Jump to content
Fórum Script Brasil
  • 0

[Resolvido]Anti-virus, gerenc. de tarefas e firewall desativados


_Vinny_

Question

LOG:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:05:10, on 28/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

d:\Vinny\FirefoxPortable\FirefoxPortable.exe

d:\Vinny\FirefoxPortable\App\firefox\firefox.exe

C:\DOCUME~1\Vinny\CONFIG~1\Temp\winakkbl.exe

C:\DOCUME~1\Vinny\CONFIG~1\Temp\uqvio.exe

C:\DOCUME~1\Vinny\CONFIG~1\Temp\xuqm.exe

C:\Documents and Settings\Vinny\Meus documentos\Downloads\wlsetup-custom.exe

D:\Jogos\Need for Speed Underground 2\speed2.exe

C:\DOCUME~1\Vinny\CONFIG~1\Temp\winhpokmj.exe

C:\DOCUME~1\Vinny\CONFIG~1\Temp\agno.exe

C:\DOCUME~1\Vinny\CONFIG~1\Temp\w89bc7f.exe

C:\DOCUME~1\Vinny\CONFIG~1\Temp\agip.exe

C:\DOCUME~1\Vinny\CONFIG~1\Temp\hagyyf.exe

C:\DOCUME~1\Vinny\CONFIG~1\Temp\winmuamgc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{729E6C5F-9CAA-4B3B-9952-EE1DB270A577}: NameServer = 200.222.0.34 200.202.193.75

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

--

End of file - 4214 bytes

Link to post
Share on other sites

Recommended Posts

  • 0

Faça o download do Malwarebytes Anti-Malware

http://www.besttechie.net/mbam/mbam-setup.exe

  • Faça a instalação dando um duplo clique em mbam-setup.exe.
  • Marque Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em Concluir.
  • Marque Verificação Completa e depois clique em Verificar.
  • Quando o scan terminar, clique em Ok e em Mostrar Resultados para ver o log.
  • Se algo for detectado, veja se tudo está marcado e clique em Remover.
  • O log é automaticamente gravado e pode ser consultado clicando em Logs do menu principal do programa.
  • Copie e cole o conteúdo desse log na sua próxima resposta.
Poste também um novo Log do Hijackthis.
Link to post
Share on other sites
  • 0

Malwarebytes

Malwarebytes' Anti-Malware 1.42

Versão do banco de dados: 3454

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

30/12/2009 13:37:45

mbam-log-2009-12-30 (13-37-45).txt

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 165413

Tempo decorrido: 1 hour(s), 3 minute(s), 28 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 5

Pastas infectadas: 0

Arquivos infectados: 1

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

D:\Vinny\Downloads\gmaker80beta.exe (Adware.EShoper) -> Quarantined and deleted successfully.

-----------------------------------------------

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:56:02, on 30/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

D:\Vinny\FirefoxPortable\FirefoxPortable.exe

D:\Vinny\FirefoxPortable\App\firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{CA2FD5D9-105F-4BF3-8CC7-06A7F25E6AEB}: NameServer = 200.222.0.34 200.202.193.75

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

--

End of file - 4709 bytes

---------------------------------------------

Algumas informações:

Eu já tinha usado o Malwarebytes antes e mesmo assim continua na mesma.

Eu já formatei ums tres vezes, mas sempre volta asssim quando uso ou instalo programas, e isso sempre acontece quando tento instalar alguns programas ou utilizo algum aplicativo .exe.

Link to post
Share on other sites
  • 0

1) Baixe a ferramenta Fix Policies

  1. Execute a ferramenta
  2. Aguarde o termino!

2) Faça o download do Gmer:

http://www.gmer.net/gmer.zip

Após o download, extraia o arquivo para uma pasta de fácil acesso, em seguida rode o programa.

No programa, clique em Scan, e espere até o final da varredura.

Ao final, clique em Copy, e em seguida abra o NOTEPAD Ou Bloco de Notas, e aperte CTRL + V, salve o arquivo com qualquer nome, em seguida anexe-o na sua proxima mensagem, conforme instruções abaixo:

http://www.linhadefensiva.org/forum/index.php?showtopic=595

Link to post
Share on other sites
  • 0

Nenhuma das ferramentes abriu, talvez por decorrencia do virus que os bloqueia.

E sobre anexar arquivos aqui no SB, creio que para usuários comuns não é permitido.

Link to post
Share on other sites
  • 0
Eu já formatei ums tres vezes, mas sempre volta asssim quando uso ou instalo programas, e isso sempre acontece quando tento instalar alguns programas ou utilizo algum aplicativo .exe.

Esses aplicativos são de algum Backup que você fez/faz?

Refaça o download dos aplicativos acima [ Link ] mas renomeie os arquivos para um nome qualquer.

Ex: "Fix policies" para "Fix" e "Gmer" para "G"

Link to post
Share on other sites
  • 0

Os arquivos são todos da unidade D no HD, basicamente ficaram no mesmo lugar após a formatação, não foi alterado em nada.

------------

Quanto a execução dos aplicativos, o Fix Policies abriu uma janela preta e depois de uns segundos sumiu, não mostra nada.

O Gmer começa o scan, mas fecha sozinho e não dá pra copiar o resultado, e depois que ele fecha, o computador sempre reinicia.

Link to post
Share on other sites
  • 0
Os arquivos são todos da unidade D no HD, basicamente ficaram no mesmo lugar após a formatação, não foi alterado em nada.
Eles podem está infectados.

Quanto a execução dos aplicativos, o Fix Policies abriu uma janela preta e depois de uns segundos sumiu, não mostra nada.

O Fix policies é uma ferramenta .bat que roda em ambiente DOS. Ele não gera nenhum log, serve para remover o bloqueio do regedit, gerenciador de tarefas e etc.

Baixe o ComboFix e salve no desktop.

Nota: Por favor, Não utilize o ComboFix por conta própria. O uso incorreto poderá danificar o seu computador. A ferramenta apenas deve ser utilizada sob supervisão de Analistas de remoção de malware.

  • Feche todas as janelas e programas e desabilite seu programa antivirus e antispyware.
  • Dê um duplo-clique no ComboFix.exe
  • Será solicitada a instalação do Console de Recuperação, clique em Sim para iniciar o download, siga
  • normalmente as instruções do programa.
  • Ao final, clique em Sim para continuar a verificação.
  • Quando solicitado tecle "1" em seguida Enter para prosseguir o Fix. Vai durar uma média de 10 minutos.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

Link to post
Share on other sites
  • 0

# Passo 1º #

Configure seu windows para mostrar todos os arquivos ocultos

- Acesse o site http://www.virustotal.com e envie o(s) arquivo(s) abaixo para analize.

c:\windows\system32\drivers\nsjion.sys
Informe através da URL( link ) o resultado.

# Passo 2º #

Vá em Iniciar > Painel de controle > Adicionar ou remover programas e desinstale o(s) seguinte(s) software(s):

  • AskTbar

#Passo 3º #

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

Registry::

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"=-

"DisableRegistryTools"=-

"DisableRegedit"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000000

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"FirewallOverride"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"UacDisableNotify"=dword:00000000

DirLook::

c:\windows\system32\CAD072

c:\windows\system32\7C5630

c:\windows\system32\A8569C

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

cfscript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Anexe o ComboFix.txt à sua resposta conforme as instruções abaixo

http://www.linhadefensiva.org/forum/index.php?showtopic=595

Poste também um novo Log do Hijackthis.

Link to post
Share on other sites
  • 0

1 - Apos configurar para exibir arquivos , após uns segundos volta a ocultar-los novamente.

Este arquivo eu não encontrei, mesmo procurando quando exibia arqui. ocultos.

2 - Já tinha desinstalado anteriormente.

3 - Como disse anteriormente, aqui no SB, para usuários comuns, não permitido enviar anexos nas mensagens, por isso, a seguir, posto o log do combofix:

ComboFix 10-01-01.05 - Vinny 02/01/2010 17:35:00.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.447.104 [GMT -3:00]Executando de: c:\documents and settings\Vinny\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Vinny\Desktop\CFScript.txt

AV: ESET NOD32 antivirus system 0.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-02 to 2010-01-02 ))))))))))))))))))))))))))))

.

2010-01-02 14:32 . 2010-01-02 14:32 -------- d-----w- c:\arquivos de programas\AskBarDis

2010-01-01 21:52 . 2010-01-01 21:52 -------- d--h--w- c:\windows\system32\CAD072

2010-01-01 21:52 . 2010-01-01 21:52 -------- d--h--w- c:\windows\system32\7C5630

2010-01-01 21:52 . 2010-01-01 21:52 -------- d--h--w- c:\windows\system32\A8569C

2010-01-01 02:55 . 2010-01-01 02:55 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client

2010-01-01 02:50 . 2008-02-29 19:03 220400 ----a-w- c:\windows\SSUPDATE.EXE

2010-01-01 02:31 . 2010-01-01 02:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2010-01-01 02:31 . 2010-01-02 20:04 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2010-01-01 02:31 . 2010-01-01 02:31 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\SUPERAntiSpyware.com

2010-01-01 02:30 . 2010-01-01 02:30 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2010-01-01 01:04 . 2010-01-01 01:04 -------- d-----w- C:\downloads

2010-01-01 01:04 . 2010-01-01 01:04 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\GrabPro

2010-01-01 01:04 . 2010-01-02 20:32 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\Orbit

2010-01-01 01:04 . 2010-01-01 01:04 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2009-12-31 21:25 . 2008-04-14 10:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2009-12-31 20:41 . 2010-01-01 14:03 -------- d-----w- C:\PenClean

2009-12-31 13:58 . 2009-10-29 07:42 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-12-31 13:58 . 2009-10-29 07:42 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-12-31 13:58 . 2009-10-29 07:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-12-31 13:58 . 2009-10-29 07:42 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-12-31 13:58 . 2009-10-29 07:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-12-31 13:58 . 2009-10-29 07:42 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-12-31 01:53 . 2009-12-31 01:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems

2009-12-31 01:53 . 2009-12-31 01:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared

2009-12-31 01:52 . 2009-12-31 01:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-12-31 01:45 . 2009-12-31 01:45 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\Thinstall

2009-12-30 19:16 . 2009-08-04 17:27 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-12-30 19:16 . 2009-08-04 17:27 2070272 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-12-30 19:16 . 2009-08-04 17:27 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-12-30 06:38 . 2009-12-30 06:38 -------- d-----w- c:\arquivos de programas\LimeWireTurbo

2009-12-30 06:30 . 2009-12-30 06:38 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\LimeWire

2009-12-30 02:36 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-12-30 02:36 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys

2009-12-30 01:24 . 2009-12-31 15:14 -------- d-----w- c:\windows\ie8updates

2009-12-29 19:45 . 2009-12-29 19:45 -------- d-----w- c:\arquivos de programas\PluginLetras

2009-12-29 13:17 . 2009-12-29 13:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-12-29 05:50 . 2009-12-29 05:51 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-12-29 04:33 . 2010-01-01 23:24 -------- d-----w- c:\documents and settings\Vinny\Tracing

2009-12-29 04:32 . 2009-12-29 04:32 -------- d-----w- c:\arquivos de programas\Microsoft

2009-12-29 04:32 . 2009-12-29 04:32 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-12-29 02:18 . 2009-12-29 02:18 152576 ----a-w- c:\documents and settings\Vinny\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-29 02:05 . 2009-12-29 02:05 79488 ----a-w- c:\documents and settings\Vinny\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2009-12-29 01:44 . 2009-12-29 01:44 4844296 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-28 23:03 . 2009-12-28 23:03 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\Malwarebytes

2009-12-28 23:03 . 2009-12-03 19:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-28 23:03 . 2009-12-29 01:50 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-12-28 23:03 . 2009-12-28 23:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-12-28 23:03 . 2009-12-03 19:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-28 22:59 . 2009-12-28 22:59 -------- dcsh--w- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-12-28 22:59 . 2009-12-29 04:31 -------- d-----w- c:\arquivos de programas\Windows Live

2009-12-28 22:58 . 2009-12-28 22:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-12-28 22:51 . 2010-01-01 07:01 -------- d-----w- c:\documents and settings\Vinny\Shared

2009-12-28 22:50 . 2010-01-01 07:09 -------- d-----w- c:\documents and settings\Vinny\Incomplete

2009-12-28 22:50 . 2009-12-30 06:13 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\LimeWireTurbo

2009-12-28 22:50 . 2009-12-28 22:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\LimeWireTurbo

2009-12-28 22:47 . 2009-12-28 22:47 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-12-28 22:47 . 2009-12-29 02:19 -------- d-----w- c:\arquivos de programas\Java

2009-12-28 22:46 . 2009-12-28 22:46 152576 ----a-w- c:\documents and settings\Vinny\Dados de aplicativos\Sun\Java\jre1.6.0_14\lzma.dll

2009-12-28 21:59 . 2009-12-28 21:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-12-28 21:59 . 2009-12-28 21:59 -------- d-----w- c:\arquivos de programas\QuickTime Alternative

2009-12-28 21:43 . 2009-12-28 21:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2009-12-28 21:42 . 2009-12-28 21:42 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-12-28 21:42 . 2009-12-28 21:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-12-28 21:42 . 2009-12-28 21:42 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2009-12-28 21:42 . 2009-12-28 21:43 -------- d-----w- c:\arquivos de programas\Real

2009-12-28 21:39 . 2009-08-25 04:30 13312 ----a-w- c:\documents and settings\Vinny\Dados de aplicativos\Mozilla\Firefox\Profiles\1lkl5bfx.default\extensions\[email protected]\components\nsTwitterFoxSign.dll

2009-12-28 21:22 . 2009-12-28 21:22 0 ----a-w- c:\windows\nsreg.dat

2009-12-28 21:06 . 2009-12-28 21:09 -------- d-----w- c:\documents and settings\Vinny\Contacts

2009-12-28 21:05 . 2009-12-28 21:05 -------- dc----w- c:\windows\system32\DRVSTORE

2009-12-28 20:08 . 2010-01-01 03:04 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\FileZilla

2009-12-28 15:51 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-12-28 15:51 . 2009-08-06 22:23 215920 ----a-w- c:\windows\system32\muweb.dll

2009-12-28 15:44 . 2009-12-28 15:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-12-28 14:53 . 2009-12-28 14:53 -------- d-----w- c:\arquivos de programas\Trend Micro

2009-12-28 05:12 . 2006-10-10 00:47 981504 ----a-w- c:\windows\system32\drivers\smserial.sys

2009-12-28 05:12 . 2006-10-10 00:43 155648 ----a-w- c:\windows\system32\sm56co6a.dll

2009-12-26 21:00 . 2009-12-26 21:00 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\Foxit

2009-12-26 21:00 . 2009-12-26 21:00 -------- d-----w- c:\arquivos de programas\Foxit Software

2009-12-25 14:33 . 2009-12-25 14:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DirectX

2009-12-25 14:32 . 2009-12-25 14:32 8854 ----a-r- c:\documents and settings\Vinny\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

2009-12-25 14:32 . 2009-12-25 14:32 118784 ----a-r- c:\documents and settings\Vinny\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2009-12-25 14:32 . 2009-12-25 14:32 114688 ----a-r- c:\documents and settings\Vinny\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2009-12-25 14:31 . 2009-12-25 14:31 -------- d-----w- c:\arquivos de programas\CCleaner

2009-12-25 02:12 . 2009-12-25 02:12 -------- d-----w- c:\windows\system32\wbem\Repository

2009-12-25 01:59 . 2009-12-25 02:05 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\Winamp

2009-12-25 01:59 . 2009-12-25 02:05 -------- d-----w- c:\arquivos de programas\Winamp

2009-12-25 01:56 . 2009-12-25 22:42 -------- d-----w- c:\arquivos de programas\Project64 1.6

2009-12-25 01:27 . 2009-12-25 01:27 -------- d-----w- c:\arquivos de programas\Motorola

2009-12-24 03:00 . 2009-12-24 03:00 298104 ----a-w- c:\windows\system32\imon.dll

2009-12-24 03:00 . 2009-12-24 03:00 512096 ----a-w- c:\windows\system32\drivers\amon.sys

2009-12-24 03:00 . 2009-12-24 03:00 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys

2009-12-24 02:53 . 2009-12-24 02:53 -------- d-----w- c:\windows\Downloaded Installations

2009-12-24 02:48 . 2009-12-24 02:50 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\Ahead

2009-12-24 02:46 . 2009-12-24 02:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2009-12-24 02:46 . 2009-12-24 02:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2009-12-24 02:46 . 2009-12-24 02:46 -------- d-----w- c:\arquivos de programas\Nero

2009-12-24 02:39 . 2006-08-25 05:52 245760 ----a-w- c:\windows\system32\VTTrayp.exe

2009-12-24 02:39 . 2006-08-03 06:53 53248 ----a-w- c:\windows\system32\VTTimer.exe

2009-12-24 02:39 . 2005-11-01 02:35 28672 ----a-r- c:\windows\system32\VModes.exe

2009-12-24 02:39 . 2006-06-20 03:21 327680 ----a-w- c:\windows\system32\VTInfo2.dll

2009-12-24 02:39 . 2006-05-22 06:49 593920 ----a-w- c:\windows\system32\VTovrlay.dll

2009-12-24 02:39 . 2006-08-25 05:47 651264 ----a-w- c:\windows\system32\VTDisply.dll

2009-12-24 02:39 . 2006-06-22 09:05 462848 ----a-w- c:\windows\system32\VTGamma2.dll

2009-12-24 02:39 . 2006-08-25 06:13 1884160 ----a-r- c:\windows\system32\vticd.dll

2009-12-24 02:39 . 2006-08-25 06:03 264192 ----a-r- c:\windows\system32\drivers\vtmini.sys

2009-12-24 02:39 . 2006-08-25 06:03 3517952 ----a-w- c:\windows\system32\vtdisp.dll

2009-12-24 02:37 . 2006-02-23 03:39 11264 ----a-r- c:\windows\system32\drivers\xfilt.sys

2009-12-24 02:37 . 2006-02-23 03:38 9728 ----a-r- c:\windows\system32\drivers\videX32.sys

2009-12-24 02:35 . 2009-12-24 02:35 -------- d-----w- c:\arquivos de programas\VIAudioi

2009-12-24 02:35 . 2008-04-13 14:45 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys

2009-12-24 02:35 . 2008-04-13 14:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys

2009-12-24 02:35 . 2008-04-13 15:17 83072 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys

2009-12-24 02:35 . 2008-04-13 15:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys

2009-12-24 02:35 . 2008-04-13 14:45 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys

2009-12-24 02:35 . 2008-04-13 14:45 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys

2009-12-24 02:33 . 2004-04-15 10:57 42496 ----a-r- c:\windows\system32\drivers\fetnd5b.sys

2009-12-24 02:31 . 2008-04-13 14:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2009-12-24 01:14 . 2009-12-24 01:14 -------- d-sh--w- c:\documents and settings\Vinny\IECompatCache

2009-12-24 01:14 . 2009-12-24 01:14 -------- d-sh--w- c:\documents and settings\Vinny\PrivacIE

2009-12-24 01:11 . 2009-12-24 01:11 -------- d-----w- c:\arquivos de programas\S3

2009-12-24 01:04 . 2009-12-24 02:23 -------- d-----w- c:\arquivos de programas\VIAudioi(2)

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-31 05:24 . 2008-04-14 10:00 48860 ----a-w- c:\windows\system32\perfc016.dat

2009-12-31 05:24 . 2008-04-14 10:00 345068 ----a-w- c:\windows\system32\perfh016.dat

2009-12-25 01:24 . 2009-12-25 01:25 512096 ----a-w- c:\windows\system32\drivers\_mon.s00

2009-12-25 01:24 . 2009-12-25 01:25 15424 ----a-w- c:\windows\system32\drivers\_od32drv.s00

2009-12-24 03:51 . 2009-12-24 02:34 3584 ----a-w- c:\windows\system32\d3d8caps.dat

2009-12-24 02:41 . 2009-12-24 00:43 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-12-24 02:39 . 2009-12-24 02:34 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-12-24 00:42 . 2009-12-24 00:42 -------- d-----w- c:\arquivos de programas\VIA

2009-12-24 00:33 . 2009-12-24 00:33 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-12-24 00:31 . 2009-12-24 00:31 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-12-24 00:30 . 2009-12-24 00:30 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-12-24 00:29 . 2009-12-24 00:29 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-12-24 00:28 . 2009-12-24 00:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-12-24 00:27 . 2009-12-24 00:27 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-10-29 07:42 . 2008-04-14 10:00 916480 ------w- c:\windows\system32\wininet.dll

2009-10-21 05:39 . 2008-04-14 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2008-04-14 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2008-04-14 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:34 . 2008-04-14 10:00 271360 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:39 . 2008-04-14 10:00 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:39 . 2008-04-14 10:00 79872 ----a-w- c:\windows\system32\raschap.dll

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\windows\system32\7C5630 ----

2010-01-01 21:52 . 2010-01-02 13:46 1024 --sha-w- c:\windows\system32\7C5630\7207.EDT

2010-01-01 21:52 . 2010-01-02 16:13 737 --sha-w- c:\windows\system32\7C5630\7207.inf

2010-01-01 21:52 . 2010-01-02 16:00 2404 --sha-w- c:\windows\system32\7C5630\69ca.inf

---- Directory of c:\windows\system32\A8569C ----

2010-01-01 21:52 . 2010-01-01 21:52 1593985 ---h--w- c:\windows\system32\A8569C\5FEC96.EXE

---- Directory of c:\windows\system32\CAD072 ----

2010-01-01 21:52 . 2010-01-01 21:52 217088 ---h--w- c:\windows\system32\CAD072\RegEx.fnr

2010-01-01 21:52 . 2010-01-01 21:52 40960 ---h--w- c:\windows\system32\CAD072\shell.fne

2010-01-01 21:52 . 2010-01-01 21:52 73728 ---h--w- c:\windows\system32\CAD072\spec.fne

2010-01-01 21:52 . 2010-01-01 21:52 270336 ---h--w- c:\windows\system32\CAD072\com.run

2010-01-01 21:52 . 2010-01-01 21:52 114688 ---h--w- c:\windows\system32\CAD072\dp1.fne

2010-01-01 21:52 . 2010-01-01 21:52 323584 ---h--w- c:\windows\system32\CAD072\eAPI.fne

2010-01-01 21:52 . 2010-01-01 21:52 184320 ---h--w- c:\windows\system32\CAD072\internet.fne

2010-01-01 21:52 . 2010-01-01 21:52 1097728 ---h--w- c:\windows\system32\CAD072\krnln.fnr

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-18 15:58 333192 ----a-w- c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 212992]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3957568]

"Google Update"="c:\documents and settings\Vinny\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-01-01 205296]

"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1551600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 618496]

"VTTimer"="VTTimer.exe" [2006-08-03 53248]

"VTTrayp"="VTtrayp.exe" [2006-08-25 245760]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 233472]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-10 802816]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-12-28 255528]

"5FEC96"="c:\windows\system32\A8569C\5FEC96.EXE" [2010-01-01 1593985]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1541456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Vinny\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 187392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 15:41 294912 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"d:\\Jogos\\World.Soccer.Winning.Eleven.9\\we9.exe"=

"d:\\Vinny\\Downloads\\ccsetup221_slim.exe"=

"c:\\Arquivos de programas\\CCleaner\\CCleaner.exe"=

"d:\\Jogos\\ZSNES W\\zsnesw.exe"=

"d:\\Jogos\\Nintendo 64\\Project 64.exe"=

"d:\\Jogos\\Need for Speed Underground 2\\speed2.exe"=

"c:\\Arquivos de programas\\VIAudioi\\SBADeck\\ADeck.exe"=

"c:\\WINDOWS\\system32\\VTtrayp.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\LimeWireTurbo\\LimeWireTurbo.exe"=

"c:\\WINDOWS\\System32\\rasautou.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Documents and Settings\\Vinny\\Configurações locais\\Dados de aplicativos\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

"c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

"c:\\Arquivos de programas\\Real\\RealPlayer\\RealPlay.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23/12/2009 23:37 11264]

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [24/12/2009 00:00 15424]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [29/2/2008 16:03 51440]

R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\nsjion.sys --> c:\windows\system32\drivers\nsjion.sys [?]

R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [16/2/2006 16:51 4096]

S1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [29/2/2008 16:03 8944]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-01-02 c:\windows\Tasks\User_Feed_Synchronization-{94C844D4-C736-4258-95A4-0241302CEFB4}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

LSP: c:\windows\system32\imon.dll

FF - ProfilePath - c:\documents and settings\Vinny\Dados de aplicativos\Mozilla\Firefox\Profiles\1lkl5bfx.default\

FF - prefs.js: browser.search.selectedEngine - phpBB Portugal

FF - component: c:\arquivos de programas\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll

FF - component: c:\documents and settings\Vinny\Dados de aplicativos\Mozilla\Firefox\Profiles\1lkl5bfx.default\extensions\[email protected]\components\nsTwitterFoxSign.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AudioDeck = c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???e:\audio\via????f??|???|?????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos:

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(472)

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(5404)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2010-01-02 17:45:37

ComboFix-quarantined-files.txt 2010-01-02 20:45

ComboFix2.txt 2010-01-02 16:25

Pré-execução: 6 pasta(s) 19.820.400.640 bytes disponíveis

Pós execução: 7 pasta(s) 19.820.158.976 bytes disponíveis

- - End Of File - - 44E9F18EC9338361930A9CEFE3E69DD6

Link to post
Share on other sites
  • 0

Leia atentamente toda a instrução abaixo antes de executar o programa.

Faça download do Kaspersky Removal Tool e salve em seu desktop.

  • Instale o programa normalmente, seguindo todas as instruções.
  • Uma pasta chamada Virus Removal Tool será criada no desktop.
  • Na tela do programa clique nas opções:
    • Meu computador
    • Hidden Startup objects
    • Disk boot sectors
    • System Memory
  • Clique no botão Start Scan.
  • Seja paciente, o scan é demorado!
  • Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.
  • Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:
    • Desinfection (quando possível)
    • Delete
    • Skip
  • Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
  • Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
    • Autoscan
    • Group by result
    • All Events
  • Expanda Autoscan clicando no sinal ao lado de +
  • Expanda Result: Detected.
  • Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.
  • Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.
  • Abra o Bloco de Notas e cole (ctrl + v)
  • Dê um nome para o arquivo e salve numa pasta de sua preferência.
  • Feche o resultado clicando no botão Exit.
  • Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.
  • Reinicie o computador quando for pedido.
  • Poste o conteúdo desse arquivo em sua próxima resposta.
OBSERVAÇÃO1: Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,
  • verde: baixo risco
  • amarelo: médio risco
  • vermelho: alto risco
Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em Skip.

OBSERVAÇÃO2: Se no resultado final do scan apenas tiver Result: OK, não precisa gerar um relatório, apenas informe deste.

OBSERVAÇÃO3: Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus: c:\QooBox. Caso isto aconteça escolha a opção Skip, pois a mesma pertence ao ComboFix e será removida quando o mesmo for desinstalado.

Edited by killer ™
Link to post
Share on other sites
  • 0
killer ™ não estou conseguindo baixar esta ferramenta. Nem pelo link, nem por sites de download e nem pelo site da Kaspersky. :(
Link to post
Share on other sites
  • 0

Baixe -> Random's System Information Tool (RSIT), de random/random

Salve na sua área de trabalho.

Execute o RSIT.exe

Observe já na primeira janela do RSIT, onde diz:

List files/folders created or modified in the last: 1 month

Mude para 2 months e depois clique em Continue.

Quando terminar, dois blocos de notas serão abertos:

log.txt -> abrirá maximizado

info.txt -> abrirá minimizado.

Copie o conteúdo do arquivo info.txt e cole na sua resposta.

Anexe o arquivo log.txt

Uma cópia desses arquivos ficará salva na pasta C:\RSIT

Obs: Se o seu firewall alertar sobre o arquivo rsit.exe tentando se conectar, certifique-se de permitir (allow).

Edited by killer ™
Link to post
Share on other sites
  • 0

1. Faça o download do RatsCheddar

Execute o software e marque a opção enable em todas as opções.

Reinicie o Computador.

2. Faça o Download do Ccleaner Slim ( Atenção: Esta versão não possui a Yahoo Toolbar para Internet Explorer, caso queira, sugiro que visite esta pagina.)

  • Instale o programa
  • Clique em Registro > procurar erros > corrigir erros selecionados.
  • Depois, clique em Limpador > analisar > executar Ccleaner.
Se desejar, leia o tutorial do programa:

http://linhadefensiva.org/forum/index.php?showtopic=12395

3. Faça o download do Flash_Disinfector.exe e salve no seu desktop (Ambiente de Trabalho):

  • Caso possua algo do tipo (pen drives, hd's externos, etc.), peço que conecte-as ao computador antes de iniciar o processo de remoção.
  • Duplo clique em Flash_Disinfector.exe.
  • Ao aparecer uma mensagem na tela, confirme no OK
  • Aguarde, o desktop irá sumir por alguns segundos.
  • Quando a execução concluir, irá aparecer na tela a mensagem "Done"
  • Reinicie o seu computador.

4. Poste um novo log do RSIT.

Edited by killer ™
Link to post
Share on other sites
  • 0

Olá, você conhece essas pastas?

c:\windows\system32\CAD072
c:\windows\system32\7C5630
c:\windows\system32\A8569C
Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento. Caso possua algo do tipo (pen drives, hd's externos, etc.), peço que conecte-as ao computador antes de iniciar o processo de remoção. Selecione e copie o texto dentro do QUOTE abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.
Driver::
abp470n5

File::
G:\olxo.pif
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winakkbl.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\herss.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\uqvio.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjvjyaw.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winmlrp.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winnrjdvi.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winnrjdvi.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winklnnon.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winkkwrc.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winlfjuf.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\nuswy.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winurgu.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winqhsagc.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winiiklnk.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\iuptlf.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\qayy.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winsmfqiq.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\bdeus.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winxdcw.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winrkip.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\twmhe.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\jwwodh.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\qaotir.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winnmqfxc.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\byaj.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjcue.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\fvgen.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\vttsq.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winfcnxq.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\wgfar.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\ybmkyg.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\windvdmu.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\jrqpep.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winppcib.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winaeqfkr.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\ekic.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winypax.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\ldbxo.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjwdbn.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winypqpg.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\gndk.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\xfpgq.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjhws.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\wvfbr.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winxkgn.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winvscfip.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winlnycvu.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\wbbpvv.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\wingfevj.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winmcfvu.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjrej.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\windvnio.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\ysockm.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winnllvdh.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\myls.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winaarw.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winwmpiil.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\frvd.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\wingwmt.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winenkm.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\yqmj.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\wmbu.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjtgqe.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\humaxy.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\axjou.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\jrgt.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\dpybb.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winhwnhiq.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winbotw.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\wincfwwm.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winsitpc.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winhmnxg.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\xgqel.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\xkwchl.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\pstd.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjgtt.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\xfhas.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winblrhro.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\wintnep.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\ukgd.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winosnir.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\vusi.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\iyja.exe
C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjnxxb.exe
G:\gvddya.pif
G:\fpap.pif
G:\1a1dndah.exe
C:\WINDOWS\system32\drivers\nsjion.sys

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cf1b758-f4b1-11de-ab72-898dc512f0d7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88a8be29-f587-11de-ab7c-e806df23e804}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f08d2811-f3f9-11de-ab6f-e81bd16e195d}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegedit"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"G:\olxo.pif"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winakkbl.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\uqvio.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjvjyaw.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winmlrp.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winnrjdvi.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winnrjdvi.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winklnnon.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winkkwrc.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winlfjuf.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\nuswy.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winurgu.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winqhsagc.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winiiklnk.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\iuptlf.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\qayy.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winsmfqiq.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\bdeus.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winxdcw.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winrkip.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\twmhe.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\jwwodh.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\qaotir.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winnmqfxc.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\byaj.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjcue.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\fvgen.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\vttsq.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winfcnxq.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\wgfar.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\ybmkyg.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\windvdmu.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\jrqpep.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winppcib.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winaeqfkr.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\ekic.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winypax.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\ldbxo.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjwdbn.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winypqpg.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\gndk.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\xfpgq.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjhws.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\wvfbr.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winxkgn.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winvscfip.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winlnycvu.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\wbbpvv.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\wingfevj.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winmcfvu.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjrej.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\windvnio.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\ysockm.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winnllvdh.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\myls.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winaarw.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winwmpiil.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\frvd.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\wingwmt.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winenkm.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\yqmj.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\wmbu.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjtgqe.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\humaxy.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\axjou.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\jrgt.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\dpybb.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winhwnhiq.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winbotw.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\wincfwwm.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winsitpc.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winhmnxg.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\xgqel.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\xkwchl.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\pstd.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjgtt.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\xfhas.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winblrhro.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\wintnep.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\ukgd.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winosnir.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\vusi.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\iyja.exe"=-
"C:\DOCUME~1\Vinny\CONFIG~1\Temp\winjnxxb.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cdoosoft"=-

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

cfscript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Poste o log.

Link to post
Share on other sites
  • 0

c:\windows\system32\CAD072
c:\windows\system32\7C5630
c:\windows\system32\A8569C

Tenho quase certeza que estas páginas são virus, já vi algumas parecidas a tempos atras.

----------------------------------------------------

ComboFix 10-01-01.05 - Vinny 04/01/2010 17:38:26.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.447.167 [GMT -3:00]

Executando de: c:\documents and settings\Vinny\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Vinny\Desktop\CFScript.txt

AV: ESET NOD32 antivirus system 0.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::

"c:\docume~1\Vinny\CONFIG~1\Temp\axjou.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\bdeus.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\byaj.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\dpybb.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\ekic.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\frvd.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\fvgen.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\gndk.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\herss.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\humaxy.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\iuptlf.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\iyja.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\jrgt.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\jrqpep.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\jwwodh.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\ldbxo.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\myls.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\nuswy.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\pstd.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\qaotir.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\qayy.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\twmhe.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\ukgd.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\uqvio.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\vttsq.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\vusi.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\wbbpvv.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\wgfar.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winaarw.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winaeqfkr.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winakkbl.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winblrhro.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winbotw.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\wincfwwm.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\windvdmu.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\windvnio.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winenkm.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winfcnxq.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\wingfevj.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\wingwmt.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winhmnxg.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winhwnhiq.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winiiklnk.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winjcue.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winjgtt.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winjhws.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winjnxxb.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winjrej.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winjtgqe.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winjvjyaw.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winjwdbn.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winkkwrc.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winklnnon.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winlfjuf.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winlnycvu.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winmcfvu.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winmlrp.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winnllvdh.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winnmqfxc.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winnrjdvi.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winosnir.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winppcib.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winqhsagc.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winrkip.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winsitpc.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winsmfqiq.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\wintnep.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winurgu.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winvscfip.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winwmpiil.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winxdcw.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winxkgn.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winypax.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\winypqpg.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\wmbu.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\wvfbr.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\xfhas.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\xfpgq.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\xgqel.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\xkwchl.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\ybmkyg.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\yqmj.exe"

"c:\docume~1\Vinny\CONFIG~1\Temp\ysockm.exe"

"c:\windows\system32\drivers\nsjion.sys"

"G:\1a1dndah.exe"

"G:\fpap.pif"

"G:\gvddya.pif"

"G:\olxo.pif"

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

c:\documents and settings\Vinny\Menu Iniciar\Programas\Inicializar\¡¡¡¡¡¡.lnk

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ABP470N5

-------\Service_abp470n5

(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-04 to 2010-01-04 ))))))))))))))))))))))))))))

.

2010-01-04 02:21 . 2010-01-04 02:21 -------- d--h--w- c:\windows\PIF

2010-01-03 23:22 . 2010-01-03 23:22 -------- d-----w- C:\rsit

2010-01-02 22:24 . 2008-04-14 10:00 110080 ----a-w- C:\wpabaln.exe

2010-01-02 22:23 . 2010-01-03 04:40 592 ----a-w- c:\windows\chgkey.vbs

2010-01-02 21:04 . 2010-01-02 21:04 -------- d-----w- c:\windows\system32\wbem\Repository

2010-01-02 14:32 . 2010-01-02 14:32 -------- d-----w- c:\arquivos de programas\AskBarDis

2010-01-01 21:52 . 2010-01-04 13:50 -------- d--h--w- c:\windows\system32\CAD072

2010-01-01 21:52 . 2010-01-01 21:52 -------- d--h--w- c:\windows\system32\7C5630

2010-01-01 21:52 . 2010-01-01 21:52 -------- d--h--w- c:\windows\system32\A8569C

2010-01-01 02:55 . 2010-01-01 02:55 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client

2010-01-01 02:50 . 2008-02-29 19:03 220400 ----a-w- c:\windows\SSUPDATE.EXE

2010-01-01 02:31 . 2010-01-01 02:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2010-01-01 02:31 . 2010-01-02 20:04 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2010-01-01 02:31 . 2010-01-01 02:31 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\SUPERAntiSpyware.com

2010-01-01 02:30 . 2010-01-01 02:30 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2010-01-01 01:04 . 2010-01-01 01:04 -------- d-----w- C:\downloads

2010-01-01 01:04 . 2010-01-01 01:04 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\GrabPro

2010-01-01 01:04 . 2010-01-03 01:05 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\Orbit

2010-01-01 01:04 . 2010-01-01 01:04 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2009-12-31 21:25 . 2008-04-14 10:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2009-12-31 20:41 . 2010-01-03 00:09 -------- d-----w- C:\PenClean

2009-12-31 13:58 . 2009-10-29 07:42 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-12-31 13:58 . 2009-10-29 07:42 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-12-31 13:58 . 2009-10-29 07:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-12-31 13:58 . 2009-10-29 07:42 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-12-31 13:58 . 2009-10-29 07:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-12-31 13:58 . 2009-10-29 07:42 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-12-31 01:53 . 2009-12-31 01:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems

2009-12-31 01:53 . 2009-12-31 01:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared

2009-12-31 01:52 . 2009-12-31 01:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-12-31 01:45 . 2009-12-31 01:45 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\Thinstall

2009-12-30 19:16 . 2009-08-04 17:27 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-12-30 19:16 . 2009-08-04 17:27 2070272 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-12-30 19:16 . 2009-08-04 17:27 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-12-30 06:38 . 2009-12-30 06:38 -------- d-----w- c:\arquivos de programas\LimeWireTurbo

2009-12-30 06:30 . 2009-12-30 06:38 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\LimeWire

2009-12-30 02:36 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-12-30 02:36 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys

2009-12-30 01:24 . 2009-12-31 15:14 -------- d-----w- c:\windows\ie8updates

2009-12-29 19:45 . 2009-12-29 19:45 -------- d-----w- c:\arquivos de programas\PluginLetras

2009-12-29 13:17 . 2009-12-29 13:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-12-29 05:50 . 2010-01-04 20:05 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-12-29 04:33 . 2010-01-04 20:47 -------- d-----w- c:\documents and settings\Vinny\Tracing

2009-12-29 04:32 . 2009-12-29 04:32 -------- d-----w- c:\arquivos de programas\Microsoft

2009-12-29 04:32 . 2009-12-29 04:32 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-12-29 02:18 . 2009-12-29 02:18 152576 ----a-w- c:\documents and settings\Vinny\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-29 02:05 . 2009-12-29 02:05 79488 ----a-w- c:\documents and settings\Vinny\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2009-12-29 01:44 . 2009-12-29 01:44 4844296 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-28 23:03 . 2009-12-28 23:03 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\Malwarebytes

2009-12-28 23:03 . 2009-12-03 19:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-28 23:03 . 2009-12-29 01:50 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-12-28 23:03 . 2009-12-28 23:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-12-28 23:03 . 2009-12-03 19:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-28 22:59 . 2009-12-28 22:59 -------- dcsh--w- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-12-28 22:59 . 2009-12-29 04:31 -------- d-----w- c:\arquivos de programas\Windows Live

2009-12-28 22:58 . 2009-12-28 22:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-12-28 22:51 . 2010-01-04 18:01 -------- d-----w- c:\documents and settings\Vinny\Shared

2009-12-28 22:50 . 2010-01-04 18:14 -------- d-----w- c:\documents and settings\Vinny\Incomplete

2009-12-28 22:50 . 2009-12-30 06:13 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\LimeWireTurbo

2009-12-28 22:50 . 2009-12-28 22:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\LimeWireTurbo

2009-12-28 22:47 . 2009-12-28 22:47 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-12-28 22:47 . 2009-12-29 02:19 -------- d-----w- c:\arquivos de programas\Java

2009-12-28 22:46 . 2009-12-28 22:46 152576 ----a-w- c:\documents and settings\Vinny\Dados de aplicativos\Sun\Java\jre1.6.0_14\lzma.dll

2009-12-28 21:59 . 2009-12-28 21:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-12-28 21:59 . 2009-12-28 21:59 -------- d-----w- c:\arquivos de programas\QuickTime Alternative

2009-12-28 21:43 . 2009-12-28 21:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2009-12-28 21:42 . 2009-12-28 21:42 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-12-28 21:42 . 2009-12-28 21:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-12-28 21:42 . 2009-12-28 21:42 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2009-12-28 21:42 . 2009-12-28 21:43 -------- d-----w- c:\arquivos de programas\Real

2009-12-28 21:39 . 2009-08-25 04:30 13312 ----a-w- c:\documents and settings\Vinny\Dados de aplicativos\Mozilla\Firefox\Profiles\1lkl5bfx.default\extensions\[email protected]\components\nsTwitterFoxSign.dll

2009-12-28 21:22 . 2009-12-28 21:22 0 ----a-w- c:\windows\nsreg.dat

2009-12-28 21:06 . 2009-12-28 21:09 -------- d-----w- c:\documents and settings\Vinny\Contacts

2009-12-28 21:05 . 2009-12-28 21:05 -------- dc----w- c:\windows\system32\DRVSTORE

2009-12-28 20:08 . 2010-01-03 00:37 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\FileZilla

2009-12-28 15:51 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-12-28 15:51 . 2009-08-06 22:23 215920 ----a-w- c:\windows\system32\muweb.dll

2009-12-28 15:44 . 2009-12-28 15:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-12-28 14:53 . 2009-12-28 14:53 -------- d-----w- c:\arquivos de programas\Trend Micro

2009-12-28 05:12 . 2006-10-10 00:47 981504 ----a-w- c:\windows\system32\drivers\smserial.sys

2009-12-28 05:12 . 2006-10-10 00:43 155648 ----a-w- c:\windows\system32\sm56co6a.dll

2009-12-26 21:00 . 2009-12-26 21:00 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\Foxit

2009-12-26 21:00 . 2009-12-26 21:00 -------- d-----w- c:\arquivos de programas\Foxit Software

2009-12-25 14:33 . 2009-12-25 14:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DirectX

2009-12-25 14:32 . 2009-12-25 14:32 8854 ----a-r- c:\documents and settings\Vinny\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

2009-12-25 14:32 . 2009-12-25 14:32 118784 ----a-r- c:\documents and settings\Vinny\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2009-12-25 14:32 . 2009-12-25 14:32 114688 ----a-r- c:\documents and settings\Vinny\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2009-12-25 14:31 . 2009-12-25 14:31 -------- d-----w- c:\arquivos de programas\CCleaner

2009-12-25 01:59 . 2010-01-04 15:19 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\Winamp

2009-12-25 01:59 . 2010-01-04 13:38 -------- d-----w- c:\arquivos de programas\Winamp

2009-12-25 01:56 . 2009-12-25 22:42 -------- d-----w- c:\arquivos de programas\Project64 1.6

2009-12-25 01:27 . 2009-12-25 01:27 -------- d-----w- c:\arquivos de programas\Motorola

2009-12-24 03:00 . 2009-12-24 03:00 298104 ----a-w- c:\windows\system32\imon.dll

2009-12-24 03:00 . 2009-12-24 03:00 512096 ----a-w- c:\windows\system32\drivers\amon.sys

2009-12-24 03:00 . 2009-12-24 03:00 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys

2009-12-24 02:53 . 2009-12-24 02:53 -------- d-----w- c:\windows\Downloaded Installations

2009-12-24 02:48 . 2009-12-24 02:50 -------- d-----w- c:\documents and settings\Vinny\Dados de aplicativos\Ahead

2009-12-24 02:46 . 2009-12-24 02:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2009-12-24 02:46 . 2009-12-24 02:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2009-12-24 02:46 . 2009-12-24 02:46 -------- d-----w- c:\arquivos de programas\Nero

2009-12-24 02:39 . 2006-08-25 05:52 245760 ----a-w- c:\windows\system32\VTTrayp.exe

2009-12-24 02:39 . 2006-08-03 06:53 53248 ----a-w- c:\windows\system32\VTTimer.exe

2009-12-24 02:39 . 2005-11-01 02:35 28672 ----a-r- c:\windows\system32\VModes.exe

2009-12-24 02:39 . 2006-06-20 03:21 327680 ----a-w- c:\windows\system32\VTInfo2.dll

2009-12-24 02:39 . 2006-05-22 06:49 593920 ----a-w- c:\windows\system32\VTovrlay.dll

2009-12-24 02:39 . 2006-08-25 05:47 651264 ----a-w- c:\windows\system32\VTDisply.dll

2009-12-24 02:39 . 2006-06-22 09:05 462848 ----a-w- c:\windows\system32\VTGamma2.dll

2009-12-24 02:39 . 2006-08-25 06:13 1884160 ----a-r- c:\windows\system32\vticd.dll

2009-12-24 02:39 . 2006-08-25 06:03 264192 ----a-r- c:\windows\system32\drivers\vtmini.sys

2009-12-24 02:39 . 2006-08-25 06:03 3517952 ----a-w- c:\windows\system32\vtdisp.dll

2009-12-24 02:37 . 2006-02-23 03:39 11264 ----a-r- c:\windows\system32\drivers\xfilt.sys

2009-12-24 02:37 . 2006-02-23 03:38 9728 ----a-r- c:\windows\system32\drivers\videX32.sys

2009-12-24 02:35 . 2009-12-24 02:35 -------- d-----w- c:\arquivos de programas\VIAudioi

2009-12-24 02:35 . 2008-04-13 14:45 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys

2009-12-24 02:35 . 2008-04-13 14:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys

2009-12-24 02:35 . 2008-04-13 15:17 83072 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys

2009-12-24 02:35 . 2008-04-13 15:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys

2009-12-24 02:35 . 2008-04-13 14:45 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys

2009-12-24 02:35 . 2008-04-13 14:45 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys

2009-12-24 02:33 . 2004-04-15 10:57 42496 ----a-r- c:\windows\system32\drivers\fetnd5b.sys

2009-12-24 02:31 . 2008-04-13 14:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2009-12-24 01:14 . 2009-12-24 01:14 -------- d-sh--w- c:\documents and settings\Vinny\IECompatCache

2009-12-24 01:14 . 2009-12-24 01:14 -------- d-sh--w- c:\documents and settings\Vinny\PrivacIE

2009-12-24 01:11 . 2009-12-24 01:11 -------- d-----w- c:\arquivos de programas\S3

2009-12-24 01:04 . 2009-12-24 02:23 -------- d-----w- c:\arquivos de programas\VIAudioi(2)

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-02 21:10 . 2008-04-14 10:00 48860 ----a-w- c:\windows\system32\perfc016.dat

2010-01-02 21:10 . 2008-04-14 10:00 345068 ----a-w- c:\windows\system32\perfh016.dat

2010-01-02 21:04 . 2010-01-02 21:04 128546 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1046.dat

2010-01-02 21:04 . 2009-12-24 00:30 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-12-25 01:24 . 2009-12-25 01:25 512096 ----a-w- c:\windows\system32\drivers\_mon.s00

2009-12-25 01:24 . 2009-12-25 01:25 15424 ----a-w- c:\windows\system32\drivers\_od32drv.s00

2009-12-24 03:51 . 2009-12-24 02:34 3584 ----a-w- c:\windows\system32\d3d8caps.dat

2009-12-24 02:41 . 2009-12-24 00:43 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-12-24 02:39 . 2009-12-24 02:34 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-12-24 00:42 . 2009-12-24 00:42 -------- d-----w- c:\arquivos de programas\VIA

2009-12-24 00:33 . 2009-12-24 00:33 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-12-24 00:31 . 2009-12-24 00:31 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-12-24 00:29 . 2009-12-24 00:29 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-12-24 00:28 . 2009-12-24 00:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-12-24 00:27 . 2009-12-24 00:27 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-10-29 07:42 . 2008-04-14 10:00 916480 ------w- c:\windows\system32\wininet.dll

2009-10-21 05:39 . 2008-04-14 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2008-04-14 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2008-04-14 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:34 . 2008-04-14 10:00 271360 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:39 . 2008-04-14 10:00 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:39 . 2008-04-14 10:00 79872 ----a-w- c:\windows\system32\raschap.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 212992]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]

"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1551600]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 618496]

"VTTimer"="VTTimer.exe" [2006-08-03 53248]

"VTTrayp"="VTtrayp.exe" [2006-08-25 245760]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 233472]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-10 802816]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-12-28 255528]

"5FEC96"="c:\windows\system32\A8569C\5FEC96.EXE" [2010-01-01 1593985]

"WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2009-07-01 115712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\CCleaner\\CCleaner.exe"=

"d:\\Jogos\\ZSNES W\\zsnesw.exe"=

"d:\\Jogos\\Nintendo 64\\Project 64.exe"=

"d:\\Jogos\\Need for Speed Underground 2\\speed2.exe"=

"c:\\Arquivos de programas\\VIAudioi\\SBADeck\\ADeck.exe"=

"c:\\WINDOWS\\system32\\VTtrayp.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\LimeWireTurbo\\LimeWireTurbo.exe"=

"c:\\WINDOWS\\System32\\rasautou.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23/12/2009 23:37 11264]

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [24/12/2009 00:00 15424]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [29/2/2008 16:03 8944]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [29/2/2008 16:03 51440]

R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [16/2/2006 16:51 4096]

S0 d347bus;d347bus;c:\windows\system32\DRIVERS\d347bus.sys --> c:\windows\system32\DRIVERS\d347bus.sys [?]

S0 d347prt;d347prt;c:\windows\system32\Drivers\d347prt.sys --> c:\windows\system32\Drivers\d347prt.sys [?]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - ABP470N5

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-01-04 c:\windows\Tasks\User_Feed_Synchronization-{94C844D4-C736-4258-95A4-0241302CEFB4}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

LSP: c:\windows\system32\imon.dll

FF - ProfilePath - c:\documents and settings\Vinny\Dados de aplicativos\Mozilla\Firefox\Profiles\1lkl5bfx.default\

FF - component: c:\arquivos de programas\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll

FF - component: c:\documents and settings\Vinny\Dados de aplicativos\Mozilla\Firefox\Profiles\1lkl5bfx.default\extensions\[email protected]\components\nsTwitterFoxSign.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-04 17:47

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AudioDeck = c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???e:\audio\via????f??|???|?????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3036)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\VTTimer.exe

c:\windows\system32\VTtrayp.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-01-04 17:51:05 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-01-04 20:51

ComboFix2.txt 2010-01-02 20:45

ComboFix3.txt 2010-01-02 16:25

Pré-execução: 7 pasta(s) 20.738.756.608 bytes disponíveis

Pós execução: 9 pasta(s) 20.740.497.408 bytes disponíveis

- - End Of File - - E6D3B0211DBC413AC7ECD65AC74995E7

Link to post
Share on other sites
  • 0

1. Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Caso possua algo do tipo (pen drives, hd's externos, etc.), peço que conecte-as ao computador antes de iniciar o processo de remoção.

Selecione e copie o texto dentro do QUOTE abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

Folder::
C:\windows\system32\CAD072
C:\windows\system32\7C5630
C:\windows\system32\A8569C
C:\arquivos de programas\AskBarDis

File::
G:\Notepad.exe
F:\Notepad.exe
H:\Notepad.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0ee28f1-f230-11de-ab60-f161b1e646a3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{777ba0d0-f034-11de-9af6-001a4da7ab37}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0262b918-f8d7-11de-ab89-e561530b926e}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"5FEC96"=-

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

cfscript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

2. Baixe a ferramenta Fix Policies

  1. Execute a ferramenta
  2. Aguarde o termino!
3. Gere um novo log do RSIT e poste juntamente com o log do Combofix.

4. Informe se você consegue acessar o Regedit, Gerenciador de tarefas e etc.

Edited by killer ™
Link to post
Share on other sites
  • 0

Desative temporiariamente seu AntiVirus

  1. Utilize o Navegador Internet Explorer para utilizar o serviço!
  2. Acesse o site AQUI
  3. Faça o scan de acordo com a imagem abaixo:

    75708734.gif

  4. Ao final da verificação marque a caixa "Delete Quarantined files" e clique em [FINISH]

    Será gerado um relatório, que estará em:

C:\Arquivos de programas\EsetOnlineScanner\log.txt
Link to post
Share on other sites
  • 0

O scan online fica quase uma hora carregando e quando conclui fica uma página em branco.

Link to post
Share on other sites
  • 0

1. Faça o download do DDS e salve no desktop.

  • Temporariamente desative seus programas de proteção.
  • Duplo clique em dds.scr.
  • Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
  • Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
  • Salve os resultados e cole-os no seu tópico.
Link to post
Share on other sites
Guest
This topic is now closed to further replies.


  • Forum Statistics

    • Total Topics
      148878
    • Total Posts
      644886
×
×
  • Create New...