oliva
-
Total de itens
0 -
Registro em
-
Última visita
Tudo que oliva postou
-
muito obrigado, ao que parece, está tudo em ordem... um abraço
-
Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\system32\drivers\helmmk.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\helmmk.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "dac970nt" disabled successfully. Driver "dac970nt" deleted successfully. Completed script processing. ******************* Finished! Terminate. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:57:57, on 19/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Documents and Settings\All Users\Dados de aplicativos\U3\U3Launcher\LaunchU3.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: terra 2.lnk = ? O4 - Global Startup: LaunchU3.exe.lnk = ? O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219946600968 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8F45CB2E-6B79-45B0-B38B-F60DFC9FD0C6}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (file missing) -- End of file - 8791 bytes
-
-
É estranho, meu pc continua sendo atacado pelo virus win32/tanatos.m, que é detectado pelo avg, especialmente quando entra o descanso de tela e o pc fica parado por um tempo. Peço para que o avg repare o arquivo mas diz que não é possível, mas ao mesmo tempo, quando coloco o avg para verificar as unidades, ele não o detecta novamente... o que acha que está acontecendo? log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:56:55, on 14/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Documents and Settings\All Users\Dados de aplicativos\U3\U3Launcher\LaunchU3.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\eMule\emule.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: LaunchU3.exe.lnk = ? O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219946600968 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8F45CB2E-6B79-45B0-B38B-F60DFC9FD0C6}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (file missing) -- End of file - 8880 bytes
-
não encontrei nenhum desses arquivos... novo log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:10:26, on 13/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Documents and Settings\All Users\Dados de aplicativos\U3\U3Launcher\LaunchU3.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\eMule\emule.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Windows Media Player\wmplayer.exe C:\ARQUIV~1\AVG\AVG8\avgscanx.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: LaunchU3.exe.lnk = ? O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219946600968 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8F45CB2E-6B79-45B0-B38B-F60DFC9FD0C6}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (file missing) -- End of file - 8846 bytes
-
Log criado pelo PenClean para as unidades O volume na unidade C nÆo tem nome. O n£mero de s‚rie do volume ‚ 4442-142C Pasta de C:\ 28/08/2008 10:29 0 AUTOEXEC.BAT 28/08/2008 10:22 211 boot.ini 28/10/2001 12:06 4.952 Bootfont.bin 28/08/2008 10:29 0 CONFIG.SYS 29/11/2008 10:20 2.992 hpfr3500.log 28/08/2008 10:29 0 IO.SYS 28/08/2008 10:29 0 MSDOS.SYS 13/04/2008 09:43 47.564 NTDETECT.COM 13/04/2008 11:31 251.696 ntldr 06/12/2008 17:50 1.610.612.736 pagefile.sys 28/08/2008 11:16 268 sqmdata00.sqm 29/08/2008 16:40 268 sqmdata01.sqm 29/10/2008 22:05 232 sqmdata02.sqm 31/10/2008 10:25 268 sqmdata03.sqm 28/11/2008 17:34 232 sqmdata04.sqm 28/11/2008 18:14 232 sqmdata05.sqm 28/08/2008 11:16 244 sqmnoopt00.sqm 29/08/2008 16:40 244 sqmnoopt01.sqm 29/10/2008 22:05 244 sqmnoopt02.sqm 31/10/2008 10:25 244 sqmnoopt03.sqm 28/11/2008 17:34 244 sqmnoopt04.sqm 28/11/2008 18:14 244 sqmnoopt05.sqm 22 arquivo(s) 1.610.923.115 bytes 0 pasta(s) 219.578.368 bytes dispon¡veis O volume na unidade F ‚ UDISK 2.0 O n£mero de s‚rie do volume ‚ 16EF-BFC0 Pasta de F:\ 22/10/2008 21:38 240.128 BOMBARDI, L - geografia agr ria no debate te¢rico sobre os conceitos de campesinato e agricultura familiar.doc 22/10/2008 21:55 169.806 FREIXO, A. ; TEIXEIRA, A. - NARRATIVAS SOBRE A NATUREZA.pdf 22/10/2008 21:59 1.150.857 Maria Jos‚ Carneiro - Acesso … terra e condi‡äes sociais de gˆnero.pdf 22/10/2008 21:44 58.167 RUSCHEL, V. - A forma‡Æo da sociabilidade nos assentamentos rurais no MST.pdf 22/10/2008 22:18 92.339 TERRA TRABALHO E FAMILIA consideracoes sobre a _re_ criacao.pdf 22/10/2008 22:01 89.786 WAWZYNLAK, J. V. - Processos de Heran‡a entre Seringueiros de Rond“nia.pdf 22/10/2008 21:43 101.245 WEDIG, J. ; MARTINS, V. ; MENASCHE, R. - Plantar, criar, comer classifica‡äes da comida e das pessoas no interior de fam¡lias rurais.pdf 22/10/2008 22:16 546.363 WOORTMANN, E. - CAMBIOS DE TIEMPO Y ESPACIO CAMBIOS SOCIALES.pdf 20/09/2007 17:32 407.040 msnmsgr.exe 05/11/2008 22:48 1.546 BOOTEX.LOG 10/11/2008 07:23 13.428.736 DESENV SUSTENTµVEL [valter].ppt 10/11/2008 07:28 541.184 Como se forma um paradigma sem slides.ppt 10/11/2008 07:29 23.040 Desenvolvimento Sustent vel [valter].doc 30/11/2008 22:59 20.992 resumo sbs march‚ d'aligre.doc 03/12/2008 15:32 128.512 pr‚ projeto doutorado 16_11_2008.doc 16/10/2008 11:29 101.888 Sueli e Acir [ok].doc 17/10/2008 09:43 116 Alcohol 120% v1.9.5.3105 Serial.txt 22/10/2008 11:28 76.800 jandira.doc 22/10/2008 21:35 58.368 Curso-2007-2_MP_MNA-811.doc 22/10/2008 21:53 82.209 SociedadesCamponesas12007.pdf 20 arquivo(s) 17.319.122 bytes 0 pasta(s) 1.060.696.064 bytes dispon¡veis O volume na unidade G ‚ KINGSTON O n£mero de s‚rie do volume ‚ 0080-DC00 Pasta de G:\ 16/10/2008 23:07 359.478 boleto do renan.bmp 21/02/2008 12:41 1.656 FINDER.DAT 07/12/2007 23:43 4.096 ._.Trashes 16/10/2008 23:29 1.815.316 ConvocacaoMatricula.pdf 21/02/2008 12:35 384 FILEID.DAT 16/10/2008 23:18 359.478 Boleto Talita.bmp 15/08/2008 10:26 6.148 .DS_Store 15/10/2008 09:24 25.600 Curriculo Talita Mirella de Oliveira.doc 16/01/2007 15:34 49.244 RavMon.exe 17/10/2008 12:38 36.352 boleto talita.doc 06/11/2008 17:19 146.105 6E706_1.jpg 21/02/2008 12:34 2 Desktop DF 21/02/2008 12:34 8.192 Desktop DB 06/11/2008 17:14 14.914 Imp.Geladeira3 06/11/2008 18:00 3.514.318 AdobeR.exe 06/11/2008 17:16 18.125 geladeira.jpg 06/11/2008 17:14 16.609 Imp.Geladeira2 06/11/2008 17:16 4.721 geladeiras.jpg 06/11/2008 17:17 21.055 destaque_produto.jpg 06/11/2008 17:18 56.660 FogaoDuploForno_2.jpg 06/11/2008 17:18 10.764 max_produ_amp_fogao927_12_07__11_41_09__3205_4830.jpg 06/11/2008 17:19 22.813 microondas.jpg 06/11/2008 17:19 14.304 17664493.jpg 06/11/2008 17:20 45.796 philips_tv_giveaway_big.jpg 06/11/2008 17:23 33.444 ist2_5228727-retro-tv-isolated.jpg 06/11/2008 17:24 3.988 190x190_155724_1.jpg 06/11/2008 17:25 6.198 5371228_a1.jpg 06/11/2008 17:25 5.261 5371228_a3.jpg 06/11/2008 17:25 5.080 5371228_a2.jpg 06/11/2008 17:57 5 RavMonLog 06/11/2008 16:17 4.707 guarda roupa.jpg 31 arquivo(s) 6.610.813 bytes 0 pasta(s) 64.659.456 bytes dispon¡veis O volume na unidade H nÆo tem nome. O n£mero de s‚rie do volume ‚ C885-B40F Pasta de H:\ 31/10/2008 11:30 104.248 xih9.cmd 05/11/2008 22:59 106.982 nq0cq.cmd 22/10/2008 18:22 104.123 xlk9.com 23/11/2008 10:07 13.239.896 Clipes___Frejat___Tunel_Do_Tempo.amv 25/11/2008 17:12 172.543 vfmggc.pif 20/09/2007 17:32 407.040 msnmsgr.exe 21/10/2008 17:08 103.973 2fiji.com 7 arquivo(s) 14.238.805 bytes 0 pasta(s) 296.419.328 bytes dispon¡veis
-
Iniciando relatório do PenClean 2.0.3 Por Renato Victor Mejias renatomejias@yahoo.com.br 6/12/2008 18:45:56 ----------------------------------------------------------- Arquivos e chaves excluídos da unidade escolhida: F:\autorun.inf foi deletado com sucesso! G:\autorun.inf foi deletado com sucesso! ----------------------------------------------------------- Arquivos excluídos da unidade G: (Resik): ----------------------------------------------------------- Arquivos excluídos da unidade G: (RavMon): RavMonE.exe foi deletado com sucesso! G:\msvcr71.dll foi deletado com sucesso! H:\autorun.inf foi deletado com sucesso! ----------------------------------------------------------- Fim da análise, a unidade verificada foi: "Todas as unidades" ----------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:58:41, on 6/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Documents and Settings\All Users\Dados de aplicativos\U3\U3Launcher\LaunchU3.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: LaunchU3.exe.lnk = ? O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219946600968 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8F45CB2E-6B79-45B0-B38B-F60DFC9FD0C6}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (file missing) -- End of file - 8764 bytes
-
ai vai: Malwarebytes' Anti-Malware 1.31 Versão do banco de dados: 1456 Windows 5.1.2600 Service Pack 3 5/12/2008 20:33:38 mbam-log-2008-12-05 (20-33-38).txt Tipo de Verificação: Rápida Objetos verificados: 47158 Tempo decorrido: 5 minute(s), 21 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 0 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: (Nenhum ítem malicioso foi detectado) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:37:31, on 5/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Documents and Settings\All Users\Dados de aplicativos\U3\U3Launcher\LaunchU3.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: LaunchU3.exe.lnk = ? O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219946600968 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8F45CB2E-6B79-45B0-B38B-F60DFC9FD0C6}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (file missing) -- End of file - 8973 bytes
-
BankerFix 3.0 VALKYRIE - Removedor de Bankers Linha Defensiva | http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ ------------------------------------------------------- Data: 2008-12-01 - 17:15 ------------------------------------------------------- Lista de Definição: 2008-10-08-1 | CORE: 2008-09-30-2 ======================================================= Arquivo infectado detectado: C:\WINDOWS\system\msnmsgr.exe Arquivo infectado removido com sucesso! Arquivo infectado detectado: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\msnmsgr.exe Arquivo infectado removido com sucesso! ----- Fim ------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:18:34, on 1/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\All Users\Dados de aplicativos\U3\U3Launcher\LaunchU3.exe C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: LaunchU3.exe.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219946600968 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8F45CB2E-6B79-45B0-B38B-F60DFC9FD0C6}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (file missing) -- End of file - 8985 bytes
-
caro moderador, o AVG detecta o virus win32/tanatos.m mas não consegue recuperar o arquivo. O pc está bem lento e alguns programas não funcionam bem. Segue o log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:08:28, on 30/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system\msnmsgr.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\All Users\Dados de aplicativos\U3\U3Launcher\LaunchU3.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sysCom] C:\WINDOWS\system\msnmsgr.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: LaunchU3.exe.lnk = ? O4 - Global Startup: msnmsgr.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219946600968 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8F45CB2E-6B79-45B0-B38B-F60DFC9FD0C6}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (file missing) -- End of file - 10067 bytes
-
Ok!!! sou imensamente grato pela enorme atenção e dou por encerrado com êxito esse tópico!!! abraço.
-
Faltou um mp4 q não era meu... não encontrei os arquivos que indicou nesses dois pen drives Iniciando relatório do PenClean 2.0.3 Por Renato Victor Mejias renatomejias@yahoo.com.br 2008-11-13 16:24:24 ----------------------------------------------------------- Arquivos e chaves excluídos da unidade escolhida: Malware não detectado em nenhuma unidade! ----------------------------------------------------------- Fim da análise, a unidade verificada foi: "Todas as unidades" ----------------------------------------------------------- Arquivos e chaves excluídos da unidade escolhida: Malware não detectado em nenhuma unidade! ----------------------------------------------------------- Fim da análise, a unidade verificada foi: "Todas as unidades" ----------------------------------------------------------- Log criado pelo PenClean para as unidades O volume na unidade C não tem nome. O número de série do volume é 30A2-D3EE Pasta de C:\ 2007-11-07 09:50 0 AUTOEXEC.BAT 2008-11-09 20:07 3,978 avenger.txt 2007-11-08 11:49 211 Boot.bak 2008-10-27 23:21 281 boot.ini 2001-10-28 15:06 4,952 Bootfont.bin 2007-11-07 09:50 0 CONFIG.SYS 2008-09-13 09:47 0 dump_dvd.vob 2008-11-13 15:09 1,063,436,288 hiberfil.sys 2007-11-07 12:59 11,823 Installer.log 2007-11-07 09:50 0 IO.SYS 2008-10-23 09:37 6 ISACER.ID 2007-11-07 09:50 0 MSDOS.SYS 2007-11-08 11:44 47,564 NTDETECT.COM 2008-11-09 15:33 251,696 ntldr 2008-11-13 15:09 1,598,029,824 pagefile.sys 2008-08-02 09:44 232 sqmdata00.sqm 2008-08-18 21:08 232 sqmdata01.sqm 2008-08-19 09:29 232 sqmdata02.sqm 2008-10-15 19:07 232 sqmdata03.sqm 2008-10-22 14:09 232 sqmdata04.sqm 2008-06-27 04:39 232 sqmdata05.sqm 2008-06-27 04:40 232 sqmdata06.sqm 2008-06-27 04:41 232 sqmdata07.sqm 2008-06-27 05:27 232 sqmdata08.sqm 2008-07-02 15:23 232 sqmdata09.sqm 2008-07-04 12:55 232 sqmdata10.sqm 2008-07-04 13:17 232 sqmdata11.sqm 2008-07-08 15:27 232 sqmdata12.sqm 2008-07-09 21:51 232 sqmdata13.sqm 2008-07-09 22:08 232 sqmdata14.sqm 2008-07-10 09:32 232 sqmdata15.sqm 2008-07-15 19:20 232 sqmdata16.sqm 2008-07-15 20:54 232 sqmdata17.sqm 2008-07-19 08:49 232 sqmdata18.sqm 2008-08-01 17:27 232 sqmdata19.sqm 2008-08-02 09:44 244 sqmnoopt00.sqm 2008-08-18 21:08 244 sqmnoopt01.sqm 2008-08-19 09:29 244 sqmnoopt02.sqm 2008-10-15 19:07 244 sqmnoopt03.sqm 2008-10-22 14:09 244 sqmnoopt04.sqm 2008-06-27 04:39 244 sqmnoopt05.sqm 2008-06-27 04:40 244 sqmnoopt06.sqm 2008-06-27 04:41 244 sqmnoopt07.sqm 2008-06-27 05:27 244 sqmnoopt08.sqm 2008-07-02 15:23 244 sqmnoopt09.sqm 2008-07-04 12:55 244 sqmnoopt10.sqm 2008-07-04 13:17 244 sqmnoopt11.sqm 2008-07-08 15:27 244 sqmnoopt12.sqm 2008-07-09 21:51 244 sqmnoopt13.sqm 2008-07-09 22:08 244 sqmnoopt14.sqm 2008-07-10 09:32 244 sqmnoopt15.sqm 2008-07-15 19:20 244 sqmnoopt16.sqm 2008-07-15 20:54 244 sqmnoopt17.sqm 2008-07-19 08:49 244 sqmnoopt18.sqm 2008-08-01 17:27 244 sqmnoopt19.sqm 55 arquivo(s) 2,661,796,143 bytes 0 pasta(s) 22,630,170,624 bytes disponíveis O volume na unidade E é doc valter O número de série do volume é 3802-36C2 Pasta de E:\ 2008-10-21 06:15 162 ~$ontamentos para a tese.doc 1 arquivo(s) 162 bytes 0 pasta(s) 11,230,879,744 bytes disponíveis O volume na unidade F não tem nome. O número de série do volume é E0A4-FA14 Pasta de F:\ 2008-08-14 20:32 4,096 ._.Trashes 2008-08-15 10:08 6,148 .DS_Store 2008-11-09 19:23 812,544 Como se forma um paradigma sem slides.ppt 2008-11-10 03:49 13,451,264 DESENV SUSTENTÁVEL.ppt 2008-11-08 10:41 22,016 Desenvolvimento Sustentável [valter].doc 2008-11-05 22:47 1,550 BOOTEX.LOG 2008-10-31 11:30 104,248 xih9.cmd 7 arquivo(s) 14,401,866 bytes 0 pasta(s) 84,398,080 bytes disponíveis O volume na unidade H é UDISK 2.0 O número de série do volume é 16EF-BFC0 Pasta de H:\ 2008-10-22 21:38 240,128 BOMBARDI, L - geografia agrária no debate teórico sobre os conceitos de campesinato e agricultura familiar.doc 2008-10-22 21:55 169,806 FREIXO, A. ; TEIXEIRA, A. - NARRATIVAS SOBRE A NATUREZA.pdf 2008-10-22 21:59 1,150,857 Maria José Carneiro - Acesso à terra e condições sociais de gênero.pdf 2008-10-22 21:44 58,167 RUSCHEL, V. - A formação da sociabilidade nos assentamentos rurais no MST.pdf 2008-10-22 22:18 92,339 TERRA TRABALHO E FAMILIA consideracoes sobre a _re_ criacao.pdf 2008-10-22 22:01 89,786 WAWZYNLAK, J. V. - Processos de Herança entre Seringueiros de Rondônia.pdf 2008-10-22 21:43 101,245 WEDIG, J. ; MARTINS, V. ; MENASCHE, R. - Plantar, criar, comer classificações da comida e das pessoas no interior de famílias rurais.pdf 2008-10-22 22:16 546,363 WOORTMANN, E. - CAMBIOS DE TIEMPO Y ESPACIO CAMBIOS SOCIALES.pdf 2008-11-05 22:59 106,982 nq0cq.cmd 2008-10-31 11:30 104,248 xih9.cmd 2008-11-05 22:48 1,546 BOOTEX.LOG 2008-11-10 07:23 13,428,736 DESENV SUSTENTÁVEL [valter].ppt 2008-11-10 07:28 541,184 Como se forma um paradigma sem slides.ppt 2008-11-10 07:29 23,040 Desenvolvimento Sustentável [valter].doc 2008-10-16 11:29 101,888 Sueli e Acir [ok].doc 2008-10-17 09:43 116 Alcohol 120% v1.9.5.3105 Serial.txt 2008-10-22 11:28 76,800 jandira.doc 2008-10-22 21:35 58,368 Curso-2007-2_MP_MNA-811.doc 2008-10-22 21:53 82,209 SociedadesCamponesas12007.pdf 19 arquivo(s) 16,973,808 bytes 0 pasta(s) 2,028,974,080 bytes disponíveis
-
acho que agora resolveu... veja os logs: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: could not open file "F:\xih9.cmd" Deletion of file "F:\xih9.cmd" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "H:\nq0cq.cmd" Deletion of file "H:\nq0cq.cmd" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "H:\xih9.cmd" Deletion of file "H:\xih9.cmd" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "I:\xih9.cmd" Deletion of file "I:\xih9.cmd" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "I:\nq0cq.cmd" Deletion of file "I:\nq0cq.cmd" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "I:\xlk9.com" Deletion of file "I:\xlk9.com" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "I:\RavMon.exe" Deletion of file "I:\RavMon.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "I:\2fiji.com" Deletion of file "I:\2fiji.com" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Completed script processing. ******************* Finished! Terminate. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:10, on 2008-11-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Arquivos de programas\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\System32\ElkCtrl.exe C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\igfxext.exe C:\WINDOWS\System32\igfxsrvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Documents and Settings\valter lucio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\DOCUME~1\VALTER~1\CONFIG~1\Temp\RtkBtMnt.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\agrsmsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\crypserv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [LManager] C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Arquivos de programas\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Arquivos de programas\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\valter lucio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- End of file - 10111 bytes
-
Iniciando relatório do PenClean 2.0.3 Por Renato Victor Mejias renatomejias@yahoo.com.br 2008-11-09 16:55:16 ----------------------------------------------------------- Arquivos e chaves excluídos da unidade escolhida: C:\autorun.inf foi deletado com sucesso! E:\autorun.inf foi deletado com sucesso! F:\autorun.inf foi deletado com sucesso! H:\autorun.inf foi deletado com sucesso! I:\autorun.inf foi deletado com sucesso! ----------------------------------------------------------- Fim da análise, a unidade verificada foi: "Todas as unidades" ----------------------------------------------------------- Log criado pelo PenClean para as unidades O volume na unidade C não tem nome. O número de série do volume é 30A2-D3EE Pasta de C:\ 2007-11-07 09:50 0 AUTOEXEC.BAT 2008-11-07 18:59 5,614 avenger.txt 2007-11-08 11:49 211 Boot.bak 2008-10-27 23:21 281 boot.ini 2001-10-28 15:06 4,952 Bootfont.bin 2007-11-07 09:50 0 CONFIG.SYS 2008-09-13 09:47 0 dump_dvd.vob 2008-11-09 16:10 1,063,436,288 hiberfil.sys 2007-11-07 12:59 11,823 Installer.log 2007-11-07 09:50 0 IO.SYS 2008-10-23 09:37 6 ISACER.ID 2007-11-07 09:50 0 MSDOS.SYS 2007-11-08 11:44 47,564 NTDETECT.COM 2008-11-09 15:33 251,696 ntldr 2008-11-09 16:10 1,598,029,824 pagefile.sys 2008-08-02 09:44 232 sqmdata00.sqm 2008-08-18 21:08 232 sqmdata01.sqm 2008-08-19 09:29 232 sqmdata02.sqm 2008-10-15 19:07 232 sqmdata03.sqm 2008-10-22 14:09 232 sqmdata04.sqm 2008-06-27 04:39 232 sqmdata05.sqm 2008-06-27 04:40 232 sqmdata06.sqm 2008-06-27 04:41 232 sqmdata07.sqm 2008-06-27 05:27 232 sqmdata08.sqm 2008-07-02 15:23 232 sqmdata09.sqm 2008-07-04 12:55 232 sqmdata10.sqm 2008-07-04 13:17 232 sqmdata11.sqm 2008-07-08 15:27 232 sqmdata12.sqm 2008-07-09 21:51 232 sqmdata13.sqm 2008-07-09 22:08 232 sqmdata14.sqm 2008-07-10 09:32 232 sqmdata15.sqm 2008-07-15 19:20 232 sqmdata16.sqm 2008-07-15 20:54 232 sqmdata17.sqm 2008-07-19 08:49 232 sqmdata18.sqm 2008-08-01 17:27 232 sqmdata19.sqm 2008-08-02 09:44 244 sqmnoopt00.sqm 2008-08-18 21:08 244 sqmnoopt01.sqm 2008-08-19 09:29 244 sqmnoopt02.sqm 2008-10-15 19:07 244 sqmnoopt03.sqm 2008-10-22 14:09 244 sqmnoopt04.sqm 2008-06-27 04:39 244 sqmnoopt05.sqm 2008-06-27 04:40 244 sqmnoopt06.sqm 2008-06-27 04:41 244 sqmnoopt07.sqm 2008-06-27 05:27 244 sqmnoopt08.sqm 2008-07-02 15:23 244 sqmnoopt09.sqm 2008-07-04 12:55 244 sqmnoopt10.sqm 2008-07-04 13:17 244 sqmnoopt11.sqm 2008-07-08 15:27 244 sqmnoopt12.sqm 2008-07-09 21:51 244 sqmnoopt13.sqm 2008-07-09 22:08 244 sqmnoopt14.sqm 2008-07-10 09:32 244 sqmnoopt15.sqm 2008-07-15 19:20 244 sqmnoopt16.sqm 2008-07-15 20:54 244 sqmnoopt17.sqm 2008-07-19 08:49 244 sqmnoopt18.sqm 2008-08-01 17:27 244 sqmnoopt19.sqm 55 arquivo(s) 2,661,797,779 bytes 0 pasta(s) 21,581,471,744 bytes disponíveis O volume na unidade E é doc valter O número de série do volume é 3802-36C2 Pasta de E:\ 2008-10-21 06:15 162 ~$ontamentos para a tese.doc 1 arquivo(s) 162 bytes 0 pasta(s) 11,230,887,936 bytes disponíveis O volume na unidade F não tem nome. O número de série do volume é E0A4-FA14 Pasta de F:\ 2008-08-14 20:32 4,096 ._.Trashes 2008-08-15 10:08 6,148 .DS_Store 2008-11-05 22:47 1,550 BOOTEX.LOG 2008-10-31 11:30 104,248 xih9.cmd 4 arquivo(s) 116,042 bytes 0 pasta(s) 98,689,024 bytes disponíveis O volume na unidade H é UDISK 2.0 O número de série do volume é 16EF-BFC0 Pasta de H:\ 2008-10-22 21:38 240,128 BOMBARDI, L - geografia agrária no debate teórico sobre os conceitos de campesinato e agricultura familiar.doc 2008-10-22 21:55 169,806 FREIXO, A. ; TEIXEIRA, A. - NARRATIVAS SOBRE A NATUREZA.pdf 2008-10-22 21:59 1,150,857 Maria José Carneiro - Acesso à terra e condições sociais de gênero.pdf 2008-10-22 21:44 58,167 RUSCHEL, V. - A formação da sociabilidade nos assentamentos rurais no MST.pdf 2008-10-22 22:18 92,339 TERRA TRABALHO E FAMILIA consideracoes sobre a _re_ criacao.pdf 2008-10-22 22:01 89,786 WAWZYNLAK, J. V. - Processos de Herança entre Seringueiros de Rondônia.pdf 2008-10-22 21:43 101,245 WEDIG, J. ; MARTINS, V. ; MENASCHE, R. - Plantar, criar, comer classificações da comida e das pessoas no interior de famílias rurais.pdf 2008-10-22 22:16 546,363 WOORTMANN, E. - CAMBIOS DE TIEMPO Y ESPACIO CAMBIOS SOCIALES.pdf 2008-11-05 22:59 106,982 nq0cq.cmd 2008-10-31 11:30 104,248 xih9.cmd 2008-11-05 22:48 1,546 BOOTEX.LOG 2008-10-16 11:29 101,888 Sueli e Acir [ok].doc 2008-10-17 09:43 116 Alcohol 120% v1.9.5.3105 Serial.txt 2008-10-22 11:28 76,800 jandira.doc 2008-10-22 21:35 58,368 Curso-2007-2_MP_MNA-811.doc 2008-10-22 21:53 82,209 SociedadesCamponesas12007.pdf 16 arquivo(s) 2,980,848 bytes 0 pasta(s) 2,042,974,208 bytes disponíveis O volume na unidade I não tem nome. O número de série do volume é C885-B40F Pasta de I:\ 2008-10-31 11:30 104,248 xih9.cmd 2008-11-05 22:59 106,982 nq0cq.cmd 2008-10-22 18:22 104,123 xlk9.com 2008-11-06 18:19 1,546 BOOTEX.LOG 2007-01-16 14:34 49,244 RavMon.exe 2008-10-21 17:08 103,973 2fiji.com 6 arquivo(s) 470,116 bytes 0 pasta(s) 1,235,910,656 bytes disponíveis
-
O virus autorun.inf ainda não foi excluído, ele ainda é detectado pelo AVG. alguma outra orientação? obrigado
-
Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\nq0cq.cmd" not found! Deletion of file "C:\nq0cq.cmd" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\xih9.cmd" not found! Deletion of file "C:\xih9.cmd" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "E:\nq0cq.cmd" deleted successfully. File "E:\xih9.cmd" deleted successfully. Error: could not open file "F:\xih9.cmd" Deletion of file "F:\xih9.cmd" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "F:\xlk9.com" Deletion of file "F:\xlk9.com" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "F:\nq0cq.cmd" Deletion of file "F:\nq0cq.cmd" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "F:\RavMon.exe" Deletion of file "F:\RavMon.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "F:\2fiji.com" Deletion of file "F:\2fiji.com" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "H:\xih9.cmd" Deletion of file "H:\xih9.cmd" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "H:\nq0cq.cmd" Deletion of file "H:\nq0cq.cmd" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "I:\xih9.cmd" Deletion of file "I:\xih9.cmd" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "I:\nq0cq.cmd" Deletion of file "I:\nq0cq.cmd" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: file "C:\WINDOWS\system32\ckvo0.dll" not found! Deletion of file "C:\WINDOWS\system32\ckvo0.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:02, on 2008-11-07 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxsrvc.exe C:\WINDOWS\System32\igfxpers.exe C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Arquivos de programas\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\System32\ElkCtrl.exe C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Documents and Settings\valter lucio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\igfxext.exe C:\DOCUME~1\VALTER~1\CONFIG~1\Temp\RtkBtMnt.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\agrsmsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\crypserv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [LManager] C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Arquivos de programas\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Arquivos de programas\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\valter lucio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- End of file - 9600 bytes
-
Pen Clean Log (PenClean.txt): Iniciando relatório do PenClean 2.0.3 Por Renato Victor Mejias renatomejias@yahoo.com.br 2008-11-06 18:16:41 ----------------------------------------------------------- Arquivos e chaves excluídos da unidade escolhida: C:\autorun.inf foi deletado com sucesso! E:\autorun.inf foi deletado com sucesso! F:\autorun.inf foi deletado com sucesso! H:\autorun.inf foi deletado com sucesso! ----------------------------------------------------------- Arquivos excluídos da unidade H: (RavMon): RavMonE.exe foi deletado com sucesso! H:\RavmonE.exe foi deletado com sucesso! H:\msvcr71.dll foi deletado com sucesso! I:\autorun.inf foi deletado com sucesso! ----------------------------------------------------------- Fim da análise, a unidade verificada foi: "Todas as unidades" ----------------------------------------------------------- Log do PenClean (log.txt): Log criado pelo PenClean para as unidades O volume na unidade C não tem nome. O número de série do volume é 30A2-D3EE Pasta de C:\ 2007-11-07 09:50 0 AUTOEXEC.BAT 2008-11-05 22:47 1,864 avenger.txt 2007-11-08 11:49 211 Boot.bak 2008-10-27 23:21 281 boot.ini 2001-10-28 15:06 4,952 Bootfont.bin 2008-11-05 22:45 19,286 cleanup.exe 2004-08-03 23:00 261,856 cmldr 2007-11-07 09:50 0 CONFIG.SYS 2008-09-13 09:47 0 dump_dvd.vob 2008-11-06 18:05 1,063,436,288 hiberfil.sys 2007-11-07 12:59 11,823 Installer.log 2007-11-07 09:50 0 IO.SYS 2008-10-23 09:37 6 ISACER.ID 2007-11-07 09:50 0 MSDOS.SYS 2008-11-05 22:59 106,982 nq0cq.cmd 2007-11-08 11:44 47,564 NTDETECT.COM 2007-11-08 11:44 251,168 ntldr 2008-11-06 18:05 1,598,029,824 pagefile.sys 2008-08-02 09:44 232 sqmdata00.sqm 2008-08-18 21:08 232 sqmdata01.sqm 2008-08-19 09:29 232 sqmdata02.sqm 2008-10-15 19:07 232 sqmdata03.sqm 2008-10-22 14:09 232 sqmdata04.sqm 2008-06-27 04:39 232 sqmdata05.sqm 2008-06-27 04:40 232 sqmdata06.sqm 2008-06-27 04:41 232 sqmdata07.sqm 2008-06-27 05:27 232 sqmdata08.sqm 2008-07-02 15:23 232 sqmdata09.sqm 2008-07-04 12:55 232 sqmdata10.sqm 2008-07-04 13:17 232 sqmdata11.sqm 2008-07-08 15:27 232 sqmdata12.sqm 2008-07-09 21:51 232 sqmdata13.sqm 2008-07-09 22:08 232 sqmdata14.sqm 2008-07-10 09:32 232 sqmdata15.sqm 2008-07-15 19:20 232 sqmdata16.sqm 2008-07-15 20:54 232 sqmdata17.sqm 2008-07-19 08:49 232 sqmdata18.sqm 2008-08-01 17:27 232 sqmdata19.sqm 2008-08-02 09:44 244 sqmnoopt00.sqm 2008-08-18 21:08 244 sqmnoopt01.sqm 2008-08-19 09:29 244 sqmnoopt02.sqm 2008-10-15 19:07 244 sqmnoopt03.sqm 2008-10-22 14:09 244 sqmnoopt04.sqm 2008-06-27 04:39 244 sqmnoopt05.sqm 2008-06-27 04:40 244 sqmnoopt06.sqm 2008-06-27 04:41 244 sqmnoopt07.sqm 2008-06-27 05:27 244 sqmnoopt08.sqm 2008-07-02 15:23 244 sqmnoopt09.sqm 2008-07-04 12:55 244 sqmnoopt10.sqm 2008-07-04 13:17 244 sqmnoopt11.sqm 2008-07-08 15:27 244 sqmnoopt12.sqm 2008-07-09 21:51 244 sqmnoopt13.sqm 2008-07-09 22:08 244 sqmnoopt14.sqm 2008-07-10 09:32 244 sqmnoopt15.sqm 2008-07-15 19:20 244 sqmnoopt16.sqm 2008-07-15 20:54 244 sqmnoopt17.sqm 2008-07-19 08:49 244 sqmnoopt18.sqm 2008-08-01 17:27 244 sqmnoopt19.sqm 2008-10-31 11:30 104,248 xih9.cmd 59 arquivo(s) 2,662,285,873 bytes 0 pasta(s) 23,164,604,416 bytes disponíveis O volume na unidade E é doc valter O número de série do volume é 3802-36C2 Pasta de E:\ 2008-11-05 22:59 106,982 nq0cq.cmd 2008-10-31 11:30 104,248 xih9.cmd 2008-10-21 06:15 162 ~$ontamentos para a tese.doc 3 arquivo(s) 211,392 bytes 0 pasta(s) 11,208,945,664 bytes disponíveis O volume na unidade F não tem nome. O número de série do volume é C885-B40F Pasta de F:\ 2008-10-31 11:30 104,248 xih9.cmd 2008-10-22 18:22 104,123 xlk9.com 2008-11-05 22:59 106,982 nq0cq.cmd 2007-01-16 14:34 49,244 RavMon.exe 2008-10-21 17:08 103,973 2fiji.com 5 arquivo(s) 468,570 bytes 0 pasta(s) 1,235,943,424 bytes disponíveis O volume na unidade H é UDISK 2.0 O número de série do volume é 16EF-BFC0 Pasta de H:\ 2008-10-22 21:38 240,128 BOMBARDI, L - geografia agrária no debate teórico sobre os conceitos de campesinato e agricultura familiar.doc 2008-10-22 21:55 169,806 FREIXO, A. ; TEIXEIRA, A. - NARRATIVAS SOBRE A NATUREZA.pdf 2008-10-22 21:59 1,150,857 Maria José Carneiro - Acesso à terra e condições sociais de gênero.pdf 2008-10-22 21:44 58,167 RUSCHEL, V. - A formação da sociabilidade nos assentamentos rurais no MST.pdf 2008-10-22 22:18 92,339 TERRA TRABALHO E FAMILIA consideracoes sobre a _re_ criacao.pdf 2008-10-22 22:01 89,786 WAWZYNLAK, J. V. - Processos de Herança entre Seringueiros de Rondônia.pdf 2008-10-22 21:43 101,245 WEDIG, J. ; MARTINS, V. ; MENASCHE, R. - Plantar, criar, comer classificações da comida e das pessoas no interior de famílias rurais.pdf 2008-10-22 22:16 546,363 WOORTMANN, E. - CAMBIOS DE TIEMPO Y ESPACIO CAMBIOS SOCIALES.pdf 2008-10-31 11:30 104,248 xih9.cmd 2008-11-05 22:48 1,546 BOOTEX.LOG 2008-11-05 22:59 106,982 nq0cq.cmd 2008-10-16 11:29 101,888 Sueli e Acir [ok].doc 2008-10-17 09:43 116 Alcohol 120% v1.9.5.3105 Serial.txt 2008-10-22 11:28 76,800 jandira.doc 2008-10-22 21:35 58,368 Curso-2007-2_MP_MNA-811.doc 2008-10-22 21:53 82,209 SociedadesCamponesas12007.pdf 16 arquivo(s) 2,980,848 bytes 0 pasta(s) 2,042,974,208 bytes disponíveis O volume na unidade I não tem nome. O número de série do volume é E0A4-FA14 Pasta de I:\ 2008-08-14 20:32 4,096 ._.Trashes 2008-08-15 10:08 6,148 .DS_Store 2008-11-05 22:59 106,982 nq0cq.cmd 2008-11-05 22:47 1,550 BOOTEX.LOG 2008-10-31 11:30 104,248 xih9.cmd 5 arquivo(s) 223,024 bytes 0 pasta(s) 98,578,432 bytes disponíveis Log do Malwarebytes: Malwarebytes' Anti-Malware 1.30 Versão do banco de dados: 1370 Windows 5.1.2600 Service Pack 2 2008-11-06 18:37:02 mbam-log-2008-11-06 (18-37-02).txt Tipo de Verificação: Rápida Objetos verificados: 54280 Tempo decorrido: 4 minute(s), 9 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 1 Chaves do Registro infectadas: 1 Valores do Registro infectados: 1 Ítens do Registro infectados: 1 Pastas infectadas: 0 Arquivos infectados: 9 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Delete on reboot. Chaves do Registro infectadas: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__gbpluginbb (Trojan.Vundo) -> Quarantined and deleted successfully. Valores do Registro infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. Ítens do Registro infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\WINDOWS\system32\ckvo.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\nq0cq.cmd (Trojan.Agent) -> Quarantined and deleted successfully. C:\xih9.cmd (Trojan.Agent) -> Quarantined and deleted successfully. C:\ARQUIVOS DE PROGRAMAS\GbPlugin\gbieh.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\dflgh8jkd2q1.exe (Heuristics.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dflgh8jkd2q8.exe (Heuristics.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vx.tll (Malware.Trace) -> Quarantined and deleted successfully. Log do hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:42, on 2008-11-06 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxsrvc.exe C:\WINDOWS\System32\igfxpers.exe C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Arquivos de programas\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\System32\ElkCtrl.exe C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Documents and Settings\valter lucio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\DOCUME~1\VALTER~1\CONFIG~1\Temp\RtkBtMnt.exe C:\WINDOWS\System32\igfxext.exe C:\WINDOWS\system32\agrsmsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\crypserv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [LManager] C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Arquivos de programas\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Arquivos de programas\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\valter lucio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A3EC1A41-0B4C-4829-B576-32378BFFF866}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- End of file - 9778 bytes
-
aí vai: log do avenger: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\2fiji.com" deleted successfully. File "C:\start.bat" deleted successfully. File "C:\xih9.cmd" deleted successfully. File "C:\xlk9.com" deleted successfully. File "E:\2fiji.com" deleted successfully. File "E:\xih9.cmd" deleted successfully. File "E:\xlk9.com" deleted successfully. Error: could not open file "H:\xih9.cmd" Deletion of file "H:\xih9.cmd" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Completed script processing. ******************* Finished! Terminate. log do hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:02, on 2008-11-05 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\agrsmsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\crypserv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Arquivos de programas\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\System32\igfxsrvc.exe C:\WINDOWS\System32\ElkCtrl.exe C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Documents and Settings\valter lucio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\igfxext.exe C:\DOCUME~1\VALTER~1\CONFIG~1\Temp\RtkBtMnt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [LManager] C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Arquivos de programas\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Arquivos de programas\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\valter lucio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A3EC1A41-0B4C-4829-B576-32378BFFF866}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- End of file - 10019 bytes
-
Ai está o log... Vi que tem usuários que conseguem retirar esse virus com maior facilidade, porque no meu caso está mais difícil? "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"] "Google Update" = ""C:\Documents and Settings\valter lucio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."] "kamsoft" = "C:\WINDOWS\system32\ckvo.exe" [null data] "DriverUpdaterPro" = "C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t" ["iXi Tools"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "LManager" = "C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE" ["Dritek System Inc."] "igfxtray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"] "igfxhkcmd" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"] "igfxpers" = "C:\WINDOWS\System32\igfxpers.exe" ["Intel Corporation"] "SynTPEnh" = "C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "LVCOMSX" = "C:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech"] "LogitechCameraAssistant" = "C:\Arquivos de programas\Acer\OrbiCam\CameraAssistant.exe" ["Acer"] "LogitechVideo[inspector]" = "C:\Arquivos de programas\Acer\OrbiCam\InstallHelper.exe /inspect" ["Acer"] "LogitechCameraService(E)" = "C:\WINDOWS\System32\ElkCtrl.exe /automation" ["Logitech Inc."] "SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."] "AVG7_CC" = "C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "NeroFilterCheck" = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "QuickTime Task" = ""C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "SunJavaUpdateSched" = ""C:\Arquivos de programas\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."] "TkBellExe" = ""C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "Acrobat Assistant 7.0" = ""C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."] "(Default)" = "(empty string)" [file not found] "AzMixerSel" = "C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe" [file not found] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."] "BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java Plug-In SSV Helper" \InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper" \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] {C41A1C0E-EA6C-11D4-B1B8-444553540000}\(Default) = "G-Buster Browser Defense" -> {HKLM...CLSID} = "GbIehObj Class" \InProcServer32\(Default) = "C:\ARQUIV~1\GBPLUGIN\gbieh.dll" ["Banco do Brasil"] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] {E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl" -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo" -> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook" \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll" [MS] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Arquivos de programas\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento" \InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.1.0178.00.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj" -> {HKLM...CLSID} = "GbPluginObj Class" \InProcServer32\(Default) = "C:\ARQUIV~1\GBPLUGIN\gbieh.dll" ["Banco do Brasil"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Arquivos de programas\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Arquivos de programas\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Arquivos de programas\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Arquivos de programas\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{7CDDBD23-1B50-47b2-B28D-1B84D9A40ED1}" = "Sony Digital Voice File Shell Extention Module" -> {HKLM...CLSID} = "Sony Digital Voice File Shell Extention Module" \InProcServer32\(Default) = "IcdShlex.dll" ["Sony Corporation"] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\ARQUIV~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj" -> {HKLM...CLSID} = "GbPluginObj Class" \InProcServer32\(Default) = "C:\ARQUIV~1\GBPLUGIN\gbieh.dll" ["Banco do Brasil"] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> GbPluginBb\DLLName = "C:\ARQUIV~1\GBPLUGIN\gbieh.dll" ["Banco do Brasil"] <<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] <<!>> __GbPluginBb\DLLName = "C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll" ["Banco do Brasil"] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Arquivos de programas\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Windows\System\ "DisableCMD" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Disable the command prompt} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AlcoholAutoPlayV2.BurnDisc\ "Provider" = "Alcohol 120%" "InvokeProgID" = "AlcoholAutoPlayV2" "InvokeVerb" = "BurnDisc" HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Arquivos de programas\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"] AlcoholAutoPlayV2.ReadDisc\ "Provider" = "Alcohol 120%" "InvokeProgID" = "AlcoholAutoPlayV2" "InvokeVerb" = "ReadDisc" HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""C:\Arquivos de programas\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"] NeroAutoPlay7AudioToNeroDigital\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Arquivos de programas\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay7CDAudio\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Arquivos de programas\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay7CopyCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Arquivos de programas\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"] NeroAutoPlay7DataDisc\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "DataDisc_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Arquivos de programas\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"] NeroAutoPlay7LaunchNeroStartSmart\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] NeroAutoPlay7PlayAudioCD\ "Provider" = "Nero ShowTime" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Arquivos de programas\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7PlayDVD\ "Provider" = "Nero ShowTime" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Arquivos de programas\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7RipCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "RipCD_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Arquivos de programas\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay7TranscodeVideo\ "Provider" = "Nero Recode" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Arquivos de programas\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"] NeroAutoPlay7VideoCapture\ "Provider" = "Nero Vision" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Arquivos de programas\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] NeroAutoPlay7ViewPhotos\ "Provider" = "Nero PhotoSnap Viewer" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Arquivos de programas\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"] RPCDBurningOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.CDBurn.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Arquivos de programas\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."] RPDeviceOnArrival\ "Provider" = "RealPlayer" "ProgID" = "RealPlayer.HWEventHandler" HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}" -> {HKLM...CLSID} = "RealNetworks Scheduler" \LocalServer32\(Default) = ""C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."] RPPlayCDAudioOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AudioCD.6" "InvokeVerb" = "play" HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Arquivos de programas\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."] RPPlayDVDMovieOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.DVD.6" "InvokeVerb" = "play" HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Arquivos de programas\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."] RPPlayMediaOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AutoPlay.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Arquivos de programas\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."] Startup items in "valter lucio" & "All Users" startup folders: -------------------------------------------------------------- C:\Documents and Settings\valter lucio\Menu Iniciar\Programas\Inicializar <<!>> "PowerReg Scheduler.exe" [empty string] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar "Adobe Acrobat Speed Launcher" -> shortcut to: "" [file not found] Enabled Scheduled Tasks: ------------------------ "GoogleUpdateTaskUser" -> launches: "C:\Documents and Settings\valter lucio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe /c" ["Google Inc."] "startt" -> launches: "c:\start.bat" [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 22 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Pesquisar" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp" [strings]: SAFESITE_VALUE="search.MSN.com.br" Missing lines (compared with English-language version): [strings]: 2 lines Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adaptador de desempenho WMI, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS] Agere Modem Call Progress Audio, AgereModemAudio, "C:\WINDOWS\system32\agrsmsvc.exe" ["Agere Systems] AVG E-mail Scanner, AVGEMS, "C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe" ["GRISOFT, s.r.o."] AVG7 Alert Manager Server, Avg7Alrt, "C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."] Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]} Crypkey License, Crypkey License, "crypserv.exe" ["Kenonic Controls Ltd."] Java Quick Starter, JavaQuickStarterService, ""C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."] Logitech Process Monitor, LVPrcSrv, "c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe" ["Logitech"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."] Canon BJ Language Monitor i350\Driver = "CNMLM53.DLL" ["CANON INC."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- (launch time: 2008-11-04 15:07:12) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 80 seconds, including 17 seconds for message boxes)
-
sempre que executo o programa ele é interrompido pelo seguinte erro: line-1: Error: subscript used with non-array variable o que fazer?
-
reiniciei em modo seguro, mas durante o processo de verificação com o combofix há uma indicação de "atividades de rootkit" e a necessidade de reiniciar o pc. quando reinicio em modo seguro novamente tenho que "instalar" novamente o combofix e ele recomeça tudo de novo com a mesma indicação e assim sucessivamente. quando reinicio em modo normal ocorre o mesmo que ocorria, o pc se reinicia por medida de segurança... agurado novas recomendações...
-
Então, eu segui o procedimento, mas o combofix não concluiu o processo, tentei várias vezes, mas num certo momento do processo o windows reinicializava sozinho por motivo de segurança... o que pode estar acontecendo?
-
Desculpe, me enganei... ai vai? Iniciando relatório do PenClean 2.0.3 Por Renato Victor Mejias renatomejias@yahoo.com.br 24/10/2008 14:26:24 ----------------------------------------------------------- Arquivos e chaves excluídos da unidade escolhida: C:\autorun.inf foi deletado com sucesso! E:\autorun.inf foi deletado com sucesso! H:\autorun.inf foi deletado com sucesso! ----------------------------------------------------------- Fim da análise, a unidade verificada foi: "Todas as unidades" -----------------------------------------------------------
-
Log criado pelo PenClean para as unidades O volume na unidade C nÆo tem nome. O n£mero de s‚rie do volume ‚ 30A2-D3EE Pasta de C:\ 21/10/2008 17:08 103.973 2fiji.com 07/11/2007 14:50 0 AUTOEXEC.BAT 08/11/2007 16:49 211 boot.ini 28/10/2001 20:06 4.952 Bootfont.bin 07/11/2007 14:50 0 CONFIG.SYS 13/09/2008 14:47 0 dump_dvd.vob 23/10/2008 15:35 1.063.436.288 hiberfil.sys 07/11/2007 17:59 11.823 Installer.log 07/11/2007 14:50 0 IO.SYS 23/10/2008 14:37 6 ISACER.ID 07/11/2007 14:50 0 MSDOS.SYS 08/11/2007 16:44 47.564 NTDETECT.COM 08/11/2007 16:44 251.168 ntldr 23/10/2008 15:35 1.598.029.824 pagefile.sys 02/08/2008 14:44 232 sqmdata00.sqm 19/08/2008 02:08 232 sqmdata01.sqm 19/08/2008 14:29 232 sqmdata02.sqm 16/10/2008 00:07 232 sqmdata03.sqm 22/10/2008 19:09 232 sqmdata04.sqm 27/06/2008 09:39 232 sqmdata05.sqm 27/06/2008 09:40 232 sqmdata06.sqm 27/06/2008 09:41 232 sqmdata07.sqm 27/06/2008 10:27 232 sqmdata08.sqm 02/07/2008 20:23 232 sqmdata09.sqm 04/07/2008 17:55 232 sqmdata10.sqm 04/07/2008 18:17 232 sqmdata11.sqm 08/07/2008 20:27 232 sqmdata12.sqm 10/07/2008 02:51 232 sqmdata13.sqm 10/07/2008 03:08 232 sqmdata14.sqm 10/07/2008 14:32 232 sqmdata15.sqm 16/07/2008 00:20 232 sqmdata16.sqm 16/07/2008 01:54 232 sqmdata17.sqm 19/07/2008 13:49 232 sqmdata18.sqm 01/08/2008 22:27 232 sqmdata19.sqm 02/08/2008 14:44 244 sqmnoopt00.sqm 19/08/2008 02:08 244 sqmnoopt01.sqm 19/08/2008 14:29 244 sqmnoopt02.sqm 16/10/2008 00:07 244 sqmnoopt03.sqm 22/10/2008 19:09 244 sqmnoopt04.sqm 27/06/2008 09:39 244 sqmnoopt05.sqm 27/06/2008 09:40 244 sqmnoopt06.sqm 27/06/2008 09:41 244 sqmnoopt07.sqm 27/06/2008 10:27 244 sqmnoopt08.sqm 02/07/2008 20:23 244 sqmnoopt09.sqm 04/07/2008 17:55 244 sqmnoopt10.sqm 04/07/2008 18:17 244 sqmnoopt11.sqm 08/07/2008 20:27 244 sqmnoopt12.sqm 10/07/2008 02:51 244 sqmnoopt13.sqm 10/07/2008 03:08 244 sqmnoopt14.sqm 10/07/2008 14:32 244 sqmnoopt15.sqm 16/07/2008 00:20 244 sqmnoopt16.sqm 16/07/2008 01:54 244 sqmnoopt17.sqm 19/07/2008 13:49 244 sqmnoopt18.sqm 01/08/2008 22:27 244 sqmnoopt19.sqm 28/04/2008 15:26 636 start.bat 23/10/2008 11:49 104.158 xih9.cmd 22/10/2008 18:22 104.123 xlk9.com 57 arquivo(s) 2.662.104.246 bytes 0 pasta(s) 23.535.198.208 bytes dispon¡veis O volume na unidade E ‚ doc valter O n£mero de s‚rie do volume ‚ 3802-36C2 Pasta de E:\ 21/10/2008 17:08 103.973 2fiji.com 23/10/2008 11:49 104.158 xih9.cmd 22/10/2008 18:22 104.123 xlk9.com 21/10/2008 11:15 162 ~$ontamentos para a tese.doc 4 arquivo(s) 312.416 bytes 0 pasta(s) 12.375.584.768 bytes dispon¡veis O volume na unidade H ‚ UDISK 2.0 O n£mero de s‚rie do volume ‚ 16EF-BFC0 Pasta de H:\ 22/10/2008 21:38 240.128 BOMBARDI, L - geografia agr ria no debate te¢rico sobre os conceitos de campesinato e agricultura familiar.doc 22/10/2008 21:55 169.806 FREIXO, A. ; TEIXEIRA, A. - NARRATIVAS SOBRE A NATUREZA.pdf 22/10/2008 21:59 1.150.857 Maria Jos‚ Carneiro - Acesso … terra e condi‡äes sociais de gˆnero.pdf 22/10/2008 21:44 58.167 RUSCHEL, V. - A forma‡Æo da sociabilidade nos assentamentos rurais no MST.pdf 22/10/2008 22:18 92.339 TERRA TRABALHO E FAMILIA consideracoes sobre a _re_ criacao.pdf 22/10/2008 22:01 89.786 WAWZYNLAK, J. V. - Processos de Heran‡a entre Seringueiros de Rond“nia.pdf 22/10/2008 21:43 101.245 WEDIG, J. ; MARTINS, V. ; MENASCHE, R. - Plantar, criar, comer classifica‡äes da comida e das pessoas no interior de fam¡lias rurais.pdf 22/10/2008 22:16 546.363 WOORTMANN, E. - CAMBIOS DE TIEMPO Y ESPACIO CAMBIOS SOCIALES.pdf 23/10/2008 11:49 104.158 xih9.cmd 16/10/2008 11:29 101.888 Sueli e Acir [ok].doc 17/10/2008 09:43 116 Alcohol 120% v1.9.5.3105 Serial.txt 22/10/2008 11:28 76.800 jandira.doc 22/10/2008 21:35 58.368 Curso-2007-2_MP_MNA-811.doc 22/10/2008 21:53 82.209 SociedadesCamponesas12007.pdf 14 arquivo(s) 2.872.230 bytes 0 pasta(s) 3.207.815.168 bytes dispon¡veis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:11:25, on 23/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxsrvc.exe C:\WINDOWS\System32\igfxpers.exe C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Arquivos de programas\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\System32\ElkCtrl.exe C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Documents and Settings\valter lucio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\igfxext.exe C:\DOCUME~1\VALTER~1\CONFIG~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\agrsmsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\valter lucio\Desktop\PenClean.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [LManager] C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Arquivos de programas\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Arquivos de programas\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\valter lucio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- End of file - 9348 bytes
-
o antivirus q utilizo (AVG) identifica o autorun.inf como um virus mas não consegue elimina-lo. Meu pc (un lap top) anda meio estranho, não aceita, por exemplo, a função hibernar... enfim, peço, por favor, avaliar meu log. desde já agradeço, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:11:59, on 23/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\System32\igfxsrvc.exe C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Arquivos de programas\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\System32\ElkCtrl.exe C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Documents and Settings\valter lucio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\DOCUME~1\VALTER~1\CONFIG~1\Temp\RtkBtMnt.exe C:\WINDOWS\System32\igfxext.exe C:\WINDOWS\system32\agrsmsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [LManager] C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Arquivos de programas\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Arquivos de programas\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\valter lucio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A3EC1A41-0B4C-4829-B576-32378BFFF866}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- End of file - 9456 bytes