Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Celia hardware

Logs para análise

Recommended Posts

DDS (Ver_10-03-17.01) - NTFSx86

Run by celia at 11:11:21,91 on 22/07/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2813.1881 [GMT -3:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\celia\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-7-18 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-7-18 173104]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-20 165456]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20100709.001\BHDrvx86.sys [2010-6-18 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-7-18 501888]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20100720.001\IDSvix86.sys [2010-7-20 344112]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-7-18 116784]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys [2010-7-18 339504]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-20 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-20 50256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-20 40384]

R2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-7-18 126392]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-20 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-20 40384]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-18 102448]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-18 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-19 1343400]

=============== Created Last 30 ================

2010-07-21 18:15:06 0 d-----w- c:\programdata\Office Genuine Advantage

2010-07-21 00:53:44 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-07-21 00:52:57 38848 ----a-w- c:\windows\avastSS.scr

2010-07-21 00:41:00 0 d-----w- c:\programdata\Alwil Software

2010-07-20 23:59:06 0 d-----w- c:\users\celia\appdata\roaming\Tific

2010-07-20 23:57:28 324942805 ----a-w- c:\windows\MEMORY.DMP

2010-07-19 23:16:26 0 d-----w- c:\windows\system32\Wat

2010-07-19 17:15:12 257024 ----a-w- c:\windows\system32\msv1_0.dll

2010-07-19 17:14:21 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-07-19 17:14:21 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-07-19 17:14:21 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-07-19 17:14:21 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-07-19 17:14:21 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-07-19 16:38:50 67584 ----a-w- c:\windows\system32\asycfilt.dll

2010-07-19 16:37:52 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-07-19 16:37:52 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-07-19 16:37:52 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-07-19 16:37:49 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-07-19 16:37:49 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-07-19 16:37:49 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-07-19 16:22:42 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-07-19 08:28:29 0 d-sh--w- C:\Boot

2010-07-19 08:25:13 383562 --sha-r- C:\bootmgr

2010-07-19 03:21:02 0 d-----w- c:\windows\Panther

2010-07-19 03:20:50 8192 --sha-r- C:\BOOTSECT.BAK

2010-07-19 03:20:21 654272 ----a-w- c:\windows\system32\prfh0416.dat

2010-07-19 03:20:21 38536 ----a-w- c:\windows\system32\prfd0416.dat

2010-07-19 03:20:21 323154 ----a-w- c:\windows\system32\prfi0416.dat

2010-07-19 03:20:21 124724 ----a-w- c:\windows\system32\prfc0416.dat

2010-07-19 03:20:07 0 d-----w- c:\windows\pt-BR

2010-07-19 03:20:06 0 d-----w- c:\windows\system32\XPSViewer

2010-07-19 03:20:06 0 d-----w- c:\windows\system32\drivers\pt-BR

2010-07-19 03:20:05 0 d-----w- c:\windows\system32\wbem\pt-BR

2010-07-18 23:55:46 0 d-----w- c:\users\celia\Tracing

2010-07-18 23:51:04 0 d-----w- c:\program files\Microsoft Office Outlook Connector

2010-07-18 23:49:51 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2010-07-18 23:49:34 20 ----a-w- c:\windows\¸ö]

2010-07-18 23:49:34 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-07-18 23:48:44 0 d-----w- c:\program files\Microsoft

2010-07-18 23:48:17 0 d-----w- c:\program files\Windows Live SkyDrive

2010-07-18 23:37:16 0 d-----w- c:\program files\common files\Windows Live

2010-07-18 23:19:00 0 d-----w- c:\programdata\Adobe

2010-07-18 23:16:43 0 d-----w- c:\programdata\McAfee

2010-07-18 23:14:43 418 ----a-w- c:\windows\ODBC.INI

2010-07-18 23:14:40 28040 ----a-w- c:\windows\system32\mdimon.dll

2010-07-18 23:07:09 0 d-----w- c:\windows\PCHEALTH

2010-07-18 22:50:02 0 d-sh--w- c:\windows\Installer

2010-07-18 22:49:54 0 d-----w- c:\programdata\Google

2010-07-18 22:49:29 0 d-----w- c:\programdata\NOS

2010-07-18 22:46:40 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-07-18 22:46:40 107368 ----a-r- c:\windows\system32\GEARAspi.dll

2010-07-18 22:46:38 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-07-18 22:46:38 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-07-18 22:46:38 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-07-18 22:46:38 0 d-----w- c:\program files\Symantec

2010-07-18 22:46:38 0 d-----w- c:\program files\common files\Symantec Shared

2010-07-18 22:46:19 0 d-----w- c:\windows\system32\drivers\N360

2010-07-18 22:46:17 0 d-----w- c:\program files\Norton 360

2010-07-18 22:46:16 0 d-----w- c:\programdata\Norton

2010-07-18 22:46:09 0 d-----w- c:\programdata\NortonInstaller

2010-07-18 22:46:09 0 d-----w- c:\program files\NortonInstaller

2010-07-18 22:35:01 1491932 ----a-w- c:\windows\system32\PerfStringBackup.INI

2010-07-18 22:34:43 0 d-----w- c:\windows\system32\wbem\Performance

2010-07-18 22:29:12 132608 ----a-w- c:\windows\system32\cabview.dll

2010-07-18 22:28:50 203464 --sh--r- C:\grldr

2010-07-18 22:28:50 12 --sh--r- C:\win7.ld

2010-07-18 22:27:29 0 d-sh--we c:\programdata\Modelos

2010-07-18 22:27:29 0 d-sh--we c:\programdata\Menu Iniciar

2010-07-18 22:27:29 0 d-sh--we c:\programdata\Favoritos

2010-07-18 22:27:29 0 d-sh--we c:\programdata\Documentos

2010-07-18 22:27:29 0 d-sh--we c:\programdata\Dados de aplicativos

2010-07-18 22:27:29 0 d-sh--we c:\program files\common files\Sistema

2010-07-18 22:27:29 0 d-sh--we c:\program files\Arquivos Comuns

==================== Find3M ====================

2010-07-19 03:20:00 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat

2010-07-19 03:20:00 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat

2010-07-19 03:20:00 323154 ----a-w- c:\windows\inf\perflib\0416\perfi.dat

2010-07-19 03:20:00 323154 ----a-w- c:\windows\inf\perflib\0416\perfh.dat

2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll

2010-05-09 09:14:55 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-05-09 09:14:50 417792 ----a-w- c:\windows\system32\msdri.dll

2010-05-01 14:49:25 2326528 ----a-w- c:\windows\system32\win32k.sys

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 11:11:50,60 ===============

Muito obrigada aguardo a análise. Grande abraço ;)

Editado por Celia hardware

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Celia hardware

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Está faltando o log do Attach.txt (do DDS) e o log do GMER.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows 7 Ultimate

    Boot Device: \Device\HarddiskVolume1

    Install Date: 18/07/2010 19:27:33

    System Uptime: 22/07/2010 10:35:06 (1 hours ago)

    Motherboard: ASRock | | G41M-S

    Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz | CPUSocket | 2072/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 298 GiB total, 279,24 GiB free.

    D: is FIXED (NTFS) - 149 GiB total, 132,73 GiB free.

    E: is CDROM ()

    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP4: 18/07/2010 19:29:32 - Instalador de Módulos do Windows

    RP5: 18/07/2010 19:52:17 - Installed Adobe Reader 9.3 - Português.

    RP6: 18/07/2010 20:06:45 - Instalado Microsoft Office Professional Edição 2003

    RP7: 18/07/2010 20:18:33 - Installed Adobe Reader 9.3 - Português.

    RP9: 18/07/2010 20:49:38 - DirectX instalado

    RP10: 19/07/2010 14:10:01 - Windows Update

    RP11: 20/07/2010 20:37:23 - Limpeza do Registro do Norton

    RP12: 20/07/2010 21:40:46 - avast! Free Antivirus Setup

    RP14: 20/07/2010 21:47:26 - avast! Free Antivirus Setup

    RP15: 21/07/2010 03:00:20 - Windows Update

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX

    Adobe Reader 9.3 - Português

    Assistente de Conexão do Windows Live

    avast! Free Antivirus

    Ferramenta de Carregamento do Windows Live

    Google Toolbar for Internet Explorer

    Google Update Helper

    Junk Mail filter update

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft Office Live Add-in 1.3

    Microsoft Office Outlook Connector

    Microsoft Office Professional Edição 2003

    Microsoft Search Enhancement Pack

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Sync Framework Runtime Native v1.0 (x86)

    Microsoft Sync Framework Services Native v1.0 (x86)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    MSVCRT

    Norton 360

    OGA Notifier 2.0.0048.0

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Galeria de Fotos

    Windows Live Mail

    Windows Live Messenger

    Windows Live Movie Maker

    Windows Live Sync

    Windows Live Toolbar

    Windows Live Writer

    ==== End Of File ===========================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara Celia hardware

    Recebi suas MPs... fico na torcida sobre nosso treinamento :)

    Vamos fazer o seguinte, trataremos primeiro sobre as possíveis infecções e no final deste tópico me lembre sobre te dar algumas dicas sobre segurança em redes wireless :cool:

    Então vamos lá...

    # Etapa nº 1 #

    Aguardo o log do GMER!

    # Etapa nº 2 #

    Faça o download do Malwarebytes Anti-Malware:

    • Link1
    • Link alternativo
      • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
      • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
      • Se existirem atualizações, elas serão baixadas e instaladas.
      • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
      • O scan iniciará e poderá ser demorado. Por favor seja paciente.
      • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
      • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
      • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
      • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
      • Copie e cole o conteúdo desse log na sua próxima resposta.

    Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

    # Etapa nº 3 #

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Portanto em sua próxima resposta aguardo os logs: do GMER, ComboFix e do MalwareBytes.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Rootkit scan 2010-07-22 11:42:57

    Windows 6.1.7600

    Running: gmer.exe; Driver: C:\Users\celia\AppData\Local\Temp\uglcqpod.sys

    ---- System - GMER 1.0.15 ----

    SSDT 8614D7A0 ZwAlertResumeThread

    SSDT 8614C230 ZwAlertThread

    SSDT 8616F410 ZwAllocateVirtualMemory

    SSDT 85F4EC80 ZwAlpcConnectPort

    SSDT 861707C8 ZwAssignProcessToJobObject

    SSDT 861751E8 ZwCreateMutant

    SSDT 861968D8 ZwCreateSymbolicLinkObject

    SSDT 86170800 ZwCreateThread

    SSDT 86196CA8 ZwCreateThreadEx

    SSDT 8616F048 ZwDebugActiveProcess

    SSDT 8616F5E8 ZwDuplicateObject

    SSDT 8616EBA8 ZwFreeVirtualMemory

    SSDT 86150CC0 ZwImpersonateAnonymousToken

    SSDT 8609D048 ZwImpersonateThread

    SSDT 85FAC3D8 ZwLoadDriver

    SSDT 8616EA88 ZwMapViewOfSection

    SSDT 86152C58 ZwOpenEvent

    SSDT 8616F848 ZwOpenProcess

    SSDT 86137150 ZwOpenProcessToken

    SSDT 86162048 ZwOpenSection

    SSDT 8616F6F8 ZwOpenThread

    SSDT 861782B0 ZwProtectVirtualMemory

    SSDT 86146138 ZwResumeThread

    SSDT 8613CE00 ZwSetContextThread

    SSDT 8616E830 ZwSetInformationProcess

    SSDT 8616C048 ZwSetSystemInformation

    SSDT 86158048 ZwSuspendProcess

    SSDT 86140B50 ZwSuspendThread

    SSDT 861358F0 ZwTerminateProcess

    SSDT 8613C048 ZwTerminateThread

    SSDT 8613A048 ZwUnmapViewOfSection

    SSDT 8616EE78 ZwWriteVirtualMemory

    INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2DAF8

    INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2D104

    INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2D3F4

    INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C15634

    INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C15898

    INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2D1DC

    INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2D958

    INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2D6F8

    INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2DF2C

    INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2E1A8

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x92371B9C]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x923719C0]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 828488E9 1 Byte [06]

    .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 828683D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    .text ntoskrnl.exe!KeRemoveQueueEx + 139B 8286F668 8 Bytes [A0, D7, 14, 86, 30, C2, 14, ...] {MOV AL, [0x308614d7]; RET 0x8614}

    .text ntoskrnl.exe!KeRemoveQueueEx + 13B3 8286F680 4 Bytes [10, F4, 16, 86]

    .text ntoskrnl.exe!KeRemoveQueueEx + 13BF 8286F68C 4 Bytes [80, EC, F4, 85]

    .text ntoskrnl.exe!KeRemoveQueueEx + 1413 8286F6E0 4 Bytes [C8, 07, 17, 86] {ENTER 0x1707, 0x86}

    .text ntoskrnl.exe!KeRemoveQueueEx + 148F 8286F75C 4 Bytes CALL 360D0EB2

    .text ...

    PAGE ntoskrnl.exe!ObMakeTemporaryObject 829F4DF7 5 Bytes JMP 9236D5B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

    PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 82A1C1AA 5 Bytes JMP 9236EFD2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

    PAGE ntoskrnl.exe!NtCreateSection 82A65ED5 7 Bytes JMP 923719C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

    PAGE ntoskrnl.exe!ZwCreateProcessEx 82AE47C8 7 Bytes JMP 92371BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

    .text peauth.sys 95279C9D 28 Bytes [DE, 29, 08, 0E, 17, 2C, B6, ...]

    .text peauth.sys 95279CC1 28 Bytes [DE, 29, 08, 0E, 17, 2C, B6, ...]

    PAGE peauth.sys 9527FB9B 72 Bytes [0E, 85, 81, AF, AB, 95, DB, ...]

    PAGE peauth.sys 9527FBEC 111 Bytes CALL E49EBE17

    PAGE peauth.sys 9528002C 102 Bytes [81, E4, 57, F7, EF, 84, F4, ...]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] ntdll.dll!wcsncmp + 33B 77DAF620 7 Bytes JMP 0457003A

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!CreateDialogParamW 77EB9BFF 5 Bytes JMP 6B6DC578 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!EnableWindow 77EBA72E 5 Bytes JMP 6B6DC4F3 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!GetAsyncKeyState 77EBC09A 5 Bytes JMP 6B69D6E9 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!UnhookWindowsHookEx 77EBCC7B 5 Bytes JMP 6B79835E C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!CallNextHookEx 77EBCC8F 3 Bytes JMP 6B779D5C C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!CallNextHookEx + 4 77EBCC93 1 Byte [F3]

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!CreateWindowExW 77EC0E51 5 Bytes JMP 6B788157 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!SetWindowsHookExW 77EC210A 5 Bytes JMP 6B734633 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!GetKeyState 77EC4FDA 5 Bytes JMP 6B6DD76A C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!IsDialogMessageW 77EC6F06 5 Bytes JMP 6B6A4284 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!CreateDialogParamA 77ED3E79 5 Bytes JMP 6B8B01E9 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!IsDialogMessage 77ED407A 5 Bytes JMP 6B8AFA8A C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!CreateDialogIndirectParamA 77ED9110 5 Bytes JMP 6B8B0220 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!CreateDialogIndirectParamW 77EE08AD 5 Bytes JMP 6B8B0257 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!DialogBoxIndirectParamW 77EE4AA7 5 Bytes JMP 6B8AF5E8 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!EndDialog 77EE555C 5 Bytes JMP 6B6A5AE9 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!DialogBoxParamW 77EE564A 5 Bytes JMP 6B6A4BA7 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!SetKeyboardState 77EE6B52 5 Bytes JMP 6B8AFDEF C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!SendInput 77EE7055 5 Bytes JMP 6B8B09B4 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!SetCursorPos 77EFC1D8 5 Bytes JMP 6B8B0A0C C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!DialogBoxParamA 77EFCF6A 5 Bytes JMP 6B8AF585 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!DialogBoxIndirectParamA 77EFD29C 5 Bytes JMP 6B8AF64B C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!MessageBoxIndirectA 77F0E8C9 5 Bytes JMP 6B8AF51A C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!MessageBoxIndirectW 77F0E9C3 5 Bytes JMP 6B8AF4AF C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!MessageBoxExA 77F0EA29 5 Bytes JMP 6B8AF44D C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!MessageBoxExW 77F0EA4D 5 Bytes JMP 6B8AF3EB C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] USER32.dll!keybd_event 77F0EC9B 5 Bytes JMP 6B8B0D3F C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] SHELL32.dll!SHChangeNotification_Lock + 45BA 762EB3E8 4 Bytes [11, 36, 20, 73]

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] SHELL32.dll!SHChangeNotification_Lock + 45C2 762EB3F0 8 Bytes [5F, 35, 20, 73, D0, 73, 1F, ...]

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] ole32.dll!OleLoadFromStream 772D5B88 5 Bytes JMP 6B8AF946 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] ole32.dll!CoGetContextToken + 5C0 7730A2CF 7 Bytes JMP 0457055B

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] ole32.dll!CoCreateInstance 773257FC 5 Bytes JMP 6B788C45 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5380] ole32.dll!CoCreateInstance + 3E 7732583A 7 Bytes JMP 045704A5

    .text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!CreateWindowExW 77EC0E51 5 Bytes JMP 6B788157 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!DialogBoxIndirectParamW 77EE4AA7 5 Bytes JMP 6B8AF5E8 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!DialogBoxParamW 77EE564A 5 Bytes JMP 6B6A4BA7 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!DialogBoxParamA 77EFCF6A 5 Bytes JMP 6B8AF585 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!DialogBoxIndirectParamA 77EFD29C 5 Bytes JMP 6B8AF64B C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!MessageBoxIndirectA 77F0E8C9 5 Bytes JMP 6B8AF51A C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!MessageBoxIndirectW 77F0E9C3 5 Bytes JMP 6B8AF4AF C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!MessageBoxExA 77F0EA29 5 Bytes JMP 6B8AF44D C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!MessageBoxExW 77F0EA4D 5 Bytes JMP 6B8AF3EB C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] ntdll.dll!wcsncmp + 33B 77DAF620 7 Bytes JMP 05E4003A

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!CreateDialogParamW 77EB9BFF 5 Bytes JMP 6B6DC578 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!EnableWindow 77EBA72E 5 Bytes JMP 6B6DC4F3 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!GetAsyncKeyState 77EBC09A 5 Bytes JMP 6B69D6E9 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!UnhookWindowsHookEx 77EBCC7B 5 Bytes JMP 6B79835E C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!CallNextHookEx 77EBCC8F 3 Bytes JMP 6B779D5C C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!CallNextHookEx + 4 77EBCC93 1 Byte [F3]

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!CreateWindowExW 77EC0E51 5 Bytes JMP 6B788157 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!SetWindowsHookExW 77EC210A 5 Bytes JMP 6B734633 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!GetKeyState 77EC4FDA 5 Bytes JMP 6B6DD76A C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!IsDialogMessageW 77EC6F06 5 Bytes JMP 6B6A4284 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!CreateDialogParamA 77ED3E79 5 Bytes JMP 6B8B01E9 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!IsDialogMessage 77ED407A 5 Bytes JMP 6B8AFA8A C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!CreateDialogIndirectParamA 77ED9110 5 Bytes JMP 6B8B0220 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!CreateDialogIndirectParamW 77EE08AD 5 Bytes JMP 6B8B0257 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!DialogBoxIndirectParamW 77EE4AA7 5 Bytes JMP 6B8AF5E8 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!EndDialog 77EE555C 5 Bytes JMP 6B6A5AE9 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!DialogBoxParamW 77EE564A 5 Bytes JMP 6B6A4BA7 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!SetKeyboardState 77EE6B52 5 Bytes JMP 6B8AFDEF C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!SendInput 77EE7055 5 Bytes JMP 6B8B09B4 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!SetCursorPos 77EFC1D8 5 Bytes JMP 6B8B0A0C C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!DialogBoxParamA 77EFCF6A 5 Bytes JMP 6B8AF585 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!DialogBoxIndirectParamA 77EFD29C 5 Bytes JMP 6B8AF64B C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!MessageBoxIndirectA 77F0E8C9 5 Bytes JMP 6B8AF51A C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!MessageBoxIndirectW 77F0E9C3 5 Bytes JMP 6B8AF4AF C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!MessageBoxExA 77F0EA29 5 Bytes JMP 6B8AF44D C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!MessageBoxExW 77F0EA4D 5 Bytes JMP 6B8AF3EB C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] USER32.dll!keybd_event 77F0EC9B 5 Bytes JMP 6B8B0D3F C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] SHELL32.dll!SHChangeNotification_Lock + 45BA 762EB3E8 4 Bytes [11, 36, 20, 73]

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] SHELL32.dll!SHChangeNotification_Lock + 45C2 762EB3F0 8 Bytes [5F, 35, 20, 73, D0, 73, 1F, ...]

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] ole32.dll!OleLoadFromStream 772D5B88 5 Bytes JMP 6B8AF946 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] ole32.dll!CoGetContextToken + 5C0 7730A2CF 7 Bytes JMP 05E403D9

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] ole32.dll!CoCreateInstance 773257FC 5 Bytes JMP 6B788C45 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

    .text C:\Program Files\Internet Explorer\iexplore.exe[5688] ole32.dll!CoCreateInstance + 3E 7732583A 7 Bytes JMP 05E40323

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DC5E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

    IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DC5E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

    IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DC5E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

    IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DC5E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

    IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75DC5E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

    IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75DC5E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

    IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75DC5E25] C:\Windows\system32\apphelp.dll (Biblioteca de cliente de compatibilidade de aplicativos/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [731E9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [731F3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [731F1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [731EC028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [731F3B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [731F595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [731F47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [731F4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [731F1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [731EF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [731E9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [731F1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [731F06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [731EFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [731F1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [731F1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [731F0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [731F0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [731F3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [731F1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [731E9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [731F06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [731F1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [731F0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [731F2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [731EF1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [731EF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [731EFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [731F1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [731F1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [731F4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [731F47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [731EDF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [731F06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [731F3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [731EDCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [731EDE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [731F0571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [731E9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [731F1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [731EDBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [731F41F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [731F595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [731F4735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [731F4B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsRootA] [731F823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathStripToRootW] [731F89C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsURLW] [731F8584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathFindOnPathW] [731F7E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHCreateStreamOnFileW] [731F8CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHOpenRegStream2W] [731F90D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathCombineW] [731F7C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHDeleteKeyA] [731F8D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsDirectoryW] [731F7F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!AssocQueryStringByKeyW] [731F794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathCreateFromUrlW] [731F7D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathSkipRootW] [731F8898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathRelativePathToW] [731F86C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathRemoveArgsW] [731F8760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsContentTypeW] [731F7EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHRegQueryUSValueW] [731F9B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHRegEnumUSKeyW] [731F958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHRegOpenUSKeyA] [731F99D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsDirectoryEmptyW] [731F8026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsDirectoryA] [731F7F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathBuildRootA] [731F7AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHRegGetPathW] [731F97FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathCanonicalizeW] [731F7BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHRegSetPathW] [731F9C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHRegGetUSValueW] [731F98B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!AssocQueryKeyW] [731F77ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHRegGetBoolUSValueW] [731F96FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsRelativeW] [731F81EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsNetworkPathW] [731F80BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsRootW] [731F8286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHDeleteKeyW] [731F8D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathFileExistsW] [731F7DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHEnumValueW] [731F8F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathStripPathW] [731F892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5380] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHRegOpenUSKeyW] [731F9A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)%

    Editado por diego_moicano

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Foi um jeito meio louco de postar mas consegui mandar...:o:D;)

    Estou providenciando os outros logs que você me pediu.

    Valeu, abração!

    :unsure:

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Tive que editar seu tópico: CUIDADO com o uso do botão CITAR só utilize-o se for realmente necessário.

    Aguardo os outros logs.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Sou nova aqui diego_moicano, desculpe. Logo eu pego o jeito e valeu. Mas nao sei o que acontece, eu posto, clico em enviar e a coisa não vai....;)

    Abraço.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 10-07-22.06 - celia 23/07/2010 14:02:15.1.2 - x86

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2813.1800 [GMT -3:00]

    Executando de: c:\users\celia\Desktop\ComboFix.exe

    * Criado um novo ponto de restauração

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\users\celia\AppData\Local\Temp\A545.tmp

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2010-06-23 to 2010-07-23 ))))))))))))))))))))))))))))

    .

    2010-07-23 17:06 . 2010-07-23 17:09 -------- d-----w- c:\users\celia\AppData\Local\temp

    2010-07-23 17:06 . 2010-07-23 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp

    2010-07-23 04:45 . 2010-07-23 04:45 -------- d-----w- c:\program files\CCleaner

    2010-07-23 03:42 . 2010-07-23 03:42 -------- d-----w- c:\programdata\Symantec

    2010-07-23 00:40 . 2010-07-23 00:41 -------- d-----w- c:\windows\system32\Adobe

    2010-07-21 18:15 . 2010-07-21 18:15 -------- d-----w- c:\programdata\Office Genuine Advantage

    2010-07-21 00:53 . 2010-07-21 00:53 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2010-07-21 00:53 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2010-07-21 00:53 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

    2010-07-21 00:53 . 2010-07-21 00:53 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2010-07-21 00:53 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2010-07-21 00:52 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

    2010-07-21 00:52 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

    2010-07-21 00:41 . 2010-07-21 00:41 -------- d-----w- c:\users\celia\AppData\Local\CrashDumps

    2010-07-21 00:41 . 2010-07-21 00:41 -------- d-----w- c:\programdata\Alwil Software

    2010-07-21 00:41 . 2010-07-21 00:41 -------- d-----w- c:\program files\Alwil Software

    2010-07-20 23:59 . 2010-07-20 23:59 -------- d-----w- c:\users\celia\AppData\Roaming\Tific

    2010-07-20 23:59 . 2010-07-20 23:59 -------- d-----w- c:\users\celia\AppData\Local\Symantec

    2010-07-20 23:38 . 2010-07-20 23:38 -------- d-----w- c:\users\celia\AppData\Local\Diagnostics

    2010-07-19 23:16 . 2010-07-19 23:16 -------- d-----w- c:\windows\system32\Wat

    2010-07-19 17:15 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

    2010-07-19 17:14 . 2009-11-25 15:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

    2010-07-19 17:14 . 2009-11-25 15:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

    2010-07-19 17:14 . 2009-11-25 15:47 297808 ----a-w- c:\windows\system32\mscoree.dll

    2010-07-19 17:14 . 2009-11-25 15:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

    2010-07-19 17:14 . 2009-11-25 15:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

    2010-07-19 16:38 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll

    2010-07-19 16:37 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

    2010-07-19 16:37 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

    2010-07-19 16:37 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

    2010-07-19 16:37 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll

    2010-07-19 16:37 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

    2010-07-19 16:37 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll

    2010-07-19 16:22 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll

    2010-07-19 08:28 . 2010-07-19 19:58 -------- d-----w- C:\Boot

    2010-07-19 03:21 . 2010-07-18 22:27 -------- d-----w- c:\windows\Panther

    2010-07-19 03:20 . 2010-07-22 13:39 654272 ----a-w- c:\windows\system32\prfh0416.dat

    2010-07-19 03:20 . 2010-07-22 13:39 124724 ----a-w- c:\windows\system32\prfc0416.dat

    2010-07-19 03:20 . 2010-07-19 03:20 38536 ----a-w- c:\windows\system32\prfd0416.dat

    2010-07-19 03:20 . 2010-07-19 03:20 323154 ----a-w- c:\windows\system32\prfi0416.dat

    2010-07-19 03:20 . 2010-07-19 03:20 -------- d-----w- c:\windows\pt-BR

    2010-07-19 03:20 . 2010-07-19 03:20 -------- d-----w- c:\windows\system32\XPSViewer

    2010-07-19 03:20 . 2010-07-19 03:20 -------- d-----w- c:\windows\system32\drivers\pt-BR

    2010-07-19 03:20 . 2010-07-19 03:20 -------- d-----w- c:\windows\system32\wbem\pt-BR

    2010-07-19 03:20 . 2010-07-19 03:20 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\pt-BR

    2010-07-18 23:55 . 2010-07-23 17:09 -------- d-----w- c:\users\celia\Tracing

    2010-07-18 23:51 . 2010-07-19 17:13 -------- d-----w- c:\program files\Microsoft Silverlight

    2010-07-18 23:51 . 2010-07-18 23:51 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

    2010-07-18 23:50 . 2010-07-18 23:50 -------- d-----w- c:\program files\Microsoft Sync Framework

    2010-07-18 23:49 . 2006-11-29 16:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

    2010-07-18 23:49 . 2010-07-18 23:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

    2010-07-18 23:48 . 2010-07-18 23:51 -------- d-----w- c:\program files\Microsoft

    2010-07-18 23:48 . 2010-07-18 23:48 -------- d-----w- c:\program files\Windows Live SkyDrive

    2010-07-18 23:47 . 2010-07-18 23:50 -------- d-----w- c:\program files\Windows Live

    2010-07-18 23:37 . 2010-07-18 23:37 -------- d-----w- c:\program files\Common Files\Windows Live

    2010-07-18 23:36 . 2010-07-21 00:38 87400 ----a-w- c:\users\celia\AppData\Local\GDIPFONTCACHEV1.DAT

    2010-07-18 23:24 . 2010-07-18 23:24 -------- d-----w- c:\windows\system32\Macromed

    2010-07-18 23:24 . 2010-07-18 23:24 2605008 ----a-w- c:\programdata\NOS\Adobe_Downloads\install_flash_player_ax.exe

    2010-07-18 23:23 . 2010-07-18 23:23 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE61C.tmp.exe

    2010-07-18 23:18 . 2010-07-18 23:19 -------- d-----w- c:\program files\Common Files\Adobe

    2010-07-18 23:16 . 2010-07-18 23:16 -------- d-----w- c:\programdata\McAfee

    2010-07-18 23:14 . 2007-04-09 16:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

    2010-07-18 23:14 . 2007-04-09 16:23 28040 ----a-w- c:\windows\system32\mdimon.dll

    2010-07-18 23:07 . 2010-07-20 02:49 -------- d-----w- c:\users\celia\AppData\Local\Google

    2010-07-18 23:07 . 2010-07-18 23:07 -------- d-----w- c:\windows\PCHEALTH

    2010-07-18 23:07 . 2010-07-18 23:07 -------- d-----w- c:\program files\Microsoft.NET

    2010-07-18 22:50 . 2010-07-21 06:05 -------- d-sh--w- c:\windows\Installer

    2010-07-18 22:49 . 2010-07-18 23:25 -------- d-----w- c:\program files\Google

    2010-07-18 22:49 . 2010-07-18 23:19 -------- d-----w- c:\users\celia\AppData\Local\Adobe

    2010-07-18 22:49 . 2010-07-19 02:51 -------- d-----w- c:\programdata\NOS

    2010-07-18 22:46 . 2010-07-18 22:46 -------- dc----w- c:\windows\system32\DRVSTORE

    2010-07-18 22:46 . 2009-05-18 21:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

    2010-07-18 22:46 . 2008-04-17 20:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll

    2010-07-18 22:46 . 2010-07-18 23:57 -------- d-----w- c:\program files\Common Files\Symantec Shared

    2010-07-18 22:46 . 2010-07-18 22:46 -------- d-----w- c:\program files\Symantec

    2010-07-18 22:46 . 2010-07-18 22:46 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

    2010-07-18 22:46 . 2010-07-19 02:51 -------- d-----w- c:\windows\system32\drivers\N360

    2010-07-18 22:46 . 2010-07-18 22:46 -------- d-----w- c:\program files\Norton 360

    2010-07-18 22:46 . 2010-07-23 04:47 -------- d-----w- c:\programdata\Norton

    2010-07-18 22:46 . 2010-07-23 04:47 -------- d-----w- c:\program files\NortonInstaller

    2010-07-18 22:46 . 2010-07-18 22:46 -------- d-----w- c:\programdata\NortonInstaller

    2010-07-18 22:34 . 2010-07-22 13:39 -------- d-----w- c:\windows\system32\wbem\Performance

    2010-07-18 22:29 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-07-19 23:16 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail

    2010-07-19 03:20 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal

    2010-07-19 03:20 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar

    2010-07-19 03:20 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer

    2010-07-19 03:20 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender

    2010-07-19 03:20 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker

    2010-07-19 03:20 . 2010-07-19 03:20 38536 ----a-w- c:\windows\inf\PERFLIB\0416\perfd.dat

    2010-07-19 03:20 . 2010-07-19 03:20 38536 ----a-w- c:\windows\inf\PERFLIB\0416\perfc.dat

    2010-07-19 03:20 . 2010-07-19 03:20 323154 ----a-w- c:\windows\inf\PERFLIB\0416\perfi.dat

    2010-07-19 03:20 . 2010-07-19 03:20 323154 ----a-w- c:\windows\inf\PERFLIB\0416\perfh.dat

    2010-07-18 22:46 . 2010-07-18 22:46 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

    2010-07-18 22:46 . 2010-07-18 22:46 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

    2010-07-18 22:27 . 2010-07-18 22:27 -------- d-sh--we c:\programdata\Modelos

    2010-07-18 22:27 . 2010-07-18 22:27 -------- d-sh--we c:\programdata\Menu Iniciar

    2010-07-18 22:27 . 2010-07-18 22:27 -------- d-sh--we c:\programdata\Favoritos

    2010-07-18 22:27 . 2010-07-18 22:27 -------- d-sh--we c:\programdata\Documentos

    2010-07-18 22:27 . 2010-07-18 22:27 -------- d-sh--we c:\programdata\Dados de aplicativos

    2010-07-18 22:27 . 2010-07-18 22:27 -------- d-sh--we c:\program files\Common Files\Sistema

    2010-07-18 22:27 . 2010-07-18 22:27 -------- d-sh--we c:\program files\Arquivos Comuns

    2010-05-21 05:18 . 2010-07-19 16:38 977920 ----a-w- c:\windows\system32\wininet.dll

    2010-05-09 09:14 . 2010-07-19 16:38 641536 ----a-w- c:\windows\system32\CPFilters.dll

    2010-05-09 09:14 . 2010-07-19 16:38 417792 ----a-w- c:\windows\system32\msdri.dll

    2010-05-01 14:49 . 2010-07-19 16:39 2326528 ----a-w- c:\windows\system32\win32k.sys

    2010-04-29 09:47 . 2010-04-29 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll

    2010-04-29 09:47 . 2010-04-29 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll

    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-18 39408]

    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux"=wdmaud.drv

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 135664]

    R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-19 1343400]

    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\SYMDS.SYS [2010-02-04 328752]

    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS [2010-04-22 173104]

    S1 aswSP;aswSP; [x]

    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [2010-06-19 691248]

    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\ccHPx86.sys [2010-02-26 501888]

    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100721.003\IDSvix86.sys [2010-06-17 344112]

    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\Ironx86.SYS [2010-04-29 116784]

    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS [2010-05-06 339504]

    S2 aswFsBlk;aswFsBlk; [x]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]

    S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe [2010-02-26 126392]

    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-19 102448]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 23:25]

    2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 23:25]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.com.br/

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

    "ImagePath"="\"c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\program files\Alwil Software\Avast5\AvastSvc.exe

    c:\windows\system32\taskhost.exe

    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    c:\windows\system32\conhost.exe

    c:\program files\Windows Media Player\wmpnetwk.exe

    c:\windows\system32\sppsvc.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2010-07-23 14:12:28 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2010-07-23 17:12

    Pré-execução: 299.352.752.128 bytes disponíveis

    Pós execução: 299.264.372.736 bytes disponíveis

    - - End Of File - - 38F9185746C52B07F27E41A5F63CE2F0

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Malwarebytes' Anti-Malware 1.46

    www.malwarebytes.org

    Versão da Base de Dados: 4343

    Windows 6.1.7600

    Internet Explorer 8.0.7600.16385

    24/07/2010 00:44:55

    mbam-log-2010-07-24 (00-44-55).txt

    Tipo de Verificação: Verificação Rápida

    Objetos escaneados: 984

    Tempo decorrido: 4 segundo(s)

    Processos de Memória Infectados: 0

    Módulos de Memória Infectados: 0

    Chaves de Registro Infectadas: 0

    Valores de Registro Infectados: 0

    Itens de Dados no Registro Infectados: 0

    Pastas Infectadas: 0

    Arquivos Infectados: 0

    Processos de Memória Infectados:

    (Não foram detectados ítens maliciosos)

    Módulos de Memória Infectados:

    (Não foram detectados ítens maliciosos)

    Chaves de Registro Infectadas:

    (Não foram detectados ítens maliciosos)

    Valores de Registro Infectados:

    (Não foram detectados ítens maliciosos)

    Itens de Dados no Registro Infectados:

    (Não foram detectados ítens maliciosos)

    Pastas Infectadas:

    (Não foram detectados ítens maliciosos)

    Arquivos Infectados:

    (Não foram detectados ítens maliciosos)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara Celia hardware

    Aparentemente não temos infecção :)

    Etapa nº 1 #

    Perguntas:

    1) Seu Windows é original?

    2) Descreva sua conexão wireless.

    Etapa nº 2 #

    Leia atentamente toda a instrução abaixo antes de executar o programa.

    Faça download do Kaspersky Removal Tool e salve em seu desktop.

    • Instale o programa normalmente, seguindo todas as instruções.
    • Uma pasta chamada Virus Removal Tool será criada no desktop.
    • Na tela do programa clique nas opções:
      • Meu computador
      • Hidden Startup objects
      • Disk boot sectors
      • System Memory

      [*]Clique no botão Start Scan.[*]Seja paciente, o scan é demorado![*]Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.[*]Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:

      • Desinfection (quando possível)
      • Delete
      • Skip
    • Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
    • Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
      • Autoscan
      • Group by result
      • All Events

      [*]Expanda Autoscan clicando no sinal ao lado de +[*]Expanda Result: Detected.[*]Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.[*]Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.[*]Abra o Bloco de Notas e cole (ctrl + v) [*]Dê um nome para o arquivo e salve numa pasta de sua preferência.[*]Feche o resultado clicando no botão Exit.[*]Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.[*]Reinicie o computador quando for pedido.[*]Poste o conteúdo desse arquivo em sua próxima resposta.

    OBSERVAÇÃO1:
    Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,
    • verde
      :
      baixo risco
    • amarelo
      :
      médio risco
    • vermelho
      :
      alto risco

    Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em
    Skip
    .

    OBSERVAÇÃO2:
    Se no resultado final do scan apenas tiver
    Result:
    OK
    , não precisa gerar um relatório, apenas informe deste.

    OBSERVAÇÃO3:
    Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus:
    c:\
    QooBox
    . Caso isto aconteça escolha a opção
    Skip
    , pois a mesma pertence ao
    ComboFix
    e será removida quando o mesmo for desinstalado.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Bom dia diego_moicano, não o windows não é original e ontem o combofix pegou hootkits eu fiz download da atualização do driver de audio High Definition, antes disso entrei no prompt de comando e as letras estavam desconfiguradas. Passei o combofix e ele pegou. O pc voltou ao normal. Eu tenho um roteador netgear configurado no WAP2 com uma senha super reforçada, distância 100m. Com o Norton aqui está mais difícil entende? Em falar o Norton fica detectando risco médio no token! Eu tenho muito que aprender com relação a hardware e software. E eu gosto de aprender sempre! Por enquanto é isso diego_moicano. Vou baixar o programa que você pediu e a seguir mando as informações. Valeu. Abração ;)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara Celia hardware

    ontem o combofix pegou hootkits
    Não tome medidas por sua conta, me avise sempre antes, foi o que pedi logo no começo:
    Observação: Não tome outra medida além das passadas aqui;

    Evite de enviar MPs, poste sempre aqui, a não ser que seja extremamente necessário ;)

    Tente nesses links:

    http://www.baixaki.com.br/download/kaspersky-virus-removal-tool.htm

    http://www.softpedia.com/get/Antivirus/Kaspersky-Virus-Removal-Tool.shtml

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Tudo bem, eu nem sabia que tava capotando...

    Editado por Celia hardware
    emotions errado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Poste juntamente com o log do Kaspersky o log do ComboFix que você executou; está em C:\ComboFix.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 10-07-24.04 - celia 26/07/2010 3:06.3.2 - x86

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2813.1967 [GMT -3:00]

    Executando de: c:\users\celia\Desktop\ComboFix.exe

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2010-06-26 to 2010-07-26 ))))))))))))))))))))))))))))

    .

    2010-07-26 06:11 . 2010-07-26 06:11 -------- d-----w- c:\users\Public\AppData\Local\temp

    2010-07-26 06:11 . 2010-07-26 06:11 -------- d-----w- c:\users\Default\AppData\Local\temp

    2010-07-26 05:03 . 2010-07-26 05:03 3544 ------w- C:\bootsqm.dat

    2010-07-26 02:51 . 2010-07-26 06:11 -------- d-----w- c:\users\celia\AppData\Local\temp

    2010-07-26 01:00 . 2010-07-26 01:00 -------- d-----w- c:\windows\system32\RTCOM

    2010-07-26 00:41 . 2010-07-26 00:41 -------- d-----w- c:\programdata\Uniblue

    2010-07-26 00:34 . 2010-07-26 00:42 -------- d-----w- c:\users\celia\AppData\Roaming\Uniblue

    2010-07-25 17:50 . 2010-07-26 03:39 -------- d-----w- c:\program files\Windows Live Safety Center

    2010-07-24 23:29 . 2010-07-24 23:29 -------- d-----w- c:\users\celia\Office Genuine Advantage

    2010-07-24 17:16 . 2010-07-24 17:16 -------- d--h--w- c:\windows\msdownld.tmp

    2010-07-24 06:31 . 2010-07-26 02:33 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2010-07-24 06:31 . 2010-07-26 02:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy

    2010-07-24 03:10 . 2010-07-24 03:10 -------- d-----w- c:\users\celia\AppData\Roaming\Malwarebytes

    2010-07-24 03:10 . 2010-07-24 03:10 -------- d-----w- c:\programdata\Malwarebytes

    2010-07-24 03:10 . 2010-07-26 03:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2010-07-23 04:45 . 2010-07-23 04:45 -------- d-----w- c:\program files\CCleaner

    2010-07-23 03:42 . 2010-07-23 03:42 -------- d-----w- c:\programdata\Symantec

    2010-07-23 00:40 . 2010-07-23 00:41 -------- d-----w- c:\windows\system32\Adobe

    2010-07-21 18:15 . 2010-07-21 18:15 -------- d-----w- c:\programdata\Office Genuine Advantage

    2010-07-21 00:53 . 2010-07-21 00:53 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2010-07-21 00:53 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2010-07-21 00:53 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

    2010-07-21 00:53 . 2010-07-21 00:53 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2010-07-21 00:53 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2010-07-21 00:52 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

    2010-07-21 00:52 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

    2010-07-21 00:41 . 2010-07-26 02:27 -------- d-----w- c:\users\celia\AppData\Local\CrashDumps

    2010-07-21 00:41 . 2010-07-21 00:41 -------- d-----w- c:\programdata\Alwil Software

    2010-07-21 00:41 . 2010-07-21 00:41 -------- d-----w- c:\program files\Alwil Software

    2010-07-20 23:59 . 2010-07-20 23:59 -------- d-----w- c:\users\celia\AppData\Roaming\Tific

    2010-07-20 23:59 . 2010-07-20 23:59 -------- d-----w- c:\users\celia\AppData\Local\Symantec

    2010-07-20 23:38 . 2010-07-26 06:03 -------- d-----w- c:\users\celia\AppData\Local\Diagnostics

    2010-07-19 23:16 . 2010-07-19 23:16 -------- d-----w- c:\windows\system32\Wat

    2010-07-19 17:15 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

    2010-07-19 17:14 . 2009-11-25 15:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

    2010-07-19 17:14 . 2009-11-25 15:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

    2010-07-19 17:14 . 2009-11-25 15:47 297808 ----a-w- c:\windows\system32\mscoree.dll

    2010-07-19 17:14 . 2009-11-25 15:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

    2010-07-19 17:14 . 2009-11-25 15:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

    2010-07-19 16:38 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll

    2010-07-19 16:37 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

    2010-07-19 16:37 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

    2010-07-19 16:37 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

    2010-07-19 16:37 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll

    2010-07-19 16:37 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

    2010-07-19 16:37 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll

    2010-07-19 16:22 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll

    2010-07-19 08:28 . 2010-07-19 19:58 -------- d-----w- C:\Boot

    2010-07-19 03:21 . 2010-07-18 22:27 -------- d-----w- c:\windows\Panther

    2010-07-19 03:20 . 2010-07-26 05:08 654272 ----a-w- c:\windows\system32\prfh0416.dat

    2010-07-19 03:20 . 2010-07-26 05:08 124724 ----a-w- c:\windows\system32\prfc0416.dat

    2010-07-19 03:20 . 2010-07-19 03:20 38536 ----a-w- c:\windows\system32\prfd0416.dat

    2010-07-19 03:20 . 2010-07-19 03:20 323154 ----a-w- c:\windows\system32\prfi0416.dat

    2010-07-19 03:20 . 2010-07-19 03:20 -------- d-----w- c:\windows\pt-BR

    2010-07-19 03:20 . 2010-07-19 03:20 -------- d-----w- c:\windows\system32\XPSViewer

    2010-07-19 03:20 . 2010-07-19 03:20 -------- d-----w- c:\windows\system32\drivers\pt-BR

    2010-07-19 03:20 . 2010-07-19 03:20 -------- d-----w- c:\windows\system32\wbem\pt-BR

    2010-07-19 03:20 . 2010-07-19 03:20 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\pt-BR

    2010-07-18 23:57 . 2010-05-06 04:01 339504 ----a-w- c:\windows\system32\drivers\symtdiv.sys

    2010-07-18 23:57 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys

    2010-07-18 23:57 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys

    2010-07-18 23:57 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys

    2010-07-18 23:57 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys

    2010-07-18 23:57 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\symds.sys

    2010-07-18 23:55 . 2010-07-26 05:04 -------- d-----w- c:\users\celia\Tracing

    2010-07-18 23:51 . 2010-07-19 17:13 -------- d-----w- c:\program files\Microsoft Silverlight

    2010-07-18 23:51 . 2010-07-18 23:51 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

    2010-07-18 23:50 . 2010-07-18 23:50 -------- d-----w- c:\program files\Microsoft Sync Framework

    2010-07-18 23:49 . 2006-11-29 16:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

    2010-07-18 23:49 . 2010-07-18 23:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

    2010-07-18 23:48 . 2010-07-18 23:51 -------- d-----w- c:\program files\Microsoft

    2010-07-18 23:48 . 2010-07-18 23:48 -------- d-----w- c:\program files\Windows Live SkyDrive

    2010-07-18 23:47 . 2010-07-18 23:50 -------- d-----w- c:\program files\Windows Live

    2010-07-18 23:37 . 2010-07-18 23:37 -------- d-----w- c:\program files\Common Files\Windows Live

    2010-07-18 23:36 . 2010-07-21 00:38 87400 ----a-w- c:\users\celia\AppData\Local\GDIPFONTCACHEV1.DAT

    2010-07-18 23:24 . 2010-07-18 23:24 -------- d-----w- c:\windows\system32\Macromed

    2010-07-18 23:24 . 2010-07-18 23:24 2605008 ----a-w- c:\programdata\NOS\Adobe_Downloads\install_flash_player_ax.exe

    2010-07-18 23:23 . 2010-07-18 23:23 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE61C.tmp.exe

    2010-07-18 23:18 . 2010-07-18 23:19 -------- d-----w- c:\program files\Common Files\Adobe

    2010-07-18 23:16 . 2010-07-18 23:16 -------- d-----w- c:\programdata\McAfee

    2010-07-18 23:14 . 2007-04-09 16:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

    2010-07-18 23:14 . 2007-04-09 16:23 28040 ----a-w- c:\windows\system32\mdimon.dll

    2010-07-18 23:07 . 2010-07-20 02:49 -------- d-----w- c:\users\celia\AppData\Local\Google

    2010-07-18 23:07 . 2010-07-18 23:07 -------- d-----w- c:\windows\PCHEALTH

    2010-07-18 23:07 . 2010-07-18 23:07 -------- d-----w- c:\program files\Microsoft.NET

    2010-07-18 22:50 . 2010-07-26 03:39 -------- d-sh--w- c:\windows\Installer

    2010-07-18 22:49 . 2010-07-18 23:25 -------- d-----w- c:\program files\Google

    2010-07-18 22:49 . 2010-07-25 04:34 -------- d-----w- c:\users\celia\AppData\Local\Adobe

    2010-07-18 22:49 . 2010-07-19 02:51 -------- d-----w- c:\programdata\NOS

    2010-07-18 22:46 . 2010-07-18 22:46 -------- dc----w- c:\windows\system32\DRVSTORE

    2010-07-18 22:46 . 2009-05-18 21:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

    2010-07-18 22:46 . 2008-04-17 20:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll

    2010-07-18 22:46 . 2010-07-18 23:57 -------- d-----w- c:\program files\Common Files\Symantec Shared

    2010-07-18 22:46 . 2010-07-18 22:46 -------- d-----w- c:\program files\Symantec

    2010-07-18 22:46 . 2010-07-18 22:46 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

    2010-07-18 22:46 . 2010-07-19 02:51 -------- d-----w- c:\windows\system32\drivers\N360

    2010-07-18 22:46 . 2010-07-18 22:46 -------- d-----w- c:\program files\Norton 360

    2010-07-18 22:46 . 2010-07-23 04:47 -------- d-----w- c:\programdata\Norton

    2010-07-18 22:46 . 2010-07-23 04:47 -------- d-----w- c:\program files\NortonInstaller

    2010-07-18 22:46 . 2010-07-18 22:46 -------- d-----w- c:\programdata\NortonInstaller

    2010-07-18 22:34 . 2010-07-26 05:08 -------- d-----w- c:\windows\system32\wbem\Performance

    2010-07-18 22:29 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-07-26 01:00 . 2010-07-26 00:59 -------- d--h--w- c:\program files\Temp

    2010-07-19 23:16 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail

    2010-07-19 03:20 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal

    2010-07-19 03:20 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar

    2010-07-19 03:20 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer

    2010-07-19 03:20 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender

    2010-07-19 03:20 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker

    2010-07-19 03:20 . 2010-07-19 03:20 38536 ----a-w- c:\windows\inf\PERFLIB\0416\perfd.dat

    2010-07-19 03:20 . 2010-07-19 03:20 38536 ----a-w- c:\windows\inf\PERFLIB\0416\perfc.dat

    2010-07-19 03:20 . 2010-07-19 03:20 323154 ----a-w- c:\windows\inf\PERFLIB\0416\perfi.dat

    2010-07-19 03:20 . 2010-07-19 03:20 323154 ----a-w- c:\windows\inf\PERFLIB\0416\perfh.dat

    2010-07-18 22:46 . 2010-07-18 22:46 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

    2010-07-18 22:46 . 2010-07-18 22:46 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

    2010-07-18 22:27 . 2010-07-18 22:27 -------- d-sh--we c:\programdata\Modelos

    2010-07-18 22:27 . 2010-07-18 22:27 -------- d-sh--we c:\programdata\Menu Iniciar

    2010-07-18 22:27 . 2010-07-18 22:27 -------- d-sh--we c:\programdata\Favoritos

    2010-07-18 22:27 . 2010-07-18 22:27 -------- d-sh--we c:\programdata\Documentos

    2010-07-18 22:27 . 2010-07-18 22:27 -------- d-sh--we c:\programdata\Dados de aplicativos

    2010-07-18 22:27 . 2010-07-18 22:27 -------- d-sh--we c:\program files\Common Files\Sistema

    2010-07-18 22:27 . 2010-07-18 22:27 -------- d-sh--we c:\program files\Arquivos Comuns

    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30355\AdobeARM.exe

    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30355\AdobeExtractFiles.dll

    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30355\ReaderUpdater.exe

    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30355\AcrobatUpdater.exe

    2010-05-21 05:18 . 2010-07-19 16:38 977920 ----a-w- c:\windows\system32\wininet.dll

    2010-05-09 09:14 . 2010-07-19 16:38 641536 ----a-w- c:\windows\system32\CPFilters.dll

    2010-05-09 09:14 . 2010-07-19 16:38 417792 ----a-w- c:\windows\system32\msdri.dll

    2010-05-01 14:49 . 2010-07-19 16:39 2326528 ----a-w- c:\windows\system32\win32k.sys

    2010-04-29 09:47 . 2010-04-29 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll

    2010-04-29 09:47 . 2010-04-29 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll

    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-18 39408]

    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-26 8546848]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 135664]

    R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-19 1343400]

    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\SYMDS.SYS [2010-02-04 328752]

    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS [2010-04-22 173104]

    S1 aswSP;aswSP; [x]

    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [2010-06-19 691248]

    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\ccHPx86.sys [2010-02-26 501888]

    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100723.001\IDSvix86.sys [2010-06-17 344112]

    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\Ironx86.SYS [2010-04-29 116784]

    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS [2010-05-06 339504]

    S2 aswFsBlk;aswFsBlk; [x]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]

    S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe [2010-02-26 126392]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

    --- =Outros Serviços/Drivers Na Memória ---

    *Deregistered* - EraserUtilDrv11010

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 23:25]

    2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 23:25]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.com.br/

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

    "ImagePath"="\"c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'Explorer.exe'(4960)

    c:\windows\System32\provsvc.dll

    .

    Tempo para conclusão: 2010-07-26 03:14:59

    ComboFix-quarantined-files.txt 2010-07-26 06:14

    ComboFix2.txt 2010-07-26 02:51

    ComboFix3.txt 2010-07-23 17:12

    Pré-execução: 297.237.184.512 bytes disponíveis

    Pós execução: 296.820.822.016 bytes disponíveis

    - - End Of File - - DC2527CF58E9BC7C4CE693494133B3D7

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Eu tentei postar o log do kaspersky várias vezes, infelizmente não consegui. Meu pc travou e fui obrigada a formatar. Agradeço a gentileza e atenção disponibilizada por você diego_moicano. Peço desculpas não só, pela minha falta de experiência e desatenção e acabei por discumprir o que foi tratado no começo das minhas postagens de logs e creio que esse foi o motivo de ter travado o meu pc! Que a minha experiência sirva de lição para os próximos membros! Sigam corretamente o que os analistas de logs pedem aqui no site! O meu deslize foi fatal!

    Aguardando a sua resposta.

    Um abraço

    ;)

    Editado por Celia hardware
    erro de texto

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara Célia hardware

    Não se culpe, garanto para você que isso é comum :)

    Mais alguma coisa? Algo sobre sua conexão wireless?

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Se você puder me dar as dicas de segurança eu agradeço imensamente!

    Obrigada pela atenção.

    Um grande abraço

    ;)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara Célia hardware

    Irei te passar algumas dicas de configuração ;)

    Acesse a interface de seu roteador:

    1) Mude o SSID, não deixe ficar com o nome padrão;

    2) Desative (disable) o SSID Broadcast;

    3) Em Security Type veja se existe essa opção: WPA-PSK+WPA2-PSK, caso não, deixe WPA2-PSK

    4) Em Encription Type deixe AES;

    5) Em Acess Control deixe marcado Allow;

    5a) Em MAC Address você vai colocar o endereço físico da sua placa de rede. Para obtê-lo faça o seguinte: iniciar > executar > digite cmd. No prompt digite ipconfig /all. Na lista procure endereço físico, anote e adicione no roteador.

    Bom eu me basei numa interface de um roteador Netgear qualquer então você deve encontrar aí no seu. Muitas dessas configurações você vai encontrar em Advanced. Teste se sua rede não ficou lenta e se está tudo em ordem :)

    Lembrando que garantia de 100% seguro não existe :(

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Realmente 100% é bem complicado mesmo! Vou seguir as suas dicas e muito obrigada por tudo diego_moicano!

    Um grande abraço!

    ;)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×