA347
-------\Legacy_XDVA348
-------\Legacy_XDVA349
-------\Legacy_XDVA352
-------\Legacy_XDVA359
-------\Service_XDva332
-------\Service_XDva337
-------\Service_XDva341
-------\Service_XDva342
-------\Service_XDva343
-------\Service_XDva346
-------\Service_XDva347
-------\Service_XDva348
-------\Service_XDva349
-------\Service_XDva352
-------\Service_XDva359


((((((((((((((((   Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-28  ))))))))))))))))))))))))))))
.

2010-12-28 00:06 . 2010-12-28 00:06	--------	d-----w-	C:\Ad-Remover
2010-12-24 16:39 . 2010-12-24 16:39	--------	d-----w-	C:\rsit
2010-12-03 20:12 . 2010-12-03 20:12	--------	d-----w-	c:\windows\system32\wbem\Repository
2010-12-02 14:26 . 2010-12-02 14:26	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\fltk.org
2010-11-23 14:45 . 2010-11-23 14:45	--------	d-----w-	C:\nv
2010-11-12 22:05 . 2010-11-13 00:22	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Dropbox
2010-11-12 21:36 . 2010-12-21 01:29	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\FrostWire
2010-11-12 21:35 . 2010-11-12 21:37	--------	d-----w-	c:\arquivos de programas\FrostWire
2010-11-08 23:22 . 2010-11-09 00:00	--------	d-----w-	c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\CrossGL-Reminder-Clock
2010-11-06 19:05 . 2010-11-06 19:05	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\MGB
2010-11-06 19:05 . 2010-11-06 19:05	--------	d-----w-	c:\arquivos de programas\Aulete digital
2010-11-05 23:31 . 2010-11-05 23:31	--------	d-----w-	c:\arquivos de programas\Sony Setup
2010-11-01 22:55 . 2010-11-01 22:55	38976	----a-w-	c:\windows\system32\drivers\pssdk42.sys
2010-11-01 22:55 . 2010-11-01 23:10	--------	d-----w-	c:\arquivos de programas\Tenable
2010-10-24 00:50 . 2010-10-24 00:50	--------	d-----w-	c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\stellarium
2010-10-09 18:03 . 2010-10-09 18:03	21035	----a-w-	c:\windows\system32\drivers\AegisP.sys
2010-10-09 18:03 . 2010-10-09 18:03	--------	d-----w-	c:\windows\system32\Wireless
2010-10-06 22:28 . 2010-10-06 22:28	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Media Player Classic
2010-10-06 22:25 . 2010-03-15 09:31	165376	----a-w-	c:\windows\system32\unrar.dll
2010-10-01 21:23 . 2010-10-01 21:23	--------	d-----w-	c:\arquivos de programas\VirusTotalUploader2
2010-09-23 17:42 . 2010-09-23 17:42	95672	----a-w-	c:\arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll
2010-09-20 20:30 . 2010-09-20 20:30	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Process Hacker 2
2010-09-19 18:45 . 2010-09-19 19:14	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Norton
2010-09-19 18:45 . 2010-09-19 18:45	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Symantec
2010-09-19 05:04 . 2010-12-24 16:39	--------	d-----w-	C:\hijack
2010-09-18 03:48 . 2010-09-18 03:48	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Ashampoo
2010-09-18 03:47 . 2010-09-18 03:47	--------	d-----w-	c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\ashampoo
2010-09-18 03:47 . 2010-09-18 03:47	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\ashampoo
2010-09-11 20:33 . 2001-09-06 02:27	18176	-c--a-w-	c:\windows\system32\dllcache\sermouse.sys
2010-09-11 20:33 . 2001-09-06 02:27	18176	----a-w-	c:\windows\system32\drivers\sermouse.sys
2010-09-01 17:41 . 2010-09-01 17:41	98304	----a-w-	c:\windows\system32\CmdLineExt.dll
2010-09-01 17:33 . 2010-09-19 17:31	--------	d-----w-	c:\arquivos de programas\Rockstar Games
2010-09-01 16:57 . 2010-09-01 16:57	7168	----a-w-	c:\windows\system32\drivers\utg4njgz.sys
2010-08-24 19:02 . 2010-08-24 19:02	--------	d--h--w-	c:\windows\PIF
2010-08-13 22:15 . 2010-08-13 22:15	--------	d-----w-	c:\windows\PixArt
2010-08-13 22:15 . 2010-08-13 22:15	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\PCCamera
2010-08-13 22:15 . 2010-08-13 22:15	--------	d-----w-	c:\arquivos de programas\PC Camer@
2010-08-01 18:56 . 2010-08-01 18:56	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\McAfee
2010-08-01 18:53 . 2010-12-17 13:16	--------	d-----w-	c:\arquivos de programas\McAfee
2010-08-01 18:53 . 2010-08-01 18:56	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\McAfee
2010-08-01 00:01 . 2010-08-01 00:01	--------	d-----w-	C:\e90de8f2676ead1243c0
2010-07-31 23:59 . 2010-07-31 23:59	--------	d-----w-	c:\documents and settings\Casa\PrivacIE
2010-07-31 23:36 . 2010-07-31 23:36	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Qualys
2010-07-31 03:42 . 2010-07-31 03:42	--------	d-----w-	c:\documents and settings\LocalService\IETldCache
2010-07-31 03:36 . 2010-07-31 03:38	--------	dc-h--w-	c:\windows\ie8
2010-07-31 03:36 . 2010-07-31 03:37	--------	d-----w-	c:\windows\system32\pt-BR
2010-07-23 15:57 . 2010-09-07 15:12	38848	----a-w-	c:\windows\avastSS.scr
2010-07-23 15:47 . 2010-09-07 14:52	165584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-07-23 15:47 . 2010-09-07 14:47	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-07-23 15:46 . 2010-09-07 14:52	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2010-07-23 15:46 . 2010-09-07 14:47	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2010-07-23 15:46 . 2010-09-07 14:47	100176	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2010-07-23 15:46 . 2010-09-07 14:47	94544	----a-w-	c:\windows\system32\drivers\aswmon.sys
2010-07-23 15:46 . 2010-09-07 14:46	28880	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2010-07-23 15:46 . 2010-09-07 15:11	167592	----a-w-	c:\windows\system32\aswBoot.exe
2010-07-23 14:29 . 2010-07-23 14:29	--------	d-----w-	c:\documents and settings\Casa\DoctorWeb
2010-07-22 15:05 . 2009-11-12 17:48	7168	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2010-07-22 15:05 . 2010-07-22 15:05	--------	d-----w-	c:\arquivos de programas\CDBurnerXP
2010-07-21 14:55 . 2010-07-21 15:04	--------	d-----w-	c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\VMware
2010-07-21 14:55 . 2010-07-22 20:39	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\VMware
2010-07-21 14:46 . 2010-07-22 20:26	--------	d-----w-	c:\documents and settings\LocalService\Dados de aplicativos\VMware
2010-07-21 14:46 . 2010-07-22 20:42	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\VMware
2010-07-21 14:26 . 2010-07-21 14:41	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Download Manager
2010-07-19 18:05 . 2010-07-19 18:05	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Publish Providers
2010-07-19 18:05 . 2010-11-05 22:35	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Sony
2010-07-19 18:04 . 2010-07-19 18:04	--------	d-----w-	c:\documents and settings\Casa\Configurações locais\Dados de aplicativos\Sony
2010-07-12 16:02 . 2010-07-14 19:34	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Stellarium
2010-07-11 02:48 . 2010-07-11 02:48	8192	----a-w-	c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll
2010-07-11 02:48 . 2010-07-11 02:48	140864	----a-w-	c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll
2010-07-11 02:48 . 2010-07-11 02:48	98304	----a-w-	c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll
2010-07-11 02:48 . 2010-07-11 02:48	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\xing shared
2010-07-11 02:47 . 2010-07-11 02:47	569397	----a-w-	c:\arquivos de programas\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
2010-06-25 20:44 . 2010-06-25 20:54	--------	d-----w-	c:\arquivos de programas\URUSoft
2010-06-25 15:38 . 2010-06-25 15:38	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\vsosdk
2010-06-25 02:36 . 2010-12-17 20:38	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Vso
2010-06-25 02:36 . 2010-06-25 02:36	47360	----a-w-	c:\windows\system32\drivers\pcouffin.sys
2010-06-25 02:36 . 2010-06-25 02:36	47360	----a-w-	c:\documents and settings\Casa\Dados de aplicativos\pcouffin.sys
2010-06-25 02:36 . 2010-02-09 19:37	65602	----a-w-	c:\windows\system32\cook3260.dll
2010-06-25 02:36 . 2010-02-09 19:37	217127	----a-w-	c:\windows\system32\drv43260.dll
2010-06-25 02:36 . 2010-02-09 19:37	208935	----a-w-	c:\windows\system32\drv33260.dll
2010-06-25 02:36 . 2010-02-09 19:37	176165	----a-w-	c:\windows\system32\drv23260.dll
2010-06-25 02:36 . 2010-02-09 19:37	102439	----a-w-	c:\windows\system32\sipr3260.dll
2010-06-25 02:36 . 2010-02-09 19:37	626688	----a-w-	c:\windows\system32\vp7vfw.dll
2010-06-25 02:36 . 2010-02-09 19:37	1184984	----a-w-	c:\windows\system32\wvc1dmod.dll
2010-06-25 02:35 . 2010-06-25 02:36	--------	d-----w-	c:\arquivos de programas\VSO
2010-06-24 16:37 . 2010-06-24 20:18	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\BitTorrent
2010-06-23 16:59 . 2010-12-11 21:42	16856	----a-w-	c:\arquivos de programas\Mozilla Firefox\plugin-container.exe
2010-06-23 16:59 . 2010-12-11 21:42	719832	----a-w-	c:\arquivos de programas\Mozilla Firefox\mozcpp19.dll
2010-06-16 19:50 . 2010-01-28 17:53	--------	d-----w-	c:\arquivos de programas\Wise Registry Cleaner
2010-06-16 16:54 . 2010-06-16 16:54	272	----a-w-	c:\windows\system32\drivers\sfi.dat
2010-06-01 22:00 . 2010-04-09 04:26	277240	----a-w-	c:\windows\system32\guard32.dll
2010-06-01 22:00 . 2010-04-09 04:25	25240	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 22:00 . 2010-04-09 04:25	15464	----a-w-	c:\windows\system32\drivers\cmderd.sys
2010-05-30 18:13 . 2010-05-30 18:13	604488	----a-w-	c:\windows\system32\TUProgSt.exe
2010-05-30 18:13 . 2009-11-16 15:25	29000	----a-w-	c:\windows\system32\uxtuneup.dll
2010-05-30 18:13 . 2010-05-30 18:13	361288	----a-w-	c:\windows\system32\TuneUpDefragService.exe
2010-05-30 18:13 . 2010-05-30 18:13	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\TuneUp Software
2010-05-30 18:13 . 2010-05-30 18:13	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\TuneUp Software
2010-05-30 18:12 . 2010-12-27 23:50	--------	d-----w-	c:\arquivos de programas\TuneUp Utilities 2009
2010-05-30 18:12 . 2010-05-30 18:12	--------	d-sh--w-	c:\documents and settings\All Users\Dados de aplicativos\{55A29068-F2CE-456C-9148-C869879E2357}
2010-05-26 22:20 . 2010-12-02 14:27	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\flightgear.org
2010-05-19 16:27 . 2010-05-19 17:01	--------	d-----w-	c:\windows\Internet Logs
2010-05-16 18:51 . 2010-05-16 18:51	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativosComodoGroup
2010-05-16 18:49 . 2010-05-16 18:49	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\ComodoGroup
2010-05-06 18:07 . 2010-10-06 22:13	--------	d---a-w-	c:\documents and settings\All Users\Dados de aplicativos\TEMP
2010-05-06 17:57 . 2010-05-06 18:06	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\AnvSoft
2010-04-25 19:48 . 2010-04-25 19:48	--------	d-----w-	C:\VritualRoot
2010-04-25 18:09 . 2010-04-25 18:10	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\COMODO
2010-04-24 19:46 . 2010-04-24 19:46	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Alwil Software
2010-04-24 19:46 . 2010-04-24 19:46	--------	d-----w-	c:\arquivos de programas\Alwil Software
2010-04-24 15:26 . 2009-10-22 16:54	37392	----a-w-	c:\windows\system32\drivers\52060082.sys
2010-04-24 15:26 . 2009-10-10 02:31	315408	----a-w-	c:\windows\system32\drivers\5206008.sys
2010-04-24 15:26 . 2009-09-25 20:59	128016	----a-w-	c:\windows\system32\drivers\52060081.sys
2010-04-24 12:21 . 2010-08-22 17:02	--------	d-----w-	c:\documents and settings\Casa\SystemRequirementsLab
2010-04-22 22:32 . 2010-06-16 16:33	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Comodo Downloader
2010-03-28 15:43 . 2010-03-28 15:43	--------	d-----r-	c:\documents and settings\LocalService\Meus documentos
2010-03-26 19:07 . 2010-03-26 19:07	32768	----a-w-	c:\windows\system32\drivers\taphss.sys
2010-03-10 17:16 . 2010-03-10 17:20	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\DAEMON Tools Lite
2010-03-10 17:16 . 2010-03-10 17:16	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite
2010-03-09 15:46 . 2010-03-16 23:55	--------	d-----w-	c:\arquivos de programas\SlySoft
2010-03-07 01:36 . 2010-03-07 01:36	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\IObit
2010-03-02 04:19 . 2010-03-02 04:19	26112	----a-w-	c:\windows\system32\drivers\tap0901.sys
2010-02-25 16:08 . 2010-12-03 20:12	--------	d-----w-	c:\documents and settings\Administrador
2010-02-09 15:49 . 2010-02-09 15:49	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-02-06 22:41 . 2010-02-06 22:41	--------	d-----w-	c:\documents and settings\Casa\Dados de aplicativos\Canneverbe Limited

.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 20:09 . 2009-08-15 17:28	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 20:08 . 2009-08-15 17:28	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-22 22:20 . 2009-06-05 23:32	189392	----a-w-	c:\windows\system32\PnkBstrB.xtr
2010-10-22 22:19 . 2009-06-05 23:32	138016	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2010-10-22 22:19 . 2009-06-05 23:32	189392	----a-w-	c:\windows\system32\PnkBstrB.exe
2010-07-11 02:47 . 2003-03-19 01:14	499712	----a-w-	c:\windows\system32\msvcp71.dll
2010-07-11 02:47 . 2003-02-21 07:42	348160	----a-w-	c:\windows\system32\msvcr71.dll
.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"TuneUp MemOptimizer"="c:\arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe" [2009-11-16 163144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"avast5"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-07-11 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-05 15360]

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
setup_9.0.0.722_24.08.2010_03-51.lnk - c:\documents and settings\Casa\Desktop\Virus Removal Tool\setup_9.0.0.722_24.08.2010_03-51\startup.exe [N/A]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Wireless Configuration Utility HW.15.lnk - c:\arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe [2005-9-11 622592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do PMB.lnk]
backup=c:\windows\pss\Ferramenta de Verificação de Mídia do PMB.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37	932288	----a-w-	c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15	40368	----a-w-	c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-09-26 14:02	2356088	----a-r-	c:\arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-10-05 13:11	98304	----a-r-	c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-10-05 13:10	94208	----a-r-	c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-21 15:41	149280	----a-w-	c:\arquivos de programas\Java\jre6\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe"  -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\America's Army Server Manager\\AA Server Remote Control.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Arquivos de programas\\America's Army\\System\\ArmyOps.exe"=
"c:\\Arquivos de programas\\America's Army\\System\\Server.exe"=
"c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Arquivos de programas\\Infogrames\\Tactical Ops\\System\\TacticalOps.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 52060082;52060082 Boot Guard Driver;c:\windows\system32\drivers\52060082.sys [24/4/2010 13:26 37392]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/2/2010 13:49 691696]
R1 52060081;52060081;c:\windows\system32\drivers\52060081.sys [24/4/2010 13:26 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/7/2010 13:47 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/7/2010 13:47 17744]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquiv~1\mcafee\SITEAD~1\mcsacore.exe [1/8/2010 16:56 88176]
S2 CLPSLS;COMODO livePCsupport Service; [x]
S3 cpudrv;cpudrv;\??\c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys --> c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys [?]
S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.sys [24/2/2005 13:29 162176]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [1/11/2010 20:55 38976]
S3 utg4njgz;AVZ Kernel Driver;c:\windows\system32\drivers\utg4njgz.sys [1/9/2010 14:57 7168]
S3 XDva336;XDva336; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-01-28 c:\windows\Tasks\1-Click Maintenance.job
- c:\arquivos de programas\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 19:54]

2010-01-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-343818398-725345543-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

2010-01-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-343818398-725345543-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]
.
.
------- Scan Suplementar -------
.
IE: Add to AMV Converter...
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file
Trusted Zone: eset.com\www
Trusted Zone: webtorpedos.net
FF - ProfilePath - c:\documents and settings\Casa\Dados de aplicativos\Mozilla\Firefox\Profiles\bkr2uecn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com.br
FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\arquivos de programas\McAfee\SiteAdvisor
FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: VERO - Verificador ortográfico em Português do Brasil: pt-BR@dictionaries.addons.mozilla.org - %profile%\extensions\pt-BR@dictionaries.addons.mozilla.org
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com
FF - Ext: Memory Fox: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} - %profile%\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 16:20
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ... 

Procurando entradas auto inicializáveis ocultas ... 

Procurando ficheiros/arquivos ocultos ... 

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\SYSTEM32\Wireless\WirelessGina.DLL

- - - - - - - > 'explorer.exe'(3876)
c:\arquiv~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\msi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquiv~1\MICROS~3\rapimgr.exe
c:\arquivos de programas\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-01-28  16:22:55 - Máquina reiniciou
ComboFix-quarantined-files.txt  2010-01-28 18:22
ComboFix2.txt  2010-01-28 14:11
ComboFix3.txt  2010-12-28 00:43

Pré-execução: 14 pasta(s) 12.523.118.592 bytes disponíveis
Pós execução: 15 pasta(s) 12.462.546.944 bytes disponíveis

- - End Of File - - 497383F1C1A9CD31F71E3536522E64E2

Compartilhar este post


Link para o post
Compartilhar em outros sites
Em função do acontecido estipulamos o prazo de 7 dias para a postagem da resposta. Caso o seu tópico não seja respondido dentro deste prazo responda o mesmo solicitando um novo moderador para analisa-lo e post um novo log do Hijackthis.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:09:06, on 3/1/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe

C:\Arquivos de programas\FreeCountdownTimer\FreeCountdownTimer.exe

C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Casa\Dados de aplicativos\Mozilla\Firefox\Profiles\bkr2uecn.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Arquivos de programas\TuneUp Utilities 2009\MemOptimizer.exe" autostart

O4 - HKCU\..\Run: [FreeCT] C:\Arquivos de programas\FreeCountdownTimer\FreeCountdownTimer.exe -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.eset.com

O15 - Trusted Zone: http://*.webtorpedos.net

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 7626 bytes

 

 

 

 

Algum moderador poderia olhar o ultimo log do combofix/hijackthis e ver se ele esta limpo?? Posso desisntalar o combofix??

 

 

Alguem pls me ajuda!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Olá FAA-34!

 

:seta: Acesse o site http://virscan.org/ e envie o arquivo C:\Arquivos de programas\FreeCountdownTimer\FreeCountdownTimer.exe para ser analisado nele. Aguarde a conclusão da análise e depois de concluida, copie o link que aparecerá na barra de endereços do seu navegador e poste este link em sua próxima resposta juntamente com os outros logs pedidos abaixo.

 

Obs: Caso o site acima esteja muito sobrecarregado ou com algum problema, é só você ir em um desses endereços abaixo e enviar o arquivo para análise:

 

http://www.virustotal.com/

http://virusscan.jotti.org/

http://www.viruschief.com/

__________________________

 

:seta: Siga também estas dicas:

 

Tutorial do antivirus Nod32 Online

 

Tutorial do Spyware Doctor Starter Edition

____________________________

 

:seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis, o log do Spyware Doctor e o link da análise do arquivo que pedimos acima e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Olá FAA-34!

 

:seta: Acesse o site http://virscan.org/ e envie o arquivo C:\Arquivos de programas\FreeCountdownTimer\FreeCountdownTimer.exe para ser analisado nele. Aguarde a conclusão da análise e depois de concluida, copie o link que aparecerá na barra de endereços do seu navegador e poste este link em sua próxima resposta juntamente com os outros logs pedidos abaixo.

 

Obs: Caso o site acima esteja muito sobrecarregado ou com algum problema, é só você ir em um desses endereços abaixo e enviar o arquivo para análise:

 

http://www.virustotal.com/

http://virusscan.jotti.org/

http://www.viruschief.com/

__________________________

 

:seta: Siga também estas dicas:

 

Tutorial do antivirus Nod32 Online

 

Tutorial do Spyware Doctor Starter Edition

____________________________

 

:seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis, o log do Spyware Doctor e o link da análise do arquivo que pedimos acima e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta.

 

 

 

O Free Coutdown é um cronometro pra eu me lembrar das minhas tarefas xD

 

http://virscan.org/report/266354ba7b41040002e1b3cedec778a6.html

 

 

 

No aguardo do termino das outras etapas

Compartilhar este post


Link para o post
Compartilhar em outros sites

Como o log do Spyware doctor é em formato html. e nao tem como anexar aqui upei ele no mandamais....

 

 

http://www.mandamais.com.br/download/il29312011205248

 

 

 

:o :o :o :o :o :o Bagle!!!!!! Esse virus é da pesada :(

 

Tive que desligar o Nod em 37%(chuvas tensas por aqui)

Virus Found:

 

C:\Documents and Settings\Casa\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\57\53e8d6f9-4ac5e50d	a variant of Java/TrojanDownloader.Agent.NBN trojan	deleted - quarantined

 

 

TEnho que trocar minhas senhas?

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.