nozyeg20 0 Denunciar post Postado Outubro 7, 2011 Olá pessoal, gostaria de obter uma ajuda referente a uma invasão de um virus no meu PC. O PC está normal, mas quando entro na internet e tento acessar o site da UOL aparece outra página com o mesmo endereço e com o nome HOME. O que devo fazer? obrigado, bom dia!!! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Outubro 7, 2011 Olá nozyeg20 Leia a regra no2 do fórum. Compartilhar este post Link para o post Compartilhar em outros sites
nozyeg20 0 Denunciar post Postado Outubro 8, 2011 Logfile of HijackThis v1.99.1 Scan saved at 20:59:16, on 07/10/2011 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\USB Disk Security\USBGuard.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\GEISON\Downloads\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [uSB Antivirus] C:\Program Files\USB Disk Security\RunUSBGuard.exe O4 - HKLM\..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Outubro 8, 2011 *Baixe o RSIT e salve-o no desktop *Execute-o, clique [Continue] e cole o relatório C:\rsit\log.txt Compartilhar este post Link para o post Compartilhar em outros sites
nozyeg20 0 Denunciar post Postado Outubro 8, 2011 Logfile of random's system information tool 1.09 (written by random/random) Run by GEISON at 2011-10-08 14:53:49 Microsoft Windows 7 Ultimate System drive C: has 60 GB (79%) free of 76 GB Total RAM: 3062 MB (67% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:54:08, on 08/10/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\vsnpstd3.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\USB Disk Security\USBGuard.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\GEISON\Downloads\RSITx32.exe C:\Program Files\trend micro\GEISON.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [uSB Antivirus] C:\Program Files\USB Disk Security\RunUSBGuard.exe O4 - HKLM\..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe -- End of file - 5349 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}] StartNow Toolbar Helper - C:\Program Files\StartNow Toolbar\Toolbar32.dll [2011-07-27 502272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Auxiliar de Conexão do Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {5911488E-9D1E-40ec-8CBB-06B231CC153F} - StartNow Toolbar - C:\Program Files\StartNow Toolbar\Toolbar32.dll [2011-07-27 502272] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920] "USB Antivirus"=C:\Program Files\USB Disk Security\RunUSBGuard.exe [2010-06-04 91040] "StartNowToolbarHelper"=C:\Program Files\StartNow Toolbar\ToolbarHelper.exe [] "avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416] "snpstd3"=C:\Windows\vsnpstd3.exe [2005-09-05 339968] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "msacm.siren"=sirenacm.dll "msacm.l3fhg"=mp3fhg.acm "VIDC.XVID"=xvidvfw.dll "VIDC.YV12"=yv12vfw.dll "msacm.ac3acm"=ac3acm.acm "VIDC.FFDS"=ff_vfw.dll "MSVideo8"=VfWWDM32.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2011-10-08 14:53:50 ----D---- C:\Program Files\trend micro 2011-10-08 14:53:49 ----D---- C:\rsit 2011-10-07 21:43:56 ----D---- C:\Program Files\Common Files\InstallShield 2011-10-07 13:57:59 ----N---- C:\Windows\system32\MpSigStub.exe 2011-10-07 13:37:26 ----D---- C:\Users\GEISON\AppData\Roaming\Media Player Classic 2011-10-05 16:03:37 ----D---- C:\Users\GEISON\AppData\Roaming\Macromedia 2011-10-05 16:03:37 ----D---- C:\Users\GEISON\AppData\Roaming\Adobe 2011-10-05 16:03:32 ----D---- C:\Windows\system32\Macromed 2011-10-05 12:57:24 ----D---- C:\Program Files\Google 2011-10-05 12:57:22 ----A---- C:\Windows\system32\drivers\aswSP.sys 2011-10-05 12:57:22 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys 2011-10-05 12:57:20 ----A---- C:\Windows\system32\drivers\aswTdi.sys 2011-10-05 12:57:20 ----A---- C:\Windows\system32\drivers\aswRdr.sys 2011-10-05 12:57:19 ----A---- C:\Windows\system32\drivers\aswSnx.sys 2011-10-05 12:57:17 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys 2011-10-05 12:56:33 ----A---- C:\Windows\system32\aswBoot.exe 2011-10-05 12:56:33 ----A---- C:\Windows\avastSS.scr 2011-10-05 12:56:28 ----D---- C:\ProgramData\AVAST Software 2011-10-05 12:56:28 ----D---- C:\Program Files\AVAST Software 2011-10-05 12:55:43 ----D---- C:\Program Files\StartNow Toolbar 2011-10-05 12:55:26 ----A---- C:\Windows\system32\unrar.dll 2011-10-05 12:55:25 ----A---- C:\Windows\avisplitter.ini 2011-10-05 12:55:23 ----A---- C:\Windows\system32\yv12vfw.dll 2011-10-05 12:55:23 ----A---- C:\Windows\system32\xvidvfw.dll 2011-10-05 12:55:23 ----A---- C:\Windows\system32\xvidcore.dll 2011-10-05 12:55:22 ----A---- C:\Windows\system32\ff_vfw.dll 2011-10-05 12:55:16 ----D---- C:\Program Files\K-Lite Codec Pack 2011-10-05 12:54:31 ----D---- C:\ProgramData\Zbshareware Lab 2011-10-05 12:54:20 ----D---- C:\Program Files\USB Disk Security 2011-10-05 12:53:25 ----D---- C:\Program Files\Common Files\Adobe 2011-10-05 12:53:25 ----D---- C:\Program Files\Adobe ======List of files/folders modified in the last 1 month====== 2011-10-08 14:53:57 ----D---- C:\Windows\Temp 2011-10-08 14:53:50 ----RD---- C:\Program Files 2011-10-08 14:30:45 ----D---- C:\Windows\System32 2011-10-08 14:30:45 ----D---- C:\Windows\inf 2011-10-08 14:30:45 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-10-08 14:27:23 ----D---- C:\Windows\system32\wdi 2011-10-07 22:02:35 ----D---- C:\Windows\winsxs 2011-10-07 21:55:06 ----D---- C:\Windows\twain_32 2011-10-07 21:55:04 ----D---- C:\Windows\system32\drivers 2011-10-07 21:55:04 ----D---- C:\Windows 2011-10-07 21:55:02 ----D---- C:\Windows\system32\catroot 2011-10-07 21:55:01 ----D---- C:\Windows\system32\DriverStore 2011-10-07 21:52:09 ----D---- C:\Windows\system32\config 2011-10-07 21:49:36 ----D---- C:\Program Files\Common Files 2011-10-07 21:48:26 ----SHD---- C:\System Volume Information 2011-10-07 21:45:00 ----D---- C:\Windows\system32\Tasks 2011-10-07 21:43:56 ----SD---- C:\Users\GEISON\AppData\Roaming\Microsoft 2011-10-07 14:05:40 ----D---- C:\Windows\system32\drivers\etc 2011-10-07 14:04:52 ----D---- C:\Windows\system32\NDF 2011-10-07 13:44:48 ----D---- C:\Program Files\Internet Explorer 2011-10-07 13:31:28 ----D---- C:\Windows\Tasks 2011-10-07 13:31:28 ----D---- C:\Windows\system32\wfp 2011-10-07 13:31:25 ----D---- C:\Windows\system32\wbem 2011-10-07 13:30:41 ----D---- C:\Windows\system32\drivers\UMDF 2011-10-07 13:30:41 ----D---- C:\Windows\system32\catroot2 2011-10-07 13:30:40 ----D---- C:\Windows\security 2011-10-07 13:30:38 ----HD---- C:\ProgramData 2011-10-07 13:30:31 ----D---- C:\Windows\registration 2011-10-07 13:27:49 ----D---- C:\Windows\Logs 2011-10-07 09:15:47 ----D---- C:\Windows\system32\LogFiles 2011-10-07 07:02:14 ----D---- C:\Windows\Prefetch 2011-10-06 17:53:30 ----D---- C:\Windows\debug 2011-10-05 16:03:37 ----D---- C:\Windows\Downloaded Program Files 2011-10-05 13:48:34 ----D---- C:\Windows\SoftwareDistribution 2011-10-05 13:02:46 ----SHD---- C:\Windows\Installer 2011-10-05 12:56:43 ----D---- C:\Program Files\Common Files\microsoft shared 2011-10-05 12:53:28 ----D---- C:\ProgramData\Adobe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 173648] R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-09-06 34392] R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-09-06 442200] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-09-06 320856] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-09-06 52568] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-13 387584] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-09-06 20568] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616] R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12368] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-13 133120] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304] S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\Windows\system32\DRIVERS\snpstd3.sys [2005-10-13 8701824] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-13 28224] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-13 175824] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992] R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar; C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe [2011-07-27 267488] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-05 136176] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992] S3 gupdatem;Serviço do Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-05 136176] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2009-07-25 1343400] -----------------EOF----------------- Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Outubro 8, 2011 1. *Delete o RSIT e a pasta C:\rsit 2. *Desinstale StartNow Toolbar 3. *Baixe e instale o MalwareBytes *Aguarde a atualização e o programa será aberto automaticamente *Na aba [Verificação], selecione [Verificação completa] *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado e novo log do hijack Caso já tenhas o Malwarebytes instalado.... *Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações] *Na aba [Verificação], selecione Verificação completa *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado e novo log do hijack Informe se resolveu. Compartilhar este post Link para o post Compartilhar em outros sites
nozyeg20 0 Denunciar post Postado Outubro 8, 2011 Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 218102 Tempo decorrido: 1 hora(s), 13 minuto(s), 18 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 1 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\Users\GEISON\AppData\Local\Temp\Rar$EX00.875\removewat v2.2.5.exe (HackTool.Wpakill) -> Quarantined and deleted successfully. * * * * * Logfile of HijackThis v1.99.1 Scan saved at 18:01:32, on 08/10/2011 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\vsnpstd3.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\USB Disk Security\USBGuard.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\GEISON\Downloads\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (file missing) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [uSB Antivirus] C:\Program Files\USB Disk Security\RunUSBGuard.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Outubro 8, 2011 Informe se o problema persiste. Caso positivo, cole uma screen da página. Compartilhar este post Link para o post Compartilhar em outros sites
nozyeg20 0 Denunciar post Postado Outubro 9, 2011 como faço pra colocar a pagina da web no site. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Outubro 9, 2011 *Baixe o OTS e salve-o no desktop *Execute-o e selecione as opções: Scan All Users Company Name Skip Microsoft *Em Additional Scans selecione: Reg - IE Explorer Bars Reg - NetSvcs File - Lop Check File - Purity Scan *Selecione, copie, e cole o código no espaço abaixo de Custom Scans: %ALLUSERSPROFILE%\*.* %ALLUSERSPROFILE%\Dados de aplicativos\* %ALLUSERSPROFILE%\Dados de aplicativos\*.* %ALLUSERSPROFILE%\documentos\*.* %ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\*.* %APPDATA%\* %APPDATA%\*.* %LOCALAPPDATA%\*.* %PROGRAMFILES(X86)%\Internet Explorer\*.* %SYSTEMDRIVE%\* %SYSTEMDRIVE%\*.* CREATERESTOREPOINT *Clique [Run Scan] *Cole o relatório apresentado Caso o relatório fique demasiadamente grande... *Acesse este link *Selecione 4 jours *Clique [Enviar arquivo] *Localize o arquivo OTS.txt no desktop *Clique [Abrir] > [Créer le lien Cjoint] *Cole o endereço criado Compartilhar este post Link para o post Compartilhar em outros sites
nozyeg20 0 Denunciar post Postado Outubro 9, 2011 OTS logfile created on: 09/10/2011 20:23:26 - Run 1 OTS by OldTimer - Version 3.1.44.6 Folder = C:\Users\GEISON\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,43 Gb Total Space | 56,70 Gb Free Space | 76,18% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GEISON-PC Current User Name: GEISON Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\GEISON\Desktop\OTS.exe -> [2011/10/09 20:20:13 | 000,646,656 | ---- | M] (OldTimer Tools) avastui.exe -> C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe -> [2011/09/06 17:45:30 | 003,722,416 | ---- | M] (AVAST Software) mbamgui.exe -> C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamgui.exe -> [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) usbguard.exe -> C:\Arquivos de Programas\USB Disk Security\USBGuard.exe -> [2010/06/05 09:33:04 | 000,824,224 | ---- | M] (Zbshareware Lab) msnmsgr.exe -> C:\Arquivos de Programas\Windows Live\Messenger\msnmsgr.exe -> [2010/04/16 22:12:18 | 003,872,080 | ---- | M] (Microsoft Corporation) wlcomm.exe -> C:\Arquivos de Programas\Windows Live\Contacts\wlcomm.exe -> [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) iexplore.exe -> C:\Arquivos de Programas\Internet Explorer\iexplore.exe -> [2009/07/13 22:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) taskhost.exe -> C:\Windows\System32\taskhost.exe -> [2009/07/13 22:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) explorer.exe -> C:\Windows\explorer.exe -> [2009/07/13 22:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) fixcamera.exe -> C:\Windows\FixCamera.exe -> [2007/07/11 16:09:48 | 000,020,480 | ---- | M] () vsnp325.exe -> C:\Windows\vsnp325.exe -> [2007/05/10 13:18:10 | 000,835,584 | ---- | M] () tsnp325.exe -> C:\Windows\tsnp325.exe -> [2007/04/21 09:36:50 | 000,270,336 | ---- | M] () groovemonitor.exe -> C:\Arquivos de Programas\Microsoft Office\Office12\GrooveMonitor.exe -> [2006/10/27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) vsnpstd3.exe -> C:\Windows\vsnpstd3.exe -> [2005/09/05 22:55:08 | 000,339,968 | ---- | M] () [Modules - No Company Name] fixcamera.exe -> C:\Windows\FixCamera.exe -> [2007/07/11 16:09:48 | 000,020,480 | ---- | M] () vsnp325.exe -> C:\Windows\vsnp325.exe -> [2007/05/10 13:18:10 | 000,835,584 | ---- | M] () tsnp325.exe -> C:\Windows\tsnp325.exe -> [2007/04/21 09:36:50 | 000,270,336 | ---- | M] () vsnpstd3.exe -> C:\Windows\vsnpstd3.exe -> [2005/09/05 22:55:08 | 000,339,968 | ---- | M] () [Win32 Services - Safe List] (avast! Antivirus) avast! Antivirus [Auto | Running] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/09/06 17:45:28 | 000,044,768 | ---- | M] (AVAST Software) (MBAMService) MBAMService [Auto | Running] -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) (Updater Service for StartNow Toolbar) Updater Service for StartNow Toolbar [Auto | Running] -> C:\Arquivos de Programas\StartNow Toolbar\ToolbarUpdaterService.exe -> [2011/07/27 08:06:44 | 000,267,488 | ---- | M] () (AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) (WatAdminSvc) WatAdminSvc [unknown | Stopped] -> C:\Windows\System32\Wat\WatAdminSvc.exe -> [2009/07/25 15:21:27 | 001,343,400 | ---- | M] () (SensrSvc) Brilho Adaptável [On_Demand | Stopped] -> C:\Windows\System32\sensrsvc.dll -> [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) (PeerDistSvc) BranchCache [On_Demand | Stopped] -> C:\Windows\System32\PeerDistSvc.dll -> [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) (WinDefend) Windows Defender [Auto | Running] -> C:\Arquivos de Programas\Windows Defender\MpSvc.dll -> [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (aswSnx) aswSnx [File_System | System | Running] -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/09/06 17:38:05 | 000,442,200 | ---- | M] (AVAST Software) (aswSP) aswSP [Kernel | System | Running] -> C:\Windows\System32\drivers\aswSP.sys -> [2011/09/06 17:37:53 | 000,320,856 | ---- | M] (AVAST Software) (aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\System32\drivers\aswRdr.sys -> [2011/09/06 17:36:38 | 000,034,392 | ---- | M] (AVAST Software) (aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\Windows\System32\drivers\aswTdi.sys -> [2011/09/06 17:36:36 | 000,052,568 | ---- | M] (AVAST Software) (aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2011/09/06 17:36:26 | 000,054,616 | ---- | M] (AVAST Software) (aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2011/09/06 17:36:12 | 000,020,568 | ---- | M] (AVAST Software) (MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\Windows\System32\drivers\mbam.sys -> [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) (vmbus) Barramento da Máquina Virtual [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vmbus.sys -> [2009/07/13 22:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) (storflt) Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\vmstorfl.sys -> [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) (storvsc) storvsc [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\storvsc.sys -> [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) (s3cap) s3cap [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vms3cap.sys -> [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) (VMBusHID) VMBusHID [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\VMBusHID.sys -> [2009/07/13 20:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) (SNP325) USB PC Camera (SNPSTD325) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\snp325.sys -> [2007/08/20 15:28:10 | 010,384,896 | ---- | M] (Sonix Co. Ltd.) (SNPSTD3) USB PC Camera (SNPSTD3) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\snpstd3.sys -> [2005/10/13 17:19:12 | 008,701,824 | ---- | M] () [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> < Internet Explorer Settings [HKEY_USERS\##aswSnx private storage\] > -> -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2263132657-3128416693-2819538461-1000\] > -> -> HKEY_USERS\S-1-5-21-2263132657-3128416693-2819538461-1000\: Main\\"Start Page" -> http://www.google.com.br/ -> HKEY_USERS\S-1-5-21-2263132657-3128416693-2819538461-1000\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Users\GEISON\AppData\Roaming\Mozilla\FireFox\Profiles\wbj9hujd.default\prefs.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com -> C:\Arquivos de Programas\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2011/10/07 13:32:00 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components -> C:\Arquivos de Programas\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/10/09 13:41:44 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS -> < FireFox Extensions [user Folders] > -> -> C:\Users\GEISON\AppData\Roaming\mozilla\Extensions -> [2011/10/09 13:42:04 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Arquivos de Programas\Mozilla Firefox\extensions -> [2011/10/09 13:41:43 | 000,000,000 | ---D | M] No name found -> C:\USERS\GEISON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBJ9HUJD.DEFAULT\EXTENSIONS\{} -> File not found < HOSTS File > ([2009/06/10 18:39:37 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\System32\drivers\etc\hosts -> Reset Hosts < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {6E13D095-45C3-4271-9475-F3B48227DD9F} [HKLM] -> [startNow Toolbar Helper] -> File not found {72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2006/10/27 00:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation) {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/09/06 17:45:26 | 000,806,456 | ---- | M] (AVAST Software) {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Auxiliar de Conexão do Windows Live] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{5911488E-9D1E-40ec-8CBB-06B231CC153F}" [HKLM] -> [startNow Toolbar] -> File not found "{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/09/06 17:45:26 | 000,806,456 | ---- | M] (AVAST Software) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2011/09/06 17:45:30 | 003,722,416 | ---- | M] (AVAST Software) "FixCamera" -> C:\Windows\FixCamera.exe [C:\Windows\FixCamera.exe] -> [2007/07/11 16:09:48 | 000,020,480 | ---- | M] () "Malwarebytes' Anti-Malware" -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) "snp325" -> C:\Windows\vsnp325.exe [C:\Windows\vsnp325.exe] -> [2007/05/10 13:18:10 | 000,835,584 | ---- | M] () "snpstd3" -> C:\Windows\vsnpstd3.exe [C:\Windows\vsnpstd3.exe] -> [2005/09/05 22:55:08 | 000,339,968 | ---- | M] () "tsnp325" -> C:\Windows\tsnp325.exe [C:\Windows\tsnp325.exe] -> [2007/04/21 09:36:50 | 000,270,336 | ---- | M] () "USB Antivirus" -> C:\Arquivos de Programas\USB Disk Security\RunUSBGuard.exe [C:\Program Files\USB Disk Security\RunUSBGuard.exe] -> [2010/06/04 17:31:02 | 000,091,040 | ---- | M] (Zbshareware Lab) < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> C:\Windows\System32\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> [2009/07/13 22:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> C:\Windows\System32\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> [2009/07/13 22:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation) < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [0] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found \\"EnableLUA" -> [0] -> File not found \\"PromptOnSecureDesktop" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2263132657-3128416693-2819538461-1000\] > -> HKEY_USERS\S-1-5-21-2263132657-3128416693-2819538461-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xportar para o Microsoft Excel -> C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2006/10/27 15:07:36 | 017,891,112 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll [button: Enviar para o OneNote] -> [2006/10/26 20:32:42 | 000,604,000 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll [Menu: &Enviar para o OneNote] -> [2006/10/26 20:32:42 | 000,604,000 | ---- | M] (Microsoft Corporation) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL [button: Research] -> [2006/10/26 20:12:22 | 000,040,424 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\##aswSnx private storage\] > -> HKEY_USERS\##aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\##aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\##aswSnx private storage\] > -> HKEY_USERS\##aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\##aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2263132657-3128416693-2819538461-1000\] > -> HKEY_USERS\S-1-5-21-2263132657-3128416693-2819538461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2263132657-3128416693-2819538461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2263132657-3128416693-2819538461-1000\] > -> HKEY_USERS\S-1-5-21-2263132657-3128416693-2819538461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2263132657-3128416693-2819538461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [shockwave Flash Object] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 69.60.118.55 69.60.118.55 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {0169BCB3-C23A-4622-8CEE-0A8903531EB1}\\DhcpNameServer -> 69.60.118.55 69.60.118.55 (NIC Fast Ethernet PCI-E Realtek Família RTL8101E (NDIS 6.20)) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009/07/13 22:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\Windows\system32\userinit.exe -> C:\Windows\System32\userinit.exe -> [2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\System32\SystemPropertiesPerformance.exe -> [2009/07/13 22:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2006/10/27 00:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> Driver de CD-ROM -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> FastUserSwitchingCompatibility -> -> File not found Ias -> C:\Windows\System32\ias.dll -> [2009/07/13 22:15:26 | 000,019,456 | ---- | M] (Microsoft Corporation) Nla -> -> File not found Ntmssvc -> -> File not found NWCWorkstation -> -> File not found Nwsapagent -> -> File not found SRService -> -> File not found WmdmPmSp -> -> File not found LogonHours -> -> File not found PCAudit -> -> File not found helpsvc -> -> File not found uploadmgr -> -> File not found *MultiFile Done* -> -> [Files/Folders - Created Within 30 Days] 325 USB PC Camera -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\325 USB PC Camera -> File not found OTS.exe -> C:\Users\GEISON\Desktop\OTS.exe -> [2011/10/09 20:19:52 | 000,646,656 | ---- | C] (OldTimer Tools) Mozilla -> C:\Users\GEISON\AppData\Roaming\Mozilla -> [2011/10/09 13:41:54 | 000,000,000 | ---D | C] Mozilla -> C:\Users\GEISON\AppData\Local\Mozilla -> [2011/10/09 13:41:54 | 000,000,000 | ---D | C] Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2011/10/09 13:41:40 | 000,000,000 | ---D | C] iCam -> C:\Program Files\iCam -> [2011/10/09 12:54:30 | 000,000,000 | ---D | C] VideoPower -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPower -> [2011/10/09 12:54:27 | 000,000,000 | ---D | C] snp325.sys -> C:\Windows\System32\drivers\snp325.sys -> [2011/10/09 12:48:35 | 010,384,896 | ---- | C] (Sonix Co. Ltd.) vsnp325.dll -> C:\Windows\System32\vsnp325.dll -> [2011/10/09 12:48:35 | 000,057,344 | ---- | C] ( ) csnp325.dll -> C:\Windows\System32\csnp325.dll -> [2011/10/09 12:48:35 | 000,053,248 | ---- | C] ( ) rsnp325.dll -> C:\Windows\System32\rsnp325.dll -> [2011/10/09 12:48:34 | 000,147,456 | ---- | C] ( ) snp325 -> C:\Program Files\Common Files\snp325 -> [2011/10/09 12:48:34 | 000,000,000 | ---D | C] InstallShield -> C:\Users\GEISON\AppData\Roaming\InstallShield -> [2011/10/09 12:47:45 | 000,000,000 | ---D | C] InstallShield Installation Information -> C:\Program Files\InstallShield Installation Information -> [2011/10/08 17:14:48 | 000,000,000 | -H-D | C] Malwarebytes -> C:\Users\GEISON\AppData\Roaming\Malwarebytes -> [2011/10/08 16:41:09 | 000,000,000 | ---D | C] Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/10/08 16:40:58 | 000,000,000 | ---D | C] Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/10/08 16:40:56 | 000,000,000 | ---D | C] mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/10/08 16:40:51 | 000,022,216 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/10/08 16:40:51 | 000,000,000 | ---D | C] trend micro -> C:\Program Files\trend micro -> [2011/10/08 14:53:50 | 000,000,000 | ---D | C] rsit -> C:\rsit -> [2011/10/08 14:53:49 | 000,000,000 | ---D | C] InstallShield -> C:\Program Files\Common Files\InstallShield -> [2011/10/07 21:43:56 | 000,000,000 | ---D | C] ElevatedDiagnostics -> C:\Users\GEISON\AppData\Local\ElevatedDiagnostics -> [2011/10/07 14:05:01 | 000,000,000 | ---D | C] Media Player Classic -> C:\Users\GEISON\AppData\Roaming\Media Player Classic -> [2011/10/07 13:37:26 | 000,000,000 | ---D | C] Adobe -> C:\Users\GEISON\AppData\Local\Adobe -> [2011/10/06 17:47:28 | 000,000,000 | ---D | C] Macromedia -> C:\Users\GEISON\AppData\Roaming\Macromedia -> [2011/10/05 16:03:37 | 000,000,000 | ---D | C] Adobe -> C:\Users\GEISON\AppData\Roaming\Adobe -> [2011/10/05 16:03:37 | 000,000,000 | ---D | C] Macromed -> C:\Windows\System32\Macromed -> [2011/10/05 16:03:32 | 000,000,000 | ---D | C] Google -> C:\Users\GEISON\AppData\Local\Google -> [2011/10/05 12:57:24 | 000,000,000 | ---D | C] Google -> C:\Program Files\Google -> [2011/10/05 12:57:24 | 000,000,000 | ---D | C] avast! Free Antivirus -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus -> [2011/10/05 12:57:23 | 000,000,000 | ---D | C] aswSP.sys -> C:\Windows\System32\drivers\aswSP.sys -> [2011/10/05 12:57:22 | 000,320,856 | ---- | C] (AVAST Software) aswFsBlk.sys -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2011/10/05 12:57:22 | 000,020,568 | ---- | C] (AVAST Software) aswTdi.sys -> C:\Windows\System32\drivers\aswTdi.sys -> [2011/10/05 12:57:20 | 000,052,568 | ---- | C] (AVAST Software) aswRdr.sys -> C:\Windows\System32\drivers\aswRdr.sys -> [2011/10/05 12:57:20 | 000,034,392 | ---- | C] (AVAST Software) aswSnx.sys -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/10/05 12:57:19 | 000,442,200 | ---- | C] (AVAST Software) aswMonFlt.sys -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2011/10/05 12:57:17 | 000,054,616 | ---- | C] (AVAST Software) aswBoot.exe -> C:\Windows\System32\aswBoot.exe -> [2011/10/05 12:56:33 | 000,199,304 | ---- | C] (AVAST Software) avastSS.scr -> C:\Windows\avastSS.scr -> [2011/10/05 12:56:33 | 000,041,184 | ---- | C] (AVAST Software) AVAST Software -> C:\ProgramData\AVAST Software -> [2011/10/05 12:56:28 | 000,000,000 | ---D | C] AVAST Software -> C:\Program Files\AVAST Software -> [2011/10/05 12:56:28 | 000,000,000 | ---D | C] StartNow Toolbar -> C:\Program Files\StartNow Toolbar -> [2011/10/05 12:55:43 | 000,000,000 | ---D | C] K-Lite Codec Pack -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack -> [2011/10/05 12:55:27 | 000,000,000 | ---D | C] yv12vfw.dll -> C:\Windows\System32\yv12vfw.dll -> [2011/10/05 12:55:23 | 000,237,568 | ---- | C] (www.helixcommunity.org) ac3acm.acm -> C:\Windows\System32\ac3acm.acm -> [2011/10/05 12:55:23 | 000,151,552 | ---- | C] (fccHandler) K-Lite Codec Pack -> C:\Program Files\K-Lite Codec Pack -> [2011/10/05 12:55:16 | 000,000,000 | ---D | C] Zbshareware Lab -> C:\ProgramData\Zbshareware Lab -> [2011/10/05 12:54:31 | 000,000,000 | ---D | C] USB Disk Security -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security -> [2011/10/05 12:54:21 | 000,000,000 | ---D | C] USB Disk Security -> C:\Program Files\USB Disk Security -> [2011/10/05 12:54:20 | 000,000,000 | ---D | C] Adobe -> C:\Program Files\Common Files\Adobe -> [2011/10/05 12:53:25 | 000,000,000 | ---D | C] Adobe -> C:\Program Files\Adobe -> [2011/10/05 12:53:25 | 000,000,000 | ---D | C] vsnpstd3.dll -> C:\Windows\System32\vsnpstd3.dll -> [2005/09/13 00:45:06 | 000,053,248 | ---- | C] ( ) csnpstd3.dll -> C:\Windows\System32\csnpstd3.dll -> [2004/02/16 20:59:52 | 000,061,440 | ---- | C] ( ) [Files/Folders - Modified Within 30 Days] OTS.exe -> C:\Users\GEISON\Desktop\OTS.exe -> [2011/10/09 20:20:13 | 000,646,656 | ---- | M] (OldTimer Tools) prfh0416.dat -> C:\Windows\System32\prfh0416.dat -> [2011/10/09 20:07:46 | 000,657,176 | ---- | M] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/10/09 20:07:46 | 000,609,896 | ---- | M] () prfc0416.dat -> C:\Windows\System32\prfc0416.dat -> [2011/10/09 20:07:46 | 000,125,568 | ---- | M] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/10/09 20:07:46 | 000,104,214 | ---- | M] () GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/10/09 20:07:07 | 000,001,056 | ---- | M] () GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/10/09 20:04:13 | 000,001,052 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2011/10/09 20:03:07 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2011/10/09 20:03:01 | 2408,243,200 | -HS- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/10/09 14:18:08 | 000,009,584 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/10/09 14:18:08 | 000,009,584 | -H-- | M] () Mozilla Firefox.lnk -> C:\Users\Public\Desktop\Mozilla Firefox.lnk -> [2011/10/09 13:41:46 | 000,001,100 | ---- | M] () VideoPower.lnk -> C:\Users\Public\Desktop\VideoPower.lnk -> [2011/10/09 12:54:30 | 000,000,736 | ---- | M] () OgAAAIvJYVzAuh6KVqojq6qMy7KqA951dM6Wv3bJIZU2YyTREAVXdSSgk-bMn62wduSsLJQDgglQ7zaSakM-XgDro0oAm1T1UAuzUOKHnnFAzU_UuamCy3jHXttO.jpg -> C:\Users\GEISON\Documents\OgAAAIvJYVzAuh6KVqojq6qMy7KqA951dM6Wv3bJIZU2YyTREAVXdSSgk-bMn62wduSsLJQDgglQ7zaSakM-XgDro0oAm1T1UAuzUOKHnnFAzU_UuamCy3jHXttO.jpg -> [2011/10/08 17:33:25 | 000,111,320 | -H-- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/10/08 16:40:59 | 000,001,071 | ---- | M] () avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/10/07 13:36:28 | 000,001,922 | ---- | M] () config.nt -> C:\Windows\System32\config.nt -> [2011/10/07 13:36:18 | 000,002,577 | ---- | M] () Foto-0028.jpg -> C:\Users\GEISON\Documents\Foto-0028.jpg -> [2011/10/07 09:00:16 | 000,103,210 | ---- | M] () Photo-0010.jpg -> C:\Users\GEISON\Documents\Photo-0010.jpg -> [2011/10/07 08:58:58 | 000,138,854 | -H-- | M] () Foto-0010.jpg -> C:\Users\GEISON\Documents\Foto-0010.jpg -> [2011/10/07 08:57:43 | 000,123,063 | ---- | M] () (R)Foto-0008.jpg -> C:\Users\GEISON\Documents\(R)Foto-0008.jpg -> [2011/10/07 08:57:36 | 000,127,097 | ---- | M] () [Files - No Company Name] Mozilla Firefox.lnk -> C:\Users\Public\Desktop\Mozilla Firefox.lnk -> [2011/10/09 13:41:46 | 000,001,100 | ---- | C] () Mozilla Firefox.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> [2011/10/09 13:41:45 | 000,001,112 | ---- | C] () VideoPower.lnk -> C:\Users\Public\Desktop\VideoPower.lnk -> [2011/10/09 12:54:30 | 000,000,736 | ---- | C] () FixCamera.exe -> C:\Windows\FixCamera.exe -> [2011/10/09 12:48:44 | 000,020,480 | ---- | C] () vsnp325.exe -> C:\Windows\vsnp325.exe -> [2011/10/09 12:48:39 | 000,835,584 | ---- | C] () tsnp325.exe -> C:\Windows\tsnp325.exe -> [2011/10/09 12:48:38 | 000,270,336 | ---- | C] () snp325.src -> C:\Windows\snp325.src -> [2011/10/09 12:48:38 | 000,013,023 | ---- | C] () snp325.ini -> C:\Windows\snp325.ini -> [2011/10/09 12:48:37 | 000,015,498 | ---- | C] () OgAAAIvJYVzAuh6KVqojq6qMy7KqA951dM6Wv3bJIZU2YyTREAVXdSSgk-bMn62wduSsLJQDgglQ7zaSakM-XgDro0oAm1T1UAuzUOKHnnFAzU_UuamCy3jHXttO.jpg -> C:\Users\GEISON\Documents\OgAAAIvJYVzAuh6KVqojq6qMy7KqA951dM6Wv3bJIZU2YyTREAVXdSSgk-bMn62wduSsLJQDgglQ7zaSakM-XgDro0oAm1T1UAuzUOKHnnFAzU_UuamCy3jHXttO.jpg -> [2011/10/08 17:33:22 | 000,111,320 | -H-- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/10/08 16:40:59 | 000,001,071 | ---- | C] () avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/10/07 13:36:28 | 000,001,922 | ---- | C] () Photo-0010.jpg -> C:\Users\GEISON\Documents\Photo-0010.jpg -> [2011/10/07 08:58:51 | 000,138,854 | -H-- | C] () Foto-0028.jpg -> C:\Users\GEISON\Documents\Foto-0028.jpg -> [2011/10/07 08:57:43 | 000,103,210 | ---- | C] () Foto-0010.jpg -> C:\Users\GEISON\Documents\Foto-0010.jpg -> [2011/10/07 08:57:37 | 000,123,063 | ---- | C] () (R)Foto-0008.jpg -> C:\Users\GEISON\Documents\(R)Foto-0008.jpg -> [2011/10/07 08:57:30 | 000,127,097 | ---- | C] () GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/10/05 12:57:33 | 000,001,056 | ---- | C] () GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/10/05 12:57:31 | 000,001,052 | ---- | C] () unrar.dll -> C:\Windows\System32\unrar.dll -> [2011/10/05 12:55:26 | 000,175,616 | ---- | C] () avisplitter.ini -> C:\Windows\avisplitter.ini -> [2011/10/05 12:55:25 | 000,000,038 | ---- | C] () xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2011/10/05 12:55:23 | 000,650,752 | ---- | C] () xvidvfw.dll -> C:\Windows\System32\xvidvfw.dll -> [2011/10/05 12:55:23 | 000,243,200 | ---- | C] () ff_vfw.dll -> C:\Windows\System32\ff_vfw.dll -> [2011/10/05 12:55:22 | 000,074,752 | ---- | C] () Adobe Reader X.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> [2011/10/05 12:53:32 | 000,002,441 | ---- | C] () prfh0416.dat -> C:\Windows\System32\prfh0416.dat -> [2009/07/17 15:48:25 | 000,657,176 | ---- | C] () prfi0416.dat -> C:\Windows\System32\prfi0416.dat -> [2009/07/17 15:48:25 | 000,323,154 | ---- | C] () prfc0416.dat -> C:\Windows\System32\prfc0416.dat -> [2009/07/17 15:48:25 | 000,125,568 | ---- | C] () prfd0416.dat -> C:\Windows\System32\prfd0416.dat -> [2009/07/17 15:48:25 | 000,038,536 | ---- | C] () bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 01:57:37 | 000,067,584 | --S- | C] () FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2009/07/14 01:33:53 | 000,413,368 | ---- | C] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/07/13 23:05:48 | 000,609,896 | ---- | C] () perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2009/07/13 23:05:48 | 000,291,294 | ---- | C] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/07/13 23:05:48 | 000,104,214 | ---- | C] () perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2009/07/13 23:05:48 | 000,031,548 | ---- | C] () NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2009/07/13 23:05:05 | 000,000,741 | ---- | C] () dssec.dat -> C:\Windows\System32\dssec.dat -> [2009/07/13 23:04:11 | 000,215,943 | ---- | C] () PrintBrmUi.exe -> C:\Windows\System32\PrintBrmUi.exe -> [2009/07/13 21:19:49 | 000,066,048 | ---- | C] () mib.bin -> C:\Windows\mib.bin -> [2009/07/13 20:55:01 | 000,043,131 | ---- | C] () BthpanContextHandler.dll -> C:\Windows\System32\BthpanContextHandler.dll -> [2009/07/13 20:51:43 | 000,073,728 | ---- | C] () BWContextHandler.dll -> C:\Windows\System32\BWContextHandler.dll -> [2009/07/13 20:42:10 | 000,064,000 | ---- | C] () mlang.dat -> C:\Windows\System32\mlang.dat -> [2009/06/10 18:26:10 | 000,673,088 | ---- | C] () snpstd3.sys -> C:\Windows\System32\drivers\snpstd3.sys -> [2005/10/13 17:19:12 | 008,701,824 | ---- | C] () vsnpstd3.exe -> C:\Windows\vsnpstd3.exe -> [2005/09/05 22:55:08 | 000,339,968 | ---- | C] () snpstd3.ini -> C:\Windows\snpstd3.ini -> [2004/02/28 00:36:18 | 000,015,498 | ---- | C] () [File - Lop Check] SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/07/14 01:53:46 | 000,004,636 | ---- | M] () [File - Purity Scan] [Custom Scans] < %ALLUSERSPROFILE%\*.* > < %ALLUSERSPROFILE%\Dados de aplicativos\* > < %ALLUSERSPROFILE%\Dados de aplicativos\*.* > < %ALLUSERSPROFILE%\documentos\*.* > < %ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\*.* > < %APPDATA%\* > < %APPDATA%\*.* > < %LOCALAPPDATA%\*.* > GDIPFONTCACHEV1.DAT -> C:\Users\GEISON\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009/07/25 15:43:57 | 000,108,824 | ---- | M] () IconCache.db -> C:\Users\GEISON\AppData\Local\IconCache.db -> [2011/10/09 14:17:57 | 001,350,630 | -H-- | M] () Invalid Environment Variable: PROGRAMFILES(X86) < %SYSTEMDRIVE%\* > autoexec.bat -> C:\autoexec.bat -> [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () config.sys -> C:\config.sys -> [2009/06/10 18:42:20 | 000,000,010 | ---- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2011/10/09 20:03:01 | 2408,243,200 | -HS- | M] () pagefile.sys -> C:\pagefile.sys -> [2011/10/09 20:03:04 | 3210,993,664 | -HS- | M] () < %SYSTEMDRIVE%\*.* > autoexec.bat -> C:\autoexec.bat -> [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () config.sys -> C:\config.sys -> [2009/06/10 18:42:20 | 000,000,010 | ---- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2011/10/09 20:03:01 | 2408,243,200 | -HS- | M] () pagefile.sys -> C:\pagefile.sys -> [2011/10/09 20:03:04 | 3210,993,664 | -HS- | M] () < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Outubro 10, 2011 1. *Conhece o arquivo? C:\Users\GEISON\Documents\OgAAAIvJYVzAuh6KVqojq6qMy7KqA951dM6Wv3bJIZU2YyTREAVXdSSgk-bMn62wduSsLJQDgglQ7zaSakM-XgDro0oAm1T1UAuzUOKHnnFAzU_UuamCy3jHXttO.jpg Caso negativo, delete-o. 2. *Baixe o ]Kaspersky Virus Removal Tool Versão 11 e salve-o no desktop *Execute-o e clique no botão *Selecione: Meu computador *Clique Actions *Selecione a opção Select action: *Clique *Clique [start scanning] *Ao término, clique em *Clique Automatic Scan report > Save e salve no desktop como log.txt *Cole o relatório log.txt salvo no desktop 3. *Execute o OTS *Selecione, copie e cole o código no espaço abaixo de Paste Fix Here: [unregister Dlls] [Registry - Safe List] < HOSTS File > ([2009/06/10 18:39:37 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\System32\drivers\etc\hosts YN -> Reset Hosts -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ YN -> {6E13D095-45C3-4271-9475-F3B48227DD9F} [HKLM] -> [startNow Toolbar Helper] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar YN -> "{5911488E-9D1E-40ec-8CBB-06B231CC153F}" [HKLM] -> [startNow Toolbar] [Files/Folders - Created Within 30 Days] NY -> rsit -> C:\rsit NY -> StartNow Toolbar -> C:\Program Files\StartNow Toolbar [Empty Temp Folders] [Reboot] *Clique [Run Fix] e o PC será reiniciado *Cole o relatório apresentado 4. *Informe se o problema foi resolvido. Compartilhar este post Link para o post Compartilhar em outros sites
nozyeg20 0 Denunciar post Postado Outubro 11, 2011 Eu fui informado que esse virus tambem atacou os outros computadores da rede domestica que eu compartilho. E ainda continua o problema. Eu executei o OTS mas ele não reiniciou o computader e não gerou relatório. Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Outubro 11, 2011 Olá nozyeg20! O Wings teve que fazer uma viagem, então estou respondendo no lugar dele até ele voltar. __________________ E ainda continua o problema. Eu executei o OTS mas ele não reiniciou o computader e não gerou relatório. * Mesmo que o OTS tenha tido este problema para gerar o relatório, cole o relatório log.txt salvo no desktop pelo Kaspersky Virus Removal Tool. Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
nozyeg20 0 Denunciar post Postado Outubro 11, 2011 O log é muito grande não quer carregar é quase 25 MB Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Outubro 11, 2011 O log é muito grande não quer carregar é quase 25 MB *Acesse este link: http://cjoint.com/ *Selecione 4 jours *Clique [Enviar arquivo] *Localize o arquivo do log *Clique [Abrir] > [Créer le lien Cjoint] *Cole o endereço criado _______________ Se mesmo no site acima não for possível hospedar o log, hospede-o no site abaixo e depois nos informe o link: http://megaupload.com/ Compartilhar este post Link para o post Compartilhar em outros sites
nozyeg20 0 Denunciar post Postado Outubro 11, 2011 http://www.megaupload.com/?d=L8IRZRA4 Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Outubro 12, 2011 http://www.megaupload.com/?d=L8IRZRA4 Não notei nada de errado no log do Kaspersky, durante o escaneamento dele ele informou algum algo sobre algum vírus? __________________________ :seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online: Tutorial do antivirus Nod32 Online Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador: C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
nozyeg20 0 Denunciar post Postado Outubro 12, 2011 OLá Antonio, gostaria de informar que o problema foi resolvido, ja consigo acessar a pagina da UOL o problema estava na rede o proprietário do modem resolvel o problema. Desde ja agradeço a ajuda de todos do Forum e espero contar com a ajuda de voçês outras vezes. nozyeg20, Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Outubro 12, 2011 OLá Antonio, gostaria de informar que o problema foi resolvido, ja consigo acessar a pagina da UOL o problema estava na rede o proprietário do modem resolvel o problema. Desde ja agradeço a ajuda de todos do Forum e espero contar com a ajuda de voçês outras vezes :) Ficamos felizes que o problema foi resolvido. __________________ :seta: Para remover as ferramentas que você instalou indicadas aqui no fórum, siga as dicas deste tutorial: [Tutorial] < DelFix > Pode desinstalar também o Kaspersky Virus Removal Tool. ___________________ :seta: Para evitar que os problemas voltem, desative e ative novamente a restauração do sistema. Para isso, siga as dicas deste tutorial: Saiba como ativar e desativar a restauração do sistema no Windows 7 ____________________ :thumbsup: Foi um prazer ajudar, conte sempre conosco! Compartilhar este post Link para o post Compartilhar em outros sites
