flake21 0 Denunciar post Postado Maio 8, 2011 Olá a todos... Me deparo com um problema chato... A inicialização do meu pc ficou mto lenta, e similei tal fato a uma atualização do windows... Uso o windows 7 ultimate 64 btis, a após a atualização do SP1 percebi uma demora considerável na inicialização do computador... Tem outros problemas tb, que não sei se estão associados a vírus ou spywares, mas sempre mantenho meu AVIRA atualizado e faço varreduras semanalmente... Tenho o sýbot tb, e nunca tive nada acusado. Minha máquina é um i7 920 @ 3.8 ghz, asus extreme rampage II, 6 gb ram ddr 3 tripple channel patriot, gtx 295, seagate 1 tb 4.200 rpm, seagate 250gb 4.200rpm. Adoro ver filmes, e depois de ter comprado uma LG de "55, minha paixão por filmes só aumentou, o que me levou a uma compulsiva mania de baixar filmes! Antigos, novos, clichês... Enfim... Venho baixando muitos arquivos ultimamente... Notei um problema estranho com um dos arquivos que baixei... O filme era "O pianista" (1920x1080 x AC3 + DTS), tinha uns 11 gb no total... Até aí tdo bem... Qdo rodava o filme no pc, ele começava bem, porém após 40 seg. rodando, notava uns pequenos travamentos típicos de falta de memória... Fechei o filme rapidamente e notei no meu "RAMrush" uma queda brutal na memória (tenho 6gb, e ficou caindo até menos de 200mb), o que tornou qualquer tarefa realizada no pc impossível... Deletar o arquivo era impossível tb, visto que toda vez q eu mandava o arquivo para lixeira, o windows ficava calculando o tempo de delete, e ñ deletava nunca... Depois de mta luta, consegui arranjar uma forma de deletar o arquivo pelo modo de segurança do windows... Esqueci deo problema... Porém, ao baixar "Harry Potter e as relíquias" (AC3 + DTS x 1920x800) me deparei com o mesmo problema no arquivo... Usei um programa chamado "lockhunter", que deletava o arquivo sem problemas e tb destravava ele... Mas ao "destravar" o arquivo o programa dizia que o explorer estava "lockando" ele... Qdo o destravamento ocorria, o explorer.exe precisava reiniciar, mas depois disso, tudo voltava ao normal... Enfim, deletei mais uma vez o filme e baixei outra versão... Até então achei que os arquivos estivessem ruins... Porém hj, terminei de baixar "O discurso do Rei" (1920x1080 AC3 x DTS) uns 10gb. E o mesmo problema persistiu, me levando a acreditar que estou com algum probleminha na minha maquina... A única coisa que eu reparei em comum nos arquivos, foi o fato de os 3 serem AC3 e DTS, oq pra mim é uma boa, já que minha TV nova não lê audio em DTS... Segue meu log do Hajack this: ------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:48:32, on 07/05/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\vVX1000.exe C:\Program Files (x86)\RAMRush\RAMRush.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe C:\Program Files\ASUS\TweakIt\TWeakIt.exe C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe C:\Program Files\ASUS\Ai Suite\CPU Level UpEx\CpuLevelUp.exe C:\Program Files\ASUS\TurboV\TurboV.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Razer\DeathAdder\razertra.exe C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Flake21\Desktop\Limpeza Malware\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ostpl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files (x86)\Softonic_Brasil\tbSoft.dll F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O1 - Hosts: 188.165.201.54 www.bb.com.br O1 - Hosts: 188.165.201.54 bb.com.br O1 - Hosts: 188.165.201.54 www.bancobrasil.com.br O1 - Hosts: 188.165.201.54 bancobrasil.com.br O1 - Hosts: 188.165.201.54 www.bancodobrasil.com.br O1 - Hosts: 188.165.201.54 bancodobrasil.com.br O1 - Hosts: 188.165.201.54 www.bb.com.br O1 - Hosts: 188.165.201.54 bb.com.br O1 - Hosts: 188.165.201.54 www.bancobrasil.com.br O1 - Hosts: 188.165.201.54 bancobrasil.com.br O1 - Hosts: 188.165.201.54 www.bancodobrasil.com.br O1 - Hosts: 188.165.201.54 bancodobrasil.com.br O1 - Hosts: 188.165.201.54 www.bb.com.br O1 - Hosts: 188.165.201.54 bb.com.br O1 - Hosts: 188.165.201.54 www.bancobrasil.com.br O1 - Hosts: 188.165.201.54 bancobrasil.com.br O1 - Hosts: 188.165.201.54 www.bancodobrasil.com.br O1 - Hosts: 188.165.201.54 bancodobrasil.com.br O1 - Hosts: 63.134.212.20 www2.bancobrasil.com.br O1 - Hosts: 63.134.212.21 www.realsecureweb.com.br O1 - Hosts: 63.134.212.22 www2.realsecureweb.com.br O1 - Hosts: 63.134.212.23 aapf.bb.com.br O1 - Hosts: 63.134.212.20 www2.bancobrasil.com.br O1 - Hosts: 63.134.212.21 www.realsecureweb.com.br O1 - Hosts: 63.134.212.22 www2.realsecureweb.com.br O1 - Hosts: 63.134.212.23 aapf.bb.com.br O1 - Hosts: 63.134.212.20 www2.bancobrasil.com.br O1 - Hosts: 63.134.212.21 www.realsecureweb.com.br O1 - Hosts: 63.134.212.22 www2.realsecureweb.com.br O1 - Hosts: 63.134.212.23 aapf.bb.com.br O1 - Hosts: 63.134.212.20 www2.bancobrasil.com.br O1 - Hosts: 63.134.212.21 www.realsecureweb.com.br O1 - Hosts: 63.134.212.22 www2.realsecureweb.com.br O1 - Hosts: 63.134.212.23 aapf.bb.com.br O1 - Hosts: 109.109.229.50 www2.bancobrasil.com.br O1 - Hosts: 109.109.229.51 aapf.bb.com.br O1 - Hosts: 109.109.229.50 www2.bancobrasil.com.br O1 - Hosts: 109.109.229.51 aapf.bb.com.br O1 - Hosts: 109.109.229.50 www2.bancobrasil.com.br O1 - Hosts: 109.109.229.51 aapf.bb.com.br O1 - Hosts: 109.109.229.50 www2.bancobrasil.com.br O1 - Hosts: 109.109.229.51 aapf.bb.com.br O1 - Hosts: 109.109.229.50 www2.bancobrasil.com.br O1 - Hosts: 109.109.229.51 aapf.bb.com.br O1 - Hosts: 174.37.46.123 www2.bancobrasil.com.br O1 - Hosts: 174.37.46.124 aapj.bb.com.br O1 - Hosts: 174.37.46.122 www.santandernet.com.br O2 - BHO: Softonic_Brasil - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files (x86)\Softonic_Brasil\tbSoft.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\OPENSU~1\Iplex\IPLEXT~1.DLL O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files (x86)\Softonic_Brasil\tbSoft.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [TweakIt Help] "C:\Program Files\ASUS\TweakIt\TweakIt.exe" -r O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up] "C:\Program Files\ASUS\Ai Suite\CPU Level UPEx\CpuLevelUp.exe" -r O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN O4 - HKCU\..\Run: [ftweak_RAMRush] C:\Program Files (x86)\RAMRush\RAMRush.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files (x86)\OpenSubtitlesPlayer\ALLUpdate.exe" "sleep" O4 - HKCU\..\Run: [Google Update] "C:\Users\Flake21\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKLM\..\Policies\Explorer\Run: [xxsc5] C:\Windows\TEMP\vpe0.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Flake21\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7C932B3A-BE0E-43F8-97FE-A54289BEB6BE}: NameServer = 200.175.5.139,200.175.89.139 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\Windows\system32\aspimgr.exe (file missing) O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 16032 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 8, 2011 Olá flake21 1. Abra o Spybot No menu superior, clique em [Modo] > [Avançado] e confirme. Clique em [Ferramentas] > [Residente] Desmarque a opção Ativar "TeaTimer" do Residente (proteção geral das configurações de sistema). Feche o programa. 2. *Baixe o AD-Remover e salve-o no desktop *Clique com o botão direito no programa e selecione "Executar como administrador" *Clique [Clean] > [sim] > [OK] > [sim] *O PC será reiniciado *Cole o relatório C:\Ad-Report-CLEAN[1].txt 3. *Baixe o Bankerfix e salve-o no desktop *Execute-o como administrador, clique [OK] > [sIM] (se pedir alguma atualização) > [OK] > [ENTER] *Ao finalizar, tecle [ENTER] *Cole o relatório C:\LinhaDefensiva\relatorio.txt Compartilhar este post Link para o post Compartilhar em outros sites
flake21 0 Denunciar post Postado Maio 8, 2011 Obrigado pela resposta rápida! Segue o log C:\Ad-Report-CLEAN[1].txt: -------------------------------------------------------------------------- ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 23:29:36 on 07/05/2011, Normal boot Microsoft Windows 7 Ultimate Service Pack 1 (X64) Flake21@GABRIEL (System manufacturer System Product Name) ============== ACTION(S) ============== Folder deleted: C:\Users\Flake21\AppData\LocalLow\Conduit Folder deleted: C:\Program Files (x86)\Conduit Folder deleted: C:\Users\Flake21\AppData\LocalLow\ConduitEngine Folder deleted: C:\Program Files (x86)\ConduitEngine Folder deleted: C:\ProgramData\PopCap Games Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games Folder deleted: C:\Users\Flake21\AppData\LocalLow\PriceGong (!) -- Temporary files deleted. Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKLM\Software\Classes\CLSID\{48EC72BB-7962-4B86-8466-CA2EAEA90959} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{48EC72BB-7962-4B86-8466-CA2EAEA90959} Key deleted: HKLM\Software\Classes\Conduit.Engine Key deleted: HKLM\Software\Classes\Toolbar.CT2552374 Key deleted: HKLM\Software\Conduit Key deleted: HKLM\Software\conduitEngine Key deleted: HKLM\Software\PopCap Key deleted: HKCU\Software\Conduit Key deleted: HKCU\Software\PopCap Key deleted: HKCU\Software\AppDataLow\Toolbar Key deleted: HKCU\Software\AppDataLow\Software\Conduit Key deleted: HKCU\Software\AppDataLow\Software\conduitEngine Key deleted: HKCU\Software\AppDataLow\Software\PriceGong Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C290FB16-F6DA-4A6D-B903-D14344F2283B} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [4.0.1 (pt-BR)] **** HKLM_MozillaPlugins\@nvidia.com/3DVision (x) HKLM_MozillaPlugins\@nvidia.com/3DVisionStreaming (x) HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x) Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura) Searchplugins\fcmdSrchostpl.xml ( hxxp://start.facemoods.com/?a=ostpl&f=4&q={searchTerms}/) Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk) Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca) Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search) Components\browsercomps.dll (Mozilla Foundation) -- C:\Users\Flake21\AppData\Roaming\Mozilla\FireFox\Profiles\9r4dfnb5.default -- Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} (DVDVideoSoft Menu) Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} (DownThemAll!) Prefs.js - browser.search.selectedEngine, Search Prefs.js - browser.startup.homepage, hxxp://www.oglobo.com.br Prefs.js - browser.startup.homepage_override.buildID, 20110413222027 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1 Prefs.js - keyword.URL, hxxp://start.facemoods.com/results.php?f=5&a=ostpl&q= ======================================== **** Google Chrome Version [11.0.696.65] **** -- C:\Users\Flake21\AppData\Local\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "facemoods" (Enabled: true) (hxxp://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4) Preferences - homepage: hxxp://start.facemoods.com/?a=ostpl Preferences - homepage_is_newtabpage: false Plugin - Windows Live Photo Gallery (Enabled: true) (C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll) Plugin - "Windows Live Photo Gallery" (Enabled: true) ======================================== **** Internet Explorer Version [9.0.8112.16421] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{12fc3d37-2a42-4fe3-8489-81296878cba5} - "Softonic_Brasil Toolbar" (C:\Program Files (x86)\Softonic_Brasil\tbSoft.dll) HKLM_URLSearchHooks|{12fc3d37-2a42-4fe3-8489-81296878cba5} - "Softonic_Brasil Toolbar" (C:\Program Files (x86)\Softonic_Brasil\tbSoft.dll) HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Facemoods Search" (hxxp://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4) HKCU_Toolbar\WebBrowser|{12FC3D37-2A42-4FE3-8489-81296878CBA5} (C:\Program Files (x86)\Softonic_Brasil\tbSoft.dll) HKLM_Toolbar|{12fc3d37-2a42-4fe3-8489-81296878cba5} (C:\Program Files (x86)\Softonic_Brasil\tbSoft.dll) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x) HKLM_ElevationPolicy\{1C1604A8-D02A-44FB-9B39-F9F6801BFFF4} - C:\Program Files (x86)\Softonic_Brasil\Softonic_BrasilToolbarHelper.exe (?) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x) BHO\{12fc3d37-2a42-4fe3-8489-81296878cba5} - "Softonic_Brasil Toolbar" (C:\Program Files (x86)\Softonic_Brasil\tbSoft.dll) BHO\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - "IplexToALLPlayer" (C:\PROGRA~2\OPENSU~1\Iplex\IPLEXT~1.DLL) ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 236 File(s) C:\Program Files (x86)\Ad-Remover\Backup: 14 File(s) C:\Ad-Report-CLEAN[1].txt - 07/05/2011 23:29:52 (6654 Byte(s)) End at: 23:30:37, 07/05/2011 ============== E.O.F ============== -------------------------------------------------------------- Segue o log C:\LinhaDefensiva\relatorio.txt : -------------------------------------------------------------- BankerFix 3.1 VALKYRIE - Removedor de Bankers Linha Defensiva | http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ ------------------------------------------------------- Data: 2011-05-07 - 23:38 ------------------------------------------------------- Lista de Definição: 2011-03-01-1 | CORE: 2010-12-28-6 ======================================================= IP malicioso encontrado no hosts: 109.109 IP malicioso encontrado no hosts: 174.37 IP malicioso encontrado no hosts: 188.165 IP malicioso encontrado no hosts: 63.134 IP malicioso encontrado no hosts: 76.163 ----- Fim ------------------------- Agradeço a ajuda! fico no aguardo Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 8, 2011 1. *Delete o Bankerfix e a pasta C:\LinhaDefensiva 2. *Execute o AD-Remover e clique [uninstall] > [Não] > [Close] 3. *Novo log do hijack Compartilhar este post Link para o post Compartilhar em outros sites
flake21 0 Denunciar post Postado Maio 8, 2011 Segue novo log do hajckthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:56:31, on 07/05/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\vVX1000.exe C:\Program Files (x86)\RAMRush\RAMRush.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe C:\Program Files\ASUS\TweakIt\TWeakIt.exe C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe C:\Program Files\ASUS\Ai Suite\CPU Level UpEx\CpuLevelUp.exe C:\Program Files\ASUS\TurboV\TurboV.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Razer\DeathAdder\razertra.exe C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Flake21\Desktop\Limpeza Malware\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files (x86)\Softonic_Brasil\tbSoft.dll F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Softonic_Brasil - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files (x86)\Softonic_Brasil\tbSoft.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\OPENSU~1\Iplex\IPLEXT~1.DLL O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files (x86)\Softonic_Brasil\tbSoft.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [TweakIt Help] "C:\Program Files\ASUS\TweakIt\TweakIt.exe" -r O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up] "C:\Program Files\ASUS\Ai Suite\CPU Level UPEx\CpuLevelUp.exe" -r O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN O4 - HKCU\..\Run: [ftweak_RAMRush] C:\Program Files (x86)\RAMRush\RAMRush.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files (x86)\OpenSubtitlesPlayer\ALLUpdate.exe" "sleep" O4 - HKCU\..\Run: [Google Update] "C:\Users\Flake21\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKLM\..\Policies\Explorer\Run: [xxsc5] C:\Windows\TEMP\vpe0.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Flake21\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7C932B3A-BE0E-43F8-97FE-A54289BEB6BE}: NameServer = 200.175.5.139,200.175.89.139 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\Windows\system32\aspimgr.exe (file missing) O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12832 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 8, 2011 *Baixe o Kaspersky Virus Removal Tool e salve-o no desktop *Instale o programa *Selecione a opção: [X] Meu Computador *Clique na frase "Perguntar o que fazer" e selecione "Perguntar ao concluir" *Clique [iniciar verificação] *Caso encontre algo, selecione [x] Aplicar para todos os arquivos e clique "Ignorar" *Ao término, clique [Relatório] > [salvar] e salve no desktop como log.txt *Feche a janela e na janela principal do programa clique [sair] > [Não] *Cole o relatório log.txt salvo no desktop Compartilhar este post Link para o post Compartilhar em outros sites
flake21 0 Denunciar post Postado Maio 8, 2011 Desculpe pela demora na resposta... A verificação levou 1:50 min... Segue o log.txt: --------------------------------------------------------------- Verificação automática: concluído <1 minuto atrás (eventos: 50, objetos: 918270, hora: 01:56:20) 08/05/2011 02:10:21 Tarefa concluída Ação padrão selecionada 08/05/2011 02:10:21 Não neutralizado: MultiPacked.Multi.Generic D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\jaPBeForPB400.zip/jaPBeForPB400_3612.exe/Plugin/PureLIBManager.exe Gravação sem suporte 08/05/2011 02:10:21 Detectados: MultiPacked.Multi.Generic D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\jaPBeForPB400.zip/jaPBeForPB400_3612.exe/Plugin/PureLIBManager.exe Ação padrão selecionada 08/05/2011 02:10:20 Não neutralizado: MultiPacked.Multi.Generic D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\jaPBe375ForPB400.zip/jaPBeForPB400_375.exe/Plugin/PureLIBManager.exe Gravação sem suporte 08/05/2011 02:10:13 Detectados: MultiPacked.Multi.Generic D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\jaPBe375ForPB400.zip/jaPBeForPB400_375.exe/Plugin/PureLIBManager.exe Ação padrão selecionada 08/05/2011 02:10:12 Não neutralizado: Trojan-Banker.Win32.Banbra.afta C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41621f19-5baee54d/dtm/actusb.sys Ignorado pelo usuário 08/05/2011 02:10:12 Detectados: Trojan-Banker.Win32.Banbra.afta C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41621f19-5baee54d/dtm/actusb.sys Ação padrão selecionada 08/05/2011 02:10:12 Não neutralizado: Rootkit.Win32.Banker.dt C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-751c4967/2011a/actusb.sys Ignorado pelo usuário 08/05/2011 02:10:12 Detectados: Rootkit.Win32.Banker.dt C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-751c4967/2011a/actusb.sys Ação padrão selecionada 08/05/2011 02:10:12 Não neutralizado: Rootkit.Win32.Banker.dt C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-5a0375f8/2011a/actusb.sys Ignorado pelo usuário 08/05/2011 02:10:12 Detectados: Rootkit.Win32.Banker.dt C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-5a0375f8/2011a/actusb.sys Ação padrão selecionada 08/05/2011 02:10:12 Não neutralizado: Trojan-Banker.Win32.Banbra.afta C:\Documents and Settings\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41621f19-5baee54d/dtm/actusb.sys Ignorado pelo usuário 08/05/2011 02:10:12 Detectados: Trojan-Banker.Win32.Banbra.afta C:\Documents and Settings\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41621f19-5baee54d/dtm/actusb.sys Ação padrão selecionada 08/05/2011 02:10:12 Não neutralizado: Rootkit.Win32.Banker.dt C:\Documents and Settings\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-751c4967/2011a/actusb.sys Ignorado pelo usuário 08/05/2011 02:10:12 Detectados: Rootkit.Win32.Banker.dt C:\Documents and Settings\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-751c4967/2011a/actusb.sys Ação padrão selecionada 08/05/2011 02:10:12 Não neutralizado: Rootkit.Win32.Banker.dt C:\Documents and Settings\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-5a0375f8/2011a/actusb.sys Ignorado pelo usuário 08/05/2011 02:10:12 Detectados: Rootkit.Win32.Banker.dt C:\Documents and Settings\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-5a0375f8/2011a/actusb.sys Ação padrão selecionada 08/05/2011 02:10:12 Não neutralizado: Virus.Win32.Parite.b D:\Backup GABRIEL\Arquivos\Files\BDownload_16Aug2005\Xplorer Pro Crack.exe/DoomPack Ignorado pelo usuário 08/05/2011 02:10:08 Detectados: Virus.Win32.Parite.b D:\Backup GABRIEL\Arquivos\Files\BDownload_16Aug2005\Xplorer Pro Crack.exe/DoomPack Ação padrão selecionada 08/05/2011 02:10:08 Não neutralizado: Backdoor.Win32.SdBot.wnf D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\pdftoexcell_blspeesetup.exe/data0005/Armadillo Gravação sem suporte 08/05/2011 02:10:08 Detectados: Backdoor.Win32.SdBot.wnf D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\pdftoexcell_blspeesetup.exe/data0005/Armadillo Ação padrão selecionada 08/05/2011 02:10:08 Não neutralizado: Trojan-GameThief.Win32.Lmir.ptn D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\RMJ to MP3 cONVERTER 1.21+serial.rar/RMJ to MP3 cONVERTER 1.21+serial/RMJ to MP3 cONVERTER 1.21+serial.exe/data0000/Armadillo Gravação sem suporte 08/05/2011 02:10:08 Detectados: Trojan-GameThief.Win32.Lmir.ptn D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\RMJ to MP3 cONVERTER 1.21+serial.rar/RMJ to MP3 cONVERTER 1.21+serial/RMJ to MP3 cONVERTER 1.21+serial.exe/data0000/Armadillo Ação padrão selecionada 08/05/2011 02:10:08 Não neutralizado: Backdoor.Win32.Agent.baip C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\vcluplcrt17\msftcore.dll/UPX Ignorado pelo usuário 08/05/2011 02:09:06 Detectados: Backdoor.Win32.Agent.baip C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\vcluplcrt17\msftcore.dll/UPX Ação padrão selecionada 08/05/2011 01:10:53 Não neutralizado: Trojan-GameThief.Win32.Lmir.ptn D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\RMJ to MP3 cONVERTER 1.21+serial.rar/RMJ to MP3 cONVERTER 1.21+serial/RMJ to MP3 cONVERTER 1.21+serial.exe/data0000/Armadillo Adiado 08/05/2011 01:10:53 Detectados: Trojan-GameThief.Win32.Lmir.ptn D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\RMJ to MP3 cONVERTER 1.21+serial.rar/RMJ to MP3 cONVERTER 1.21+serial/RMJ to MP3 cONVERTER 1.21+serial.exe/data0000/Armadillo Ação padrão selecionada 08/05/2011 01:10:43 Não neutralizado: Virus.Win32.Parite.b D:\Backup GABRIEL\Arquivos\Files\BDownload_16Aug2005\Xplorer Pro Crack.exe/DoomPack Adiado 08/05/2011 01:10:43 Detectados: Virus.Win32.Parite.b D:\Backup GABRIEL\Arquivos\Files\BDownload_16Aug2005\Xplorer Pro Crack.exe/DoomPack Ação padrão selecionada 08/05/2011 01:10:02 Não neutralizado: MultiPacked.Multi.Generic D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\jaPBeForPB400.zip/jaPBeForPB400_3612.exe/Plugin/PureLIBManager.exe Adiado 08/05/2011 01:10:02 Detectados: MultiPacked.Multi.Generic D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\jaPBeForPB400.zip/jaPBeForPB400_3612.exe/Plugin/PureLIBManager.exe Ação padrão selecionada 08/05/2011 01:09:57 Não neutralizado: MultiPacked.Multi.Generic D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\jaPBe375ForPB400.zip/jaPBeForPB400_375.exe/Plugin/PureLIBManager.exe Adiado 08/05/2011 01:09:57 Detectados: MultiPacked.Multi.Generic D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\jaPBe375ForPB400.zip/jaPBeForPB400_375.exe/Plugin/PureLIBManager.exe Ação padrão selecionada 08/05/2011 01:09:45 Não neutralizado: Backdoor.Win32.SdBot.wnf D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\pdftoexcell_blspeesetup.exe/data0005/Armadillo Adiado 08/05/2011 01:09:45 Detectados: Backdoor.Win32.SdBot.wnf D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\pdftoexcell_blspeesetup.exe/data0005/Armadillo Ação padrão selecionada 08/05/2011 00:52:46 Não neutralizado: Backdoor.Win32.Agent.baip C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\vcluplcrt17\msftcore.dll/UPX Adiado 08/05/2011 00:52:46 Detectados: Backdoor.Win32.Agent.baip C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\vcluplcrt17\msftcore.dll/UPX Ação padrão selecionada 08/05/2011 00:39:13 Não neutralizado: Trojan-Banker.Win32.Banbra.afta C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41621f19-5baee54d/dtm/actusb.sys Adiado 08/05/2011 00:39:13 Detectados: Trojan-Banker.Win32.Banbra.afta C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41621f19-5baee54d/dtm/actusb.sys Ação padrão selecionada 08/05/2011 00:39:13 Não neutralizado: Rootkit.Win32.Banker.dt C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-751c4967/2011a/actusb.sys Adiado 08/05/2011 00:39:13 Detectados: Rootkit.Win32.Banker.dt C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-751c4967/2011a/actusb.sys Ação padrão selecionada 08/05/2011 00:39:13 Não neutralizado: Rootkit.Win32.Banker.dt C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-5a0375f8/2011a/actusb.sys Adiado 08/05/2011 00:39:13 Detectados: Rootkit.Win32.Banker.dt C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-5a0375f8/2011a/actusb.sys Ação padrão selecionada 08/05/2011 00:18:02 Não neutralizado: Trojan-Banker.Win32.Banbra.afta C:\Documents and Settings\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41621f19-5baee54d/dtm/actusb.sys Adiado 08/05/2011 00:18:02 Detectados: Trojan-Banker.Win32.Banbra.afta C:\Documents and Settings\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41621f19-5baee54d/dtm/actusb.sys Ação padrão selecionada 08/05/2011 00:18:02 Não neutralizado: Rootkit.Win32.Banker.dt C:\Documents and Settings\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-751c4967/2011a/actusb.sys Adiado 08/05/2011 00:18:02 Detectados: Rootkit.Win32.Banker.dt C:\Documents and Settings\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-751c4967/2011a/actusb.sys Ação padrão selecionada 08/05/2011 00:18:02 Não neutralizado: Rootkit.Win32.Banker.dt C:\Documents and Settings\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-5a0375f8/2011a/actusb.sys Adiado 08/05/2011 00:18:02 Detectados: Rootkit.Win32.Banker.dt C:\Documents and Settings\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-5a0375f8/2011a/actusb.sys Ação padrão selecionada 08/05/2011 00:14:01 Tarefa iniciada Ação padrão selecionada Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 8, 2011 *Envie o arquivo para análise em http://virusscan.jotti.org C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\vcluplcrt17\msftcore.dll *Cole o link contendo o resultado Compartilhar este post Link para o post Compartilhar em outros sites
flake21 0 Denunciar post Postado Maio 8, 2011 Obrigado pela rapidez e eficiência com que tem me ajudado! Segue o link do resultado: ------------------------------------------------ http://virusscan.jotti.org/pt-br/scanresult/c42e93e564d952a0439f2f0be1f5191a49164d66 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 9, 2011 *Na pasta Virus Removal Tool, localizada no desktop, execute o atalho chamado Start *Clique [Desinfecção manual] *Cole o código no espaço em branco abaixo da "Etapa 3" begin DeleteFile('C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\vcluplcrt17\msftcore.dll'); DeleteFile('C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41621f19-5baee54d/dtm/actusb.sys'); DeleteFile('C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-751c4967/2011a/actusb.sys'); DeleteFile('C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-5a0375f8/2011a/actusb.sys'); RebootWindows(true); end. *Clique [Executar] > [Não] e o PC será reiniciado *O programa será aberto automaticamente *Clique [Relatório] *Na lacuna onde está escrito "Verificação automática", selecione a opção "Desinfecção manual" *Na lacuna onde está escrito "Eventos importantes", selecione a opção "Todos os eventos" *Clique [salvar] *Salve no desktop como log.txt *Na tela principal do programa, clique [sair] > [Não] *Cole o relatório log.txt Compartilhar este post Link para o post Compartilhar em outros sites
flake21 0 Denunciar post Postado Maio 9, 2011 Segue o log: ------------------------------- Desinfecção manual: concluído 5 minutos atrás (eventos: 10) 08/05/2011 23:06:09 Desinfecção manual Tarefa iniciada 08/05/2011 23:06:09 Excluir arquivo:C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\vcluplcrt17\msftcore.dll 08/05/2011 23:06:09 Excluir arquivo:C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41621f19-5baee54d/dtm/actusb.sys 08/05/2011 23:06:09 >>>Para excluir o arquivo C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41621f19-5baee54d/dtm/actusb.sys é necessário reiniciar 08/05/2011 23:06:09 Excluir arquivo:C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-751c4967/2011a/actusb.sys 08/05/2011 23:06:09 >>>Para excluir o arquivo C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-751c4967/2011a/actusb.sys é necessário reiniciar 08/05/2011 23:06:09 Excluir arquivo:C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-5a0375f8/2011a/actusb.sys 08/05/2011 23:06:09 >>>Para excluir o arquivo C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-5a0375f8/2011a/actusb.sys é necessário reiniciar 08/05/2011 23:06:09 O script foi executado sem erros 08/05/2011 23:06:09 Desinfecção manual Tarefa concluída Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 9, 2011 Informe como está o PC. *Na pasta Virus Removal Tool, localizada no desktop, execute o atalho chamado Start *Selecione a opção: [X] Meu Computador *Clique [Desinfecção manual] > [Coletando informações do sistema] *Ao término, clique [sair] > [Não] *Faça o upload do arquivo avptool_sysinfo.zip localizado na pasta Virus Removal Tool\setup_versão_data_hora\LOG que está no desktop *Para fazer o upload, use este link *Cole o endereço criado Compartilhar este post Link para o post Compartilhar em outros sites
flake21 0 Denunciar post Postado Maio 9, 2011 Os problemas mencionados persistem... Até agora, nenhuma melhora visível! Segue o link: ----------------------------------------- http://www.mandamais.com.br/download/bhgv95201194255 ---------------------------------------- Agradeço mais uma vez! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 9, 2011 1. *Abra a pasta Virus Removal Tool, localizada no desktop, execute o atalho Start *Clique [sair] > [sim] > [sim] > [sim] *O PC será reiniciado *Delete o arquivo setup do Kaspersky e o(s) relatório(s) salvo(s) no desktop 2. *Baixe o MalwareBytes e salve-o no desktop *Instale o programa e aguarde a atualização *O programa será aberto automaticamente *Na aba [Verificação], selecione [Verificação completa] *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Caso já tenhas o Malwarebytes instalado.... *Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações] *Na aba [Verificação], selecione [x] Verificação completa *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
flake21 0 Denunciar post Postado Maio 9, 2011 Segue o relatório: ---------------------------------------- Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 6537 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 09/05/2011 11:09:06 mbam-log-2011-05-09 (11-09-06).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 365364 Tempo decorrido: 47 minuto(s), 50 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 1 Valores de Registro Infectados: 1 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 3 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aspimgr (Trojan.Asprox) -> Quarantined and deleted successfully. Valores de Registro Infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xxsc5 (Trojan.Downloader) -> Quarantined and deleted successfully. Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\vcluplcrt17\msftldr.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\vcluplcrt17\msftldr.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 9, 2011 1. *Faça um scan online com o NOD32 *Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log 2. *Baixe o DDS e salve-o no desktop *Execute-o e salve os relatórios (DDS.txt e Attach.txt) no desktop *Cole o relatório DDS.txt Compartilhar este post Link para o post Compartilhar em outros sites
flake21 0 Denunciar post Postado Maio 11, 2011 Desculpe a demora! Precisei dormir fora ontem! Segue o log do ESET: ----------------------------------------- ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=dbaff7f70b79a2459434b1589cf6e640 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-05-11 07:11:01 # local_time=2011-05-11 04:11:01 (-0300, E. South America Standard Time) # country="Brazil" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1797 16775165 100 94 0 41491599 0 0 # compatibility_mode=5893 16776573 100 94 277457 56631549 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=363706 # found=17 # cleaned=17 # scan_time=13361 C:\Program Files (x86)\Win7codecs\Tools\Settings32.exe Win32/Packed.Autoit.C.Gen application (deleted - quarantined) 00000000000000000000000000000000 C C:\ProgramData\Win7codecs\{5D33C65D-EC8B-4505-B909-34F9BEACD44E}\Win7codecs.msi Win32/Packed.Autoit.C.Gen application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-5a0375f8 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\67ed93d7-751c4967 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Flake21\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41621f19-5baee54d probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Flake21\Desktop\unlocker1.9.0.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows\Installer\2e07a2.msi Win32/Packed.Autoit.C.Gen application (deleted - quarantined) 00000000000000000000000000000000 C D:\Backup GABRIEL\Arquivos\Files\ADownloads\911cd_builder_206rc.exe Rebootpc.B trojan (deleted - quarantined) 00000000000000000000000000000000 C D:\Backup GABRIEL\Arquivos\Files\ADownloads\MsgPlusLive-423.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Backup GABRIEL\Arquivos\Files\ADownloads\Spyhunter20_u133RKD4ud.zip a variant of Win32/HackTool.Patcher.M application (deleted - quarantined) 00000000000000000000000000000000 C D:\Backup GABRIEL\Arquivos\Files\BDownLoad_01Jan06\PurebasicBombJack.zip probably a variant of Win32/Adware.Agent.FAPCBFA application (deleted - quarantined) 00000000000000000000000000000000 C D:\Backup GABRIEL\Arquivos\Files\BDownload_16Aug2005\crack sound forge 8.zip a variant of Win32/Keygen.AQ application (deleted - quarantined) 00000000000000000000000000000000 C D:\Backup GABRIEL\Arquivos\Files\BDownload_16Aug2005\SONY.SOUND.FORGE 8.0 Crack.zip a variant of Win32/Keygen.AQ application (deleted - quarantined) 00000000000000000000000000000000 C H:\Setup Programas\media.player.codec.pack.v3.7.0.setup.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C H:\Setup Programas\MsgPlusLive-481.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C H:\Setup Programas\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C H:\Setup Programas\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials\Adobe Premiere Pro CS3 MultiLanguage.iso a variant of Win32/Keygen.AH application (deleted - quarantined) 00000000000000000000000000000000 C ------------------------------------- Segue o log DDS.txt: . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by Flake21 at 8:43:00,93 on 11/05/2011 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.6135.4175 [GMT -3:00] . AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\AEADISRV.EXE C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\rundll32.exe C:\Windows\vVX1000.exe C:\Program Files (x86)\RAMRush\RAMRush.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe C:\Program Files\ASUS\TweakIt\TWeakIt.exe C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe C:\Program Files (x86)\Razer\DeathAdder\razertra.exe C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe C:\Program Files\ASUS\Ai Suite\CPU Level UpEx\CpuLevelUp.exe C:\Program Files\ASUS\TurboV\TurboV.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Windows\system32\AMBSpiE.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\splwow64.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Flake21\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uWindow Title = uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files (x86)\Softonic_Brasil\tbSoft.dll mURLSearchHooks: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files (x86)\Softonic_Brasil\tbSoft.dll BHO: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files (x86)\Softonic_Brasil\tbSoft.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: IplexToALLPlayer: {df925ef3-7a87-44e4-9caf-8d7b280bf616} - C:\PROGRA~2\OPENSU~1\Iplex\IPLEXT~1.DLL TB: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files (x86)\Softonic_Brasil\tbSoft.dll uRun: [ftweak_RAMRush] C:\Program Files (x86)\RAMRush\RAMRush.exe uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [ALLUpdate] "C:\Program Files (x86)\OpenSubtitlesPlayer\ALLUpdate.exe" "sleep" uRun: [Google Update] "C:\Users\Flake21\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [TweakIt Help] "C:\Program Files\ASUS\TweakIt\TweakIt.exe" -r mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe mRun: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" mRun: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe" mRun: [Cpu Level Up] "C:\Program Files\ASUS\Ai Suite\CPU Level UPEx\CpuLevelUp.exe" -r mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN StartupFolder: C:\Users\Flake21\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - C:\Users\Flake21\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab TCP: {7C932B3A-BE0E-43F8-97FE-A54289BEB6BE} = 200.175.5.139,200.175.89.139 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll TB-X64: {12FC3D37-2A42-4FE3-8489-81296878CBA5} - No File mRun-x64: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry mRun-x64: [VX1000] C:\Windows\vVX1000.exe Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Flake21\AppData\Roaming\Mozilla\Firefox\Profiles\9r4dfnb5.default\ FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - hxxp://www.oglobo.com.br FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ostpl&q= FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Flake21\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/20 05:39:49];C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [2010-1-28 146928] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-4-7 136360] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-4-7 269480] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-3-4 90112] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-4-7 83120] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-3-4 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984] R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-8-24 92008] R3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2010-3-4 12928] R3 MCfilt;MCfilt;C:\Windows\System32\drivers\MCfilt64.sys [2010-3-4 25600] R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-1-17 14440] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-3-4 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-4 79360] S3 CYUSB;Cypress Generic USB Driver;C:\Windows\System32\drivers\CYUSB.sys [2010-3-4 47104] S3 DCamUSBVM;Lenovo Q350 USB PC Camera;C:\Windows\System32\drivers\usbVM31b.sys [2005-9-19 142336] S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2010-3-4 12744] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-2-22 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-22 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-12-14 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-4 1255736] . =============== Created Last 30 ================ . 2011-05-11 03:24:54 -------- d-----w- C:\Program Files (x86)\ESET 2011-05-09 13:19:04 -------- d-----w- C:\Users\Flake21\AppData\Roaming\Malwarebytes 2011-05-09 13:18:53 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-09 13:18:51 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-05-09 13:18:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-05-09 13:18:51 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-05-08 03:13:06 -------- d-----w- C:\PROGRA~3\Kaspersky Lab 2011-05-08 00:21:05 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll 2011-05-08 00:21:04 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll 2011-05-08 00:21:04 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll 2011-05-08 00:21:04 1974616 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll 2011-05-08 00:21:04 1892184 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll 2011-05-08 00:21:04 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2011-05-08 00:21:04 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll 2011-05-08 00:21:04 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-05-06 23:24:02 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{4DF61AEE-7416-4150-A3C1-CB861304E4C7}\mpengine.dll 2011-05-01 21:44:46 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-05-01 21:44:46 2871808 ----a-w- C:\Windows\explorer.exe 2011-05-01 21:44:46 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe 2011-05-01 21:44:45 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-05-01 21:44:44 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-05-01 21:44:44 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-05-01 21:44:42 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-05-01 21:44:42 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2011-05-01 21:44:42 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-05-01 21:44:41 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-05-01 21:44:41 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2011-04-14 06:39:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-04-14 06:39:02 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2011-04-13 02:13:44 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys 2011-04-13 02:13:44 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-04-13 02:13:44 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-04-13 02:13:44 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-04-13 02:13:43 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe . ==================== Find3M ==================== . 2011-04-20 04:06:54 266400 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-04-20 04:06:54 266400 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-04-20 04:05:46 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys 2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys 2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys 2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys 2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys 2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys 2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll 2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe 2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll 2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll 2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe 2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll 2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe 2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe 2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys 2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-02-22 21:36:07 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-02-22 21:36:07 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll 2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-02-18 10:51:16 31232 ----a-w- C:\Windows\System32\prevhost.exe 2011-02-18 05:39:44 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe . ============= FINISH: 8:43:27,83 =============== Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 11, 2011 OK...o log está limpo. Delete o RSIT e a pasta C:\rsit. Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
flake21 0 Denunciar post Postado Maio 11, 2011 RSIT?! Não encontro a pasta C:\rsit Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 11, 2011 RSIT?! Não encontro a pasta C:\rsit Desulpe...engano no programa usado. :) Delete o DDS e seus relatórios. O log está limpo. Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
