junior.note

Membros

Perfil Explorar Conteúdo

Total de itens
4
Registro em
Março 18, 2008
Última visita
Janeiro 12, 2012

Sobre junior.note

Perfil

Gender
Male

junior.note's Achievements

Reputação

[Resolvido]PC e Pen driver com Vírus

pergunta respondeu ao junior.note de junior.note em Casos Resolvidos

OK, agora sim o computador está normal. Obrigado pela ajuda!!!
- Dezembro 27, 2010
- 10 respostas
[Resolvido]PC e Pen driver com Vírus

pergunta respondeu ao junior.note de junior.note em Casos Resolvidos

Verificação automática: concluído 2 minutos atrás (eventos: 218778, objetos: 216267, hora: 01:09:08) Resultado: OK (eventos: 213493) Resultado: Detectados (eventos: 8) 18/12/2010 11:34:36 C:\Qoobox\Quarantine\C\Windows\Rwizoa.exe.vir Ação padrão selecionada 18/12/2010 11:34:36 C:\Qoobox\Quarantine\C\Windows\Rwizob.exe.vir Ação padrão selecionada 18/12/2010 11:34:37 C:\Qoobox\Quarantine\C\Program Files\QuestBrowser\questbrowser.dll.vir Ação padrão selecionada 18/12/2010 11:41:09 C:\Windows\System32\Revelation.exe Informações 18/12/2010 11:41:09 C:\Windows\System32\RevelationHelper.dll Informações 18/12/2010 11:41:30 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z78MF0J9\upgrade[1].cab/upgrade.exe/# Ação padrão selecionada 18/12/2010 11:45:46 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z78MF0J9\upgrade[1].cab/upgrade.exe/# Informações 18/12/2010 12:17:10 D:\Meus documentos\Vdownloader\VDownloader.exe/UPX Informações Resultado: Arquivar (eventos: 4779) Resultado: Compactado (eventos: 487) Resultado: Não neutralizado (eventos: 4) Resultado: Não processado (eventos: 3) Resultado: Protegido por senha (eventos: 2) Resultado: Tarefa iniciada (eventos: 1) Resultado: Tarefa concluída (eventos: 1)
- Dezembro 18, 2010
- 10 respostas
[Resolvido]PC e Pen driver com Vírus

pergunta respondeu ao junior.note de junior.note em Casos Resolvidos

ComboFix 10-12-16.02 - Raphael 16/12/2010 21:35:53.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1016.398 [GMT -2:00] Executando de: c:\users\Raphael\Pictures\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Criado um novo ponto de restauração . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6} c:\program files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\chrome\questbrowser.jar c:\program files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\defaults\preferences\prefs.js c:\program files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\install.rdf c:\program files\QuestBrowser c:\program files\QuestBrowser\questbrowser.dll c:\program files\QuestBrowser\questbrowser.exe c:\programdata\QuestBrowser c:\programdata\QuestBrowser\questbrowser119.exe c:\users\Raphael\AppData\Roaming\agtyjkj.bat c:\users\Raphael\AppData\Roaming\completescan c:\users\Raphael\AppData\Roaming\install c:\windows\Rwizoa.exe c:\windows\Rwizob.exe c:\windows\system32\Startup.exe c:\windows\system32\tcpip.sys c:\windows\system32\wl.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_QuestBrowser Service -------\Service_QuestBrowser Service (((((((((((((((( Arquivos/Ficheiros criados de 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))) . 2010-12-16 23:39 . 2010-12-16 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-15 21:28 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll 2010-12-15 21:27 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-12-15 21:27 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll 2010-12-15 21:27 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll 2010-12-15 21:27 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll 2010-12-15 21:27 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe 2010-12-15 21:27 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe 2010-12-15 21:24 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-12-15 21:24 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll 2010-12-15 21:24 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll 2010-12-15 21:23 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-12-14 01:19 . 2010-12-14 01:35 -------- d-----w- c:\program files\PDF Editor 2 2010-12-14 01:19 . 2010-12-14 01:19 75776 ----a-w- c:\windows\cadkasdeinst01e.exe 2010-12-01 17:36 . 2010-12-01 17:36 -------- d-----w- c:\programdata\Panda Security 2010-12-01 17:36 . 2010-12-01 17:36 -------- d-----w- c:\program files\Panda USB Vaccine 2010-12-01 17:24 . 2010-12-01 17:46 -------- d-----w- c:\programdata\Autorun Eater 2010-12-01 17:10 . 2010-12-01 17:12 -------- d-----w- C:\PenClean 2010-12-01 17:00 . 2009-11-25 14:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-12-01 16:48 . 2010-12-01 16:50 -------- d-----w- C:\LinhaDefensiva 2010-12-01 14:44 . 1998-06-18 02:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL 2010-12-01 13:24 . 2010-09-07 13:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-12-01 13:24 . 2010-09-07 13:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-12-01 13:24 . 2010-09-07 13:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-12-01 13:24 . 2010-09-07 13:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-12-01 13:24 . 2010-09-07 13:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-12-01 13:23 . 2010-09-07 14:12 38848 ----a-w- c:\windows\avastSS.scr 2010-12-01 13:23 . 2010-09-07 14:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-12-01 13:23 . 2010-12-01 13:23 -------- d-----w- c:\programdata\Alwil Software 2010-12-01 13:23 . 2010-12-01 13:23 -------- d-----w- c:\program files\Alwil Software 2010-12-01 02:09 . 2010-12-01 02:09 -------- d-----w- c:\program files\Recuva 2010-11-30 19:25 . 2010-11-30 19:25 -------- d-----w- c:\programdata\Hewlett-Packard 2010-11-30 19:25 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll 2010-11-22 02:15 . 2010-11-22 02:15 -------- d-----w- c:\program files\Common Files\Adobe 2010-11-22 02:14 . 2010-11-22 02:14 -------- d-----w- c:\programdata\McAfee 2010-11-22 02:14 . 2010-11-22 02:14 -------- d-----w- c:\programdata\McAfee Security Scan 2010-11-22 02:14 . 2010-11-23 16:10 -------- d-----w- c:\program files\McAfee Security Scan 2010-11-19 22:47 . 2010-11-19 22:47 -------- d-----w- c:\windows\system32\Wat 2010-11-19 04:05 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll 2010-11-19 04:04 . 2010-11-19 04:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2010-11-19 04:03 . 2009-11-25 14:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-11-19 04:03 . 2009-11-25 14:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-11-19 04:03 . 2009-11-25 14:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-11-19 04:03 . 2009-11-25 14:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-11-19 04:03 . 2009-11-25 14:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-11-19 04:00 . 2010-11-19 04:00 -------- d-----w- c:\windows\system32\x64 2010-11-19 04:00 . 2009-09-23 21:30 1002008 ----a-w- c:\windows\system32\igxpun.exe 2010-11-19 03:52 . 2010-11-19 03:52 -------- d-----w- c:\windows\CheckSur 2010-11-19 03:04 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-11-19 03:04 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll 2010-11-19 02:53 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe 2010-11-19 02:51 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll 2010-11-19 02:51 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-11-19 02:51 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll 2010-11-19 02:50 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2010-11-19 02:50 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll 2010-11-19 02:50 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe 2010-11-19 02:50 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe 2010-11-19 02:49 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll 2010-11-19 02:46 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll 2010-11-19 02:46 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll 2010-11-19 02:46 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll 2010-11-19 02:45 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-11-19 02:45 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-11-19 02:42 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll 2010-11-19 02:41 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-11-19 02:41 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-11-19 02:41 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-11-19 02:41 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll 2010-11-19 02:41 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe 2010-11-19 02:41 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll 2010-11-19 02:41 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-11-19 02:38 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-11-19 02:38 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-11-19 02:38 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe 2010-11-19 02:38 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe 2010-11-19 02:38 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll 2010-11-19 02:38 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll 2010-11-19 02:37 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll 2010-11-19 02:32 . 2010-11-19 02:32 -------- d-----w- c:\program files\Ares 2010-11-19 02:30 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2010-11-19 02:30 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL 2010-11-19 02:29 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2010-11-19 02:29 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll 2010-11-19 02:29 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll 2010-11-19 02:29 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll 2010-11-19 02:29 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll 2010-11-19 02:29 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll 2010-11-19 02:29 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2010-11-19 02:29 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll 2010-11-19 02:29 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll 2010-11-19 02:29 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-11-19 02:29 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-11-19 02:29 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-11-19 02:28 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll 2010-11-19 02:28 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll 2010-11-19 02:28 . 2010-11-19 02:28 -------- d-----w- c:\programdata\GbPlugin 2010-11-19 02:00 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-11-19 02:00 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll 2010-11-18 01:10 . 2010-12-09 21:28 -------- d-----w- c:\users\Gabriel 2010-11-18 00:55 . 2010-01-26 12:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe 2010-11-18 00:55 . 2010-10-16 13:50 3056008 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe 2010-11-18 00:55 . 2010-11-18 00:55 -------- d-----w- c:\program files\VDownloader 2010-11-18 00:36 . 2010-11-17 23:42 -------- d-----w- c:\windows\Panther 2010-11-18 00:35 . 2010-11-18 00:35 -------- d-----w- C:\Boot 2010-11-18 00:22 . 2010-11-18 00:22 -------- d-----w- c:\windows\system32\Macromed 2010-11-18 00:19 . 2010-11-18 00:33 -------- d-----w- c:\program files\Media Player Classic - Home Cinema 2010-11-17 23:53 . 2010-11-20 16:21 -------- d-----w- c:\program files\Microsoft Works 2010-11-17 23:53 . 2010-11-17 23:53 -------- d-----w- c:\windows\PCHEALTH 2010-11-17 23:53 . 2010-11-17 23:53 -------- d-----w- c:\program files\Microsoft.NET 2010-11-17 23:51 . 2010-11-17 23:51 -------- d-----w- c:\windows\SHELLNEW 2010-11-17 23:51 . 2010-12-16 01:35 -------- d-----w- c:\programdata\Microsoft Help 2010-11-17 23:51 . 2010-12-16 01:35 -------- d-sh--w- c:\windows\Installer 2010-11-17 23:51 . 2010-11-17 23:51 -------- d-----r- C:\MSOCache 2010-11-17 23:50 . 2010-12-16 23:35 -------- d-----w- c:\windows\system32\wbem\Performance 2010-11-17 23:47 . 2003-11-20 14:58 18004 ----a-w- c:\windows\system32\drivers\slnt.sys . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-19 1343400] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\DRIVERS\slnt.sys [2003-11-20 18004] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ DPS BFE mpssvc WwanSvc LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q= IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\7jmfwp3c.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: MÃ³dulo de SeguranÃ§a - Banco do Brasil: {87F8774F-B485-47E2-A755-A40A8A5E886C} - %profile%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} . - - - - ORFÃOS REMOVIDOS - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-Sidebar - %ProgramFiles%\Windows Sidebar\Sidebar.exe HKCU-Run-qoeowo - c:\users\Raphael\qoeowo.exe HKCU-Run-sauve - c:\users\Raphael\sauve.exe HKCU-Run-teeameb - c:\users\Raphael\teeameb.exe . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Outros Processos em Execução ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\taskhost.exe c:\program files\Panda USB Vaccine\USBVaccine.exe c:\windows\system32\conhost.exe c:\windows\system32\igfxsrvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Tempo para conclusão: 2010-12-16 21:43:03 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-12-16 23:43 Pré-execução: 48.588.357.632 bytes disponíveis Pós execução: 49.431.072.768 bytes disponíveis - - End Of File - - A3A11D982CA6AF57AA1865599A210F7A
- Dezembro 16, 2010
- 10 respostas
[Resolvido]PC e Pen driver com Vírus

pergunta respondeu ao junior.note de junior.note em Casos Resolvidos

Bom dia, como solicitado, seguem abaixo os resultados: DDS (Ver_10-11-27.01) - NTFSx86 Run by Raphael at 11:24:49,30 on 04/12/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1016.387 [GMT -2:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\ProgramData\QuestBrowser\questbrowser119.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Panda USB Vaccine\USBVaccine.exe C:\Windows\System32\igfxtray.exe C:\Program Files\QuestBrowser\questbrowser.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\msiexec.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\sppsvc.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Raphael\Pictures\Downloads\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com.br/ uSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q= mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q= uWinlogon: Shell=c:\users\raphael\appdata\roaming\hotfix.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun uRun: [JP595IR86O] c:\users\raphael\appdata\local\temp\Rtr.exe uRun: [qoeowo] c:\users\raphael\qoeowo.exe /E uRun: [sauve] c:\users\raphael\sauve.exe /N uRun: [NtWqIVLZEWZU] c:\users\raphael\appdata\local\temp\Rts.exe uRun: [teeameb] c:\users\raphael\teeameb.exe /Y mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0) mPolicies-system: EnableInstallerDetection = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\raphael\appdata\roaming\mozilla\firefox\profiles\7jmfwp3c.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ FF - component: c:\users\raphael\appdata\roaming\mozilla\firefox\profiles\7jmfwp3c.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: QuestBrowser: {B9B81A55-9C8B-4FD5-B140-714613DED7B6} - c:\program files\mozilla firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6} FF - Extension: MÃ³dulo de SeguranÃ§a - Banco do Brasil: {87F8774F-B485-47E2-A755-A40A8A5E886C} - c:\users\raphael\appdata\roaming\mozilla\firefox\profiles\7jmfwp3c.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-1 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-1 17744] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-1 50768] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-1 40384] R2 QuestBrowser Service;QuestBrowser Service;c:\programdata\questbrowser\questbrowser119.exe [2010-12-1 61712] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-1 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-1 40384] R3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2010-11-17 18004] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-19 1343400] =============== Created Last 30 ================ 2010-12-01 17:36:56 -------- d-----w- c:\progra~2\Panda Security 2010-12-01 17:36:47 -------- d-----w- c:\program files\Panda USB Vaccine 2010-12-01 17:24:02 -------- d-----w- c:\progra~2\Autorun Eater 2010-12-01 17:10:18 -------- d-----w- C:\PenClean 2010-12-01 17:00:54 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-12-01 16:48:31 -------- d-----w- C:\LinhaDefensiva 2010-12-01 14:44:52 89360 ----a-w- c:\windows\system32\VB5DB.DLL 2010-12-01 13:24:18 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-12-01 13:23:52 38848 ----a-w- c:\windows\avastSS.scr 2010-12-01 13:23:49 -------- d-----w- c:\progra~2\Alwil Software 2010-12-01 12:47:29 190464 ----a-w- c:\windows\Rwizob.exe 2010-12-01 03:27:36 234 ----a-w- c:\users\raphael\appdata\roaming\agtyjkj.bat 2010-12-01 03:18:37 -------- d-----w- c:\program files\QuestBrowser 2010-12-01 03:18:37 -------- d-----w- c:\progra~2\QuestBrowser 2010-12-01 02:00:07 190464 ----a-w- c:\windows\Rwizoa.exe 2010-11-30 19:25:42 280064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll 2010-11-22 02:14:13 -------- d-----w- c:\progra~2\McAfee Security Scan 2010-11-22 02:14:11 -------- d-----w- c:\program files\McAfee Security Scan 2010-11-22 02:14:08 -------- d-----w- c:\users\raphael\appdata\local\Adobe 2010-11-19 22:47:44 -------- d-----w- c:\windows\system32\Wat 2010-11-19 04:05:26 257024 ----a-w- c:\windows\system32\msv1_0.dll 2010-11-19 04:03:18 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-11-19 04:03:18 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-11-19 04:03:18 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-11-19 04:03:18 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-11-19 04:03:18 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-11-19 04:00:17 1002008 ----a-w- c:\windows\system32\igxpun.exe 2010-11-19 04:00:17 -------- d-----w- c:\windows\system32\x64 2010-11-19 03:52:26 -------- d-----w- c:\windows\CheckSur 2010-11-19 03:04:36 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-11-19 03:04:36 1037312 ----a-w- c:\windows\system32\lsasrv.dll 2010-11-19 02:53:01 316928 ----a-w- c:\windows\system32\spoolsv.exe 2010-11-19 02:51:58 2048 ----a-w- c:\windows\system32\tzres.dll 2010-11-19 02:51:55 109056 ----a-w- c:\windows\system32\t2embed.dll 2010-11-19 02:51:38 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-11-19 02:51:30 1233920 ----a-w- c:\windows\system32\msxml3.dll 2010-11-19 02:50:53 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2010-11-19 02:50:53 1320960 ----a-w- c:\windows\system32\CertEnroll.dll 2010-11-19 02:50:52 507568 ----a-w- c:\windows\system32\winload.exe 2010-11-19 02:50:52 442920 ----a-w- c:\windows\system32\winresume.exe 2010-11-19 02:49:27 530432 ----a-w- c:\windows\system32\comctl32.dll 2010-11-19 02:46:31 954752 ----a-w- c:\windows\system32\mfc40.dll 2010-11-19 02:46:31 954288 ----a-w- c:\windows\system32\mfc40u.dll 2010-11-19 02:46:06 292864 ----a-w- c:\windows\system32\apphelp.dll 2010-11-19 02:45:58 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-11-19 02:45:58 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-11-19 02:42:23 427520 ----a-w- c:\windows\system32\vbscript.dll 2010-11-19 02:41:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-11-19 02:41:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-11-19 02:41:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-11-19 02:41:06 70656 ----a-w- c:\windows\system32\fontsub.dll 2010-11-19 02:41:06 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-11-19 02:41:06 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-11-19 02:41:03 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe 2010-11-19 02:41:02 1413632 ----a-w- c:\windows\system32\ole32.dll 2010-11-19 02:41:02 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-11-19 02:38:41 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-11-19 02:38:41 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-11-19 02:38:40 285696 ----a-w- c:\windows\system32\winlogon.exe 2010-11-19 02:38:40 2614272 ----a-w- c:\windows\explorer.exe 2010-11-19 02:38:03 224256 ----a-w- c:\windows\system32\schannel.dll 2010-11-19 02:38:02 34816 ----a-w- c:\windows\system32\msasn1.dll 2010-11-19 02:37:09 67584 ----a-w- c:\windows\system32\asycfilt.dll 2010-11-19 02:32:25 -------- d-----w- c:\users\raphael\appdata\local\Ares 2010-11-19 02:32:18 -------- d-----w- c:\program files\Ares 2010-11-19 02:30:45 164864 ----a-w- c:\program files\windows media player\wmplayer.exe 2010-11-19 02:30:44 12625408 ----a-w- c:\windows\system32\wmploc.DLL 2010-11-19 02:28:58 738816 ----a-w- c:\windows\system32\wmpmde.dll 2010-11-19 02:28:50 363520 ----a-w- c:\windows\system32\StructuredQuery.dll 2010-11-19 02:28:25 -------- d-----w- c:\progra~2\GbPlugin 2010-11-19 02:00:46 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-11-19 02:00:39 132608 ----a-w- c:\windows\system32\cabview.dll 2010-11-18 00:55:14 444283 ----a-w- c:\program files\common files\WinPcapNmap.exe 2010-11-18 00:55:13 3056008 ----a-w- c:\program files\common files\AskToolbarInstaller.exe 2010-11-18 00:55:12 -------- d-----w- c:\program files\VDownloader 2010-11-18 00:36:05 -------- d-----w- c:\windows\Panther 2010-11-18 00:35:57 -------- d-sh--w- C:\Boot 2010-11-18 00:30:57 -------- d-----w- c:\windows\system32\directx 2010-11-18 00:19:42 -------- d-----w- c:\program files\Media Player Classic - Home Cinema 2010-11-17 23:53:21 -------- d-----w- c:\windows\PCHEALTH 2010-11-17 23:51:33 -------- d-----w- c:\windows\SHELLNEW 2010-11-17 23:51:26 -------- d-----w- c:\users\raphael\appdata\local\Microsoft Help 2010-11-17 23:51:22 -------- d-sh--w- c:\windows\Installer 2010-11-17 23:50:31 -------- d-----w- c:\windows\system32\wbem\Performance 2010-11-17 23:47:38 18004 ----a-w- c:\windows\system32\drivers\slnt.sys ==================== Find3M ==================== 2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll 2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec 2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb ============= FINISH: 11:25:15,37 =============== ###################################################################### UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-11-27.01) Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 17/11/2010 21:42:13 System Uptime: 12/04/2010 11:20:16 (5664 hours ago) Motherboard: Gigabyte Technology Co., Ltd. | | 8I945GZME-RH Processor: Intel® Core2 CPU 4300 @ 1.80GHz | Socket 775 | 1800/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 56 GiB total, 45,616 GiB free. D: is FIXED (NTFS) - 98 GiB total, 38,412 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.0 - Português Ares 2.1.7 avast! Free Antivirus Intel® Graphics Media Accelerator Driver McAfee Security Scan Plus Media Player Classic - Home Cinema v1.4.2499.0 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Portuguese (Brazil)) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Portuguese (Brazil)) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 Microsoft Office Word MUI (Portuguese (Brazil)) 2007 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox (3.6.12) Panda USB Vaccine 1.0.1.4 Recuva Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office Outlook 2007 (KB2288953) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office Publisher 2007 (KB982124) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office OneNote 2007 (KB980729) Update for Outlook 2007 Junk Email Filter (KB2443839) VDownloader 3.0.721 Visual C++ 8.0 CRT (x86) WinSXS mesmo ==== End Of File =========================== Aguardando resposta...
- Dezembro 4, 2010
- 10 respostas
[Resolvido]PC e Pen driver com Vírus

uma questão postou junior.note Casos Resolvidos

Boa noite gostarai que analisassem meu log, pois o PC e o PenDriver está com vírus: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:26:48, on 01/12/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Raphael\AppData\Local\Temp\Rtr.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\system32\diskpart.exe C:\Users\Raphael\Pictures\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=14784&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKCU\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun O4 - HKCU\..\Run: [JP595IR86O] C:\Users\Raphael\AppData\Local\Temp\Rtr.exe O4 - HKCU\..\Run: [qoeowo] C:\Users\Raphael\qoeowo.exe /E O4 - HKCU\..\Run: [sauve] C:\Users\Raphael\sauve.exe /N O4 - HKCU\..\Run: [NtWqIVLZEWZU] C:\Users\Raphael\AppData\Local\Temp\Rts.exe O4 - HKCU\..\Run: [teeameb] C:\Users\Raphael\teeameb.exe /Y O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: QuestBrowser Service - Unknown owner - C:\ProgramData\QuestBrowser\questbrowser119.exe -- End of file - 4832 bytes Aguardo resposta!!
- Dezembro 2, 2010
- 10 respostas
[Resolvido]PC com vírus

pergunta respondeu ao junior.note de junior.note em Casos Resolvidos

OK, PC em perfeitas condições. Agradeço a equipe Script Brasil!
- Junho 27, 2010
- 15 respostas
[Resolvido]PC com vírus

pergunta respondeu ao junior.note de junior.note em Casos Resolvidos

Autoscan: completed 14 minutes ago (events: 213144, objects: 208843, time: 02:31:50) Result: OK (events: 206925) Result: Detected (events: 3) 24/6/2010 12:05:12 C:\Arquivos de programas\MP3 Player Utilities 4.09\AMVConverter\amvtransform.exe 24/6/2010 12:38:49 C:\Documents and Settings\Júnior\Meus documentos\Downloads\Driver 4.09\MSI.CAB/_7B7DF61172EA4413A0E15037B773EF47 24/6/2010 13:12:43 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP5\A0001432.exe Result: Archive (events: 5004) Result: Packed (events: 1186) Result: Corrupted (events: 10) Result: Deleted (events: 3) Result: Backed up (events: 3) Result: Not processed (events: 1) Result: Processing error (events: 4) Result: Password protected (events: 3) Result: Task started (events: 1) Result: Task completed (events: 1)
- Junho 24, 2010
- 15 respostas
[Resolvido]PC com vírus

pergunta respondeu ao junior.note de junior.note em Casos Resolvidos

Autoscan: completed 8 minutes ago (events: 222503, objects: 216322, time: 03:23:00) Result: OK (events: 214166) Result: Detected (events: 22) Result: Archive (events: 6672) Result: Packed (events: 1290) Result: Corrupted (events: 10) Result: Deleted (events: 22) 13/6/2010 19:07:22 C:\Documents and Settings\Júnior\link02.exe 13/6/2010 19:07:23 C:\Documents and Settings\Júnior\limsnet.exe 13/6/2010 19:07:24 C:\Documents and Settings\Júnior\mdl12pa.exe 13/6/2010 19:17:41 C:\Documents and Settings\Júnior\Dados de aplicativos\media_player3\swhost.exe 13/6/2010 19:17:48 C:\Documents and Settings\Júnior\Dados de aplicativos\media_player3\nwiys.exe 13/6/2010 19:43:19 C:\Documents and Settings\Júnior\Meus documentos\Downloads\Zend Studio v7.0-iNViSiBLE\iNViSiBLE\Zend7_keygen.exe 13/6/2010 20:21:53 C:\Qoobox\Quarantine\C\WINDOWS\eudr322.exe.vir 13/6/2010 20:21:57 C:\Qoobox\Quarantine\C\DOCUME~1\JNIOR~1\DADOSD~1\MEDIA_~1\LIVELO~1.DLL.vir 13/6/2010 20:21:58 C:\Qoobox\Quarantine\C\WINDOWS\Help\ohb4776.exe.vir 13/6/2010 20:22:04 C:\Qoobox\Quarantine\C\WINDOWS\system32\process.exe.vir 13/6/2010 20:22:05 C:\Qoobox\Quarantine\C\WINDOWS\Help\wrb879.exe.vir 13/6/2010 20:22:07 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP1\A0000015.dll 13/6/2010 20:22:13 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP1\A0000016.exe 13/6/2010 20:22:14 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP1\A0000019.exe 13/6/2010 20:22:16 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP1\A0000017.exe 13/6/2010 20:22:17 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP1\A0000018.exe 13/6/2010 20:24:29 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP5\A0001427.exe 13/6/2010 20:24:32 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP5\A0001426.exe 13/6/2010 20:24:33 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP5\A0001428.exe 13/6/2010 20:24:35 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP5\A0001429.exe 13/6/2010 20:24:39 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP5\A0001430.exe 13/6/2010 20:50:21 C:\WINDOWS\system32\winmoto.exe Result: Backed up (events: 22) Result: Not processed (events: 1) Result: Password protected (events: 296) Result: Task started (events: 1) Result: Task completed (events: 1)
- Junho 14, 2010
- 15 respostas
[Resolvido]PC com vírus

pergunta respondeu ao junior.note de junior.note em Casos Resolvidos

Tive um caso resolvido a quase 2 meses, porém um amigo ao usar o computador foi infectado novamente.
- Junho 11, 2010
- 15 respostas
[Resolvido]PC com vírus

pergunta respondeu ao junior.note de junior.note em Casos Resolvidos

OK, Renato me desculpe, é que loguei com junior.note, pois havia perdido a senha do orlando.junior, mas agora está tudo certo, o log do combo fix acima fui eu qu8em postei...
- Junho 11, 2010
- 15 respostas
[Resolvido]PC com vírus

pergunta respondeu ao junior.note de junior.note em Casos Resolvidos

OK, como solicitado segue os logs: DDS (Ver_10-03-17.01) - NTFSx86 Run by J£nior at 22:11:41,90 on seg 31/05/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.225 [GMT -3:00] AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Júnior\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com.br/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {1AA9D975-FDB8-4E11-AEC3-D7594FAA9EA3}AEC3-D7594FAA9EA3} - No File BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: LiveLogin: {71fc9097-0665-44a7-8c6b-ee14a4e1a576} - c:\docume~1\jnior~1\dadosd~1\media_~1\LIVELO~1.DLL BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Internet Explorer(): {948d0d4e-9820-4aa0-835d-d5439acdf296} - c:\docume~1\jnior~1\dadosd~1\media_~1\google.dll BHO: Google: {baa1640c-9bf1-4f1d-bbd5-4fe879308ab4} - c:\docume~1\jnior~1\dadosd~1\media_~1\flash.dll BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: JavaConsole: {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - c:\docume~1\jnior~1\dadosd~1\media_~1\java_tm.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [avast5] c:\arquiv~1\alwils~1\avast5\avastUI.exe /nogui mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\arquivos de programas\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll se: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll ============= SERVICES / DRIVERS =============== R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-5-17 30504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-21 164048] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-21 19024] R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-2-21 40384] R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2010-5-17 53800] R3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-2-21 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-2-21 40384] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-3-8 135664] S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\scutum50.sys --> c:\windows\system32\drivers\Scutum50.sys [?] =============== Created Last 30 ================ 2010-06-01 01:06:01 0 d-----w- C:\Abuse 2010-06-01 01:05:52 0 d-----w- c:\documents and settings\júnior\WINDOWS 2010-05-31 14:32:13 195072 ------w- c:\windows\trz3.tmp 2010-05-30 15:45:14 449536 ----a-w- c:\windows\system32\process.exe 2010-05-30 15:41:56 2226176 ----a-w- c:\windows\system32\winmoto.exe 2010-05-30 15:39:50 1283584 ----a-w- c:\windows\system32\wintalk.exe 2010-05-30 15:37:28 0 d-----w- c:\docume~1\jnior~1\dadosd~1\media_player3 2010-05-30 15:37:19 44032 ----a-w- c:\windows\eudr322.exe 2010-05-30 15:37:15 1929216 ----a-w- c:\windows\system32\taskghl.exe 2010-05-30 15:37:12 360021 ----a-w- c:\documents and settings\júnior\link02.exe 2010-05-30 15:37:09 107520 ----a-w- c:\documents and settings\júnior\limsnet.exe 2010-05-30 15:37:08 45568 ----a-w- c:\documents and settings\júnior\mdl12pa.exe 2010-05-22 04:55:09 82 ----a-w- c:\windows\mafosav.INI 2010-05-17 11:04:00 30504 ----a-w- c:\windows\system32\drivers\gbpkm.sys 2010-05-17 11:03:45 0 d-----w- c:\docume~1\alluse~1\dadosd~1\GbPlugin 2010-05-17 11:03:45 0 d-----w- c:\arquivos de programas\GbPlugin 2010-05-13 23:24:57 5 ---há-w- c:\documents and settings\júnior\.zs 2010-05-13 23:24:57 0 d-----w- c:\documents and settings\júnior\.ZendStudio 2010-05-13 23:24:16 0 d-----w- c:\documents and settings\júnior\Zend 2010-05-13 23:14:01 0 d--h--w- c:\arquivos de programas\Zero G Registry 2010-05-13 23:12:48 0 d--h--w- c:\documents and settings\júnior\InstallAnywhere 2010-05-13 17:18:07 0 d--h--r- c:\documents and settings\júnior\Recent 2010-05-13 17:17:33 0 d-----w- c:\arquivos de programas\CCleaner 2010-05-08 00:37:10 692 --sha-w- c:\windows\setup_9.0.0.722_07.05.2010_17-24drv.spi 2010-05-04 00:07:51 0 d-sha-r- C:\cmdcons ==================== Find3M ==================== 2010-06-01 01:02:47 3670016 ---há-w- c:\documents and settings\júnior\NTUSER.DAT 2010-05-30 15:37:28 20480 ----a-w- c:\documents and settings\júnior\count.exe 2010-04-25 22:11:47 62576 ----a-w- c:\windows\system32\perfc016.dat 2010-04-25 22:11:47 416394 ----a-w- c:\windows\system32\perfh016.dat 2010-04-23 00:18:50 203776 ----a-w- c:\windows\fnid1659.dll 2010-04-02 14:24:48 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-10 06:16:48 420352 ----a-w- c:\windows\system32\vbscript.dll ============= FINISH: 22:12:09,60 =============== = = = = = = = UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 21/2/2010 18:07:13 System Uptime: 31/5/2010 20:46:08 (2 hours ago) Motherboard: ASUSTeK Computer INC. | | P4S800D-X Processor: Intel® Pentium® 4 CPU 2.40GHz | PGA 478 | 2400/133mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 52 GiB total, 15,033 GiB free. D: is FIXED (NTFS) - 24 GiB total, 18,879 GiB free. E: is CDROM (CDFS) ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== 2600 2600_Help 2600Trb Abuse for Windows - Full Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3.2 - Português AiO_Scan AiOSoftware Ares 2.1.4 Arquivo do WinRAR Assistente de Conexão do Windows Live Atualização de Segurança para o Windows Media Player (KB952069) Atualização de Segurança para o Windows Media Player (KB954155) Atualização de Segurança para o Windows Media Player (KB968816) Atualização de Segurança para o Windows Media Player (KB973540) Atualização de Segurança para o Windows Media Player 11 (KB954154) Atualização de Segurança para Windows Internet Explorer 8 (KB971961) Atualização de Segurança para Windows Internet Explorer 8 (KB976325) Atualização de Segurança para Windows Internet Explorer 8 (KB978207) Atualização de Segurança para Windows Internet Explorer 8 (KB981332) Atualização de Segurança para Windows XP (KB923561) Atualização de Segurança para Windows XP (KB941569) Atualização de Segurança para Windows XP (KB946648) Atualização de Segurança para Windows XP (KB950760) Atualização de Segurança para Windows XP (KB950762) Atualização de Segurança para Windows XP (KB950974) Atualização de Segurança para Windows XP (KB951376-v2) Atualização de Segurança para Windows XP (KB951748) Atualização de Segurança para Windows XP (KB952004) Atualização de Segurança para Windows XP (KB952954) Atualização de Segurança para Windows XP (KB954459) Atualização de Segurança para Windows XP (KB955069) Atualização de Segurança para Windows XP (KB956572) Atualização de Segurança para Windows XP (KB956744) Atualização de Segurança para Windows XP (KB956802) Atualização de Segurança para Windows XP (KB956803) Atualização de Segurança para Windows XP (KB956844) Atualização de Segurança para Windows XP (KB958644) Atualização de Segurança para Windows XP (KB958869) Atualização de Segurança para Windows XP (KB959426) Atualização de Segurança para Windows XP (KB960225) Atualização de Segurança para Windows XP (KB960803) Atualização de Segurança para Windows XP (KB960859) Atualização de Segurança para Windows XP (KB961501) Atualização de Segurança para Windows XP (KB969059) Atualização de Segurança para Windows XP (KB969947) Atualização de Segurança para Windows XP (KB970238) Atualização de Segurança para Windows XP (KB970430) Atualização de Segurança para Windows XP (KB971468) Atualização de Segurança para Windows XP (KB971486) Atualização de Segurança para Windows XP (KB971657) Atualização de Segurança para Windows XP (KB971961) Atualização de Segurança para Windows XP (KB972270) Atualização de Segurança para Windows XP (KB973354) Atualização de Segurança para Windows XP (KB973507) Atualização de Segurança para Windows XP (KB973869) Atualização de Segurança para Windows XP (KB973904) Atualização de Segurança para Windows XP (KB974112) Atualização de Segurança para Windows XP (KB974318) Atualização de Segurança para Windows XP (KB974392) Atualização de Segurança para Windows XP (KB974571) Atualização de Segurança para Windows XP (KB975025) Atualização de Segurança para Windows XP (KB975467) Atualização de Segurança para Windows XP (KB975560) Atualização de Segurança para Windows XP (KB975561) Atualização de Segurança para Windows XP (KB975713) Atualização de Segurança para Windows XP (KB977165) Atualização de Segurança para Windows XP (KB977816) Atualização de Segurança para Windows XP (KB977914) Atualização de Segurança para Windows XP (KB978037) Atualização de Segurança para Windows XP (KB978251) Atualização de Segurança para Windows XP (KB978262) Atualização de Segurança para Windows XP (KB978338) Atualização de Segurança para Windows XP (KB978542) Atualização de Segurança para Windows XP (KB978601) Atualização de Segurança para Windows XP (KB978706) Atualização de Segurança para Windows XP (KB979309) Atualização de Segurança para Windows XP (KB979683) Atualização de Segurança para Windows XP (KB980232) Atualização para Windows Internet Explorer 8 (KB976662) Atualização para Windows Internet Explorer 8 (KB978506) Atualização para Windows Internet Explorer 8 (KB980182) Atualização para Windows XP (KB898461) Atualização para Windows XP (KB951978) Atualização para Windows XP (KB955759) Atualização para Windows XP (KB961503) Atualização para Windows XP (KB967715) Atualização para Windows XP (KB968389) Atualização para Windows XP (KB971737) Atualização para Windows XP (KB973687) Atualização para Windows XP (KB973815) Atualização para Windows XP (KB978207) avast! Free Antivirus BufferChm Canon iP1900 series Printer Driver CCleaner Copy CreativeProjects CreativeProjectsTemplates CueTour Destinations Director Disc2Phone DocProc DocumentViewer Fax Ferramenta de Carregamento do Windows Live Google Chrome Google Earth Pro Google Update Helper Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix para o Windows Media Player 11 (KB939683) Hotfix para Windows XP (KB952287) Hotfix para Windows XP (KB976098-v2) Hotfix para Windows XP (KB979306) Hotfix para Windows XP (KB981793) HP Diagnostic Assistant HP Image Zone 4.2 HP PSC & OfficeJet 4.2 HP Software Update HPSystemDiagnostics InstantShare Java Auto Updater Java 6 Update 19 K-Lite Mega Codec Pack 5.6.1 Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Portuguese (Brazil)) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 Microsoft Office Professional Edição 2003 Microsoft Office Proof (English) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Portuguese (Brazil)) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 Microsoft Office Word MUI (Portuguese (Brazil)) 2007 Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft XML Parser MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 8 neroxml Overland PDFCreator PhotoGallery PrintScreen ProductContext QFolder QuickProjects RadioSure Readme RealPlayer Receitanet Java 2010.02 Scan Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB978380) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB978382) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB980470) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB969604) Segoe UI SkinsHP1 TrayApp Unload Update for 2007 Microsoft Office System (KB967642) Update for 2007 Microsoft Office System (KB981715) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office OneNote 2007 (KB980729) Update for Outlook 2007 Junk Email Filter (kb981433) VCRedistSetup VDownloader 1.12 WebFldrs XP WebReg Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Media Format 11 runtime Windows Media Player 11 ==== End Of File ===========================
- Junho 1, 2010
- 15 respostas
[Resolvido]PC com vírus

uma questão postou junior.note Casos Resolvidos

Boa tarde pessoal, gostaria que analisassem meu log, o PC está com vírus com certeza. Abre o Internet explorer sozinho e o MSN também, matei alguns processos e os tirei da inicialização (wintalk, winmoto, etc) e mais uns 3 q num lembro. Abaixo segue meu log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:30:41, on 30/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Documents and Settings\Júnior\Meus documentos\Downloads\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1AA9D975-FDB8-4E11-AEC3-D7594FAA9EA3}AEC3-D7594FAA9EA3} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: LiveLogin - {71FC9097-0665-44A7-8C6B-EE14A4E1A576} - C:\DOCUME~1\JNIOR~1\DADOSD~1\MEDIA_~1\LIVELO~1.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Internet Explorer() - {948D0D4E-9820-4AA0-835D-D5439ACDF296} - C:\DOCUME~1\JNIOR~1\DADOSD~1\MEDIA_~1\google.dll O2 - BHO: Google - {BAA1640C-9BF1-4F1D-BBD5-4FE879308AB4} - C:\DOCUME~1\JNIOR~1\DADOSD~1\MEDIA_~1\flash.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: JavaConsole - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\DOCUME~1\JNIOR~1\DADOSD~1\MEDIA_~1\java_tm.dll O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 6351 bytes
- Maio 30, 2010
- 15 respostas
[Resolvido]PC com sinais de infecção

pergunta respondeu ao junior.note de junior.note em Casos Resolvidos

PC limpo, muito obrigado...
- Fevereiro 17, 2009
- 13 respostas
[Resolvido]PC com sinais de infecção

pergunta respondeu ao junior.note de junior.note em Casos Resolvidos

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:36:59, on 13/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FreshDownload - {9FBDD21E-EC9D-49F2-83F2-53627F586C05} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.MSN.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.MSN.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Unknown owner - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7378 bytes
- Fevereiro 13, 2009
- 13 respostas
[Resolvido]PC com sinais de infecção

pergunta respondeu ao junior.note de junior.note em Casos Resolvidos

Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\system32\olhrwef.exe" not found! Deletion of file "C:\WINDOWS\system32\olhrwef.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\unchsy.exe" not found! Deletion of file "C:\WINDOWS\system32\unchsy.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open file "F:\a2h2.com" Deletion of file "F:\a2h2.com" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist File "C:\pook.com" deleted successfully. Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Universal Channel System" deleted successfully. Completed script processing. ******************* Finished! Terminate. _____________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:22:51, on 12/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FreshDownload - {9FBDD21E-EC9D-49F2-83F2-53627F586C05} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.MSN.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.MSN.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Unknown owner - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7537 bytes
- Fevereiro 12, 2009
- 13 respostas

Entrar

junior.note

Total de itens

Registro em

Última visita

Sobre junior.note

Perfil

junior.note's Achievements

Reputação

[Resolvido]PC e Pen driver com Vírus

[Resolvido]PC e Pen driver com Vírus

[Resolvido]PC e Pen driver com Vírus

[Resolvido]PC e Pen driver com Vírus

[Resolvido]PC e Pen driver com Vírus

[Resolvido]PC com vírus

[Resolvido]PC com vírus

[Resolvido]PC com vírus

[Resolvido]PC com vírus

[Resolvido]PC com vírus

[Resolvido]PC com vírus

[Resolvido]PC com vírus

[Resolvido]PC com sinais de infecção

[Resolvido]PC com sinais de infecção

[Resolvido]PC com sinais de infecção

Navegação

Atividades