Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
chuap

Laptop lento,a bloquear navegador firefox com pedido de actualizaçoes...

Recommended Posts

Ola a todos,possuo um laptop com indices de estar com virus,ele bloqueia por vezes o firefox,o windows diz sempre que encontrou 3 actualizaçoes,mesmo eu dando ordem para instalar,depois de reiniciar pede sempre para instalar as mesmas que ja foram instaladas, e por vezes o WLMessenger nao recebe as mensagens em tempo real.Cumps a todos :cool:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia o tópico "Leia Antes de Postar" e poste os logs solicitados.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • DDS (Ver_10-03-17.01) - NTFSx86

    Run by striker at 15:52:59,34 on 19-09-2010

    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19

    Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.2038.1520 [GMT 1:00]

    AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    svchost.exe

    svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    svchost.exe

    C:\Programas\ESET\ESET Smart Security\ekrn.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\WINDOWS\Explorer.EXE

    C:\Programas\ESET\ESET Smart Security\egui.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Programas\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Documents and Settings\striker\Ambiente de trabalho\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://start.icq.com/

    uInternet Connection Wizard,ShellNext = iexplore

    uInternet Settings,ProxyServer = socks=

    uURLSearchHooks: H - No File

    mURLSearchHooks: H - No File

    mURLSearchHooks: H - No File

    mWinlogon: SfcDisable=-99 (0xffffff9d)

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programas\ficheiros comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programas\ficheiros comuns\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programas\java\jre6\bin\jp2ssv.dll

    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

    uRun: [MsnMsgr] "c:\programas\windows live\messenger\msnmsgr.exe" /background

    uRun: [spybotSD TeaTimer] c:\programas\spybot - search & destroy\TeaTimer.exe

    mRun: [egui] "c:\programas\eset\eset smart security\egui.exe" /hide /waitservice

    mRun: [TkBellExe] "c:\programas\ficheiros comuns\real\update_ob\realsched.exe" -osboot

    mRun: [Adobe Reader Speed Launcher] "c:\programas\adobe\reader 9.0\reader\Reader_sl.exe"

    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe

    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    Notify: igfxcui - igfxdev.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\striker\applic~1\mozilla\firefox\profiles\pkpeqkta.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt/

    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&fl=1&ei=utf-8&vl=lang_pt&type=937811&p=

    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

    FF - plugin: c:\documents and settings\striker\application data\mozilla\firefox\profiles\pkpeqkta.default\extensions\{4d144bc3-23fb-47de-90c5-63ccb0139ccf}\plugins\npww.dll

    FF - plugin: c:\programas\mozilla firefox\plugins\npww.dll

    FF - plugin: c:\programas\veetle\player\npvlc.dll

    FF - plugin: c:\programas\veetle\plugins\npVeetle.dll

    FF - plugin: c:\programas\veetle\vlcbroadcast\npvbp.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    FF - HiddenExtension: Java Console: No Registry Reference - c:\programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----

    c:\programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

    c:\programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

    c:\programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

    c:\programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

    c:\programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

    c:\programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

    c:\programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

    c:\programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

    c:\programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

    c:\programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

    c:\programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

    c:\programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

    c:\programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    c:\programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

    c:\programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

    c:\programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

    c:\programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

    c:\programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

    c:\programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

    c:\programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

    c:\programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

    c:\programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

    c:\programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

    c:\programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

    c:\programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

    c:\programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

    c:\programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

    c:\programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

    c:\programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    c:\programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    c:\programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    c:\programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    c:\programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

    c:\programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    c:\programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

    c:\programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-4-4 33824]

    R2 ekrn;Eset Service;c:\programas\eset\eset smart security\ekrn.exe [2007-12-21 468224]

    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-6-27 5888]

    R3 RTL8187B;Placa de rede sem fios Realtek RTL8187B, 802.11b/g, de 54 Mbps e USB 2.0;c:\windows\system32\drivers\RTL8187B.sys [2010-3-29 341376]

    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-6-19 137344]

    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-6-19 8320]

    S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2010-8-30 32512]

    S3 UFS2XX;UFS2XX.SYS UFS2 device driver;c:\windows\system32\drivers\UFS2XX.sys [2010-4-4 57672]

    =============== Created Last 30 ================

    2010-09-15 07:08:44 0 d-----w- C:\3849e55268ef4016c2

    2010-09-11 16:10:10 0 d-----w- c:\programas\URUSoft

    2010-09-07 18:24:44 0 d-----w- c:\programas\VideoLAN

    2010-09-07 18:18:07 0 d-----w- c:\programas\ficheiros comuns\xing shared

    2010-09-07 18:15:41 0 d-----w- c:\programas\ficheiros comuns\Real

    2010-09-06 12:06:56 38422 ------w- c:\windows\system32\drivers\StMp3Rec.sys

    2010-09-06 12:06:12 0 d-----w- c:\programas\Creative

    2010-08-30 21:30:47 81920 ------w- c:\windows\system32\Packet.dll

    2010-08-30 21:30:47 61440 ------w- c:\windows\system32\WanPacket.dll

    2010-08-30 21:30:47 57344 ------w- c:\windows\system32\XButton.ocx

    2010-08-30 21:30:47 389120 ------w- c:\windows\system32\actskn43.ocx

    2010-08-30 21:30:47 32512 ------w- c:\windows\system32\drivers\npf.sys

    2010-08-30 21:30:47 233472 ------w- c:\windows\system32\wpcap.dll

    2010-08-30 21:30:41 0 d-----w- c:\programas\Makayama Interactive

    2010-08-29 21:20:29 0 d-----w- c:\programas\FriendAdderElite

    2010-08-29 14:14:22 0 d-----w- C:\Nova pasta

    2010-08-26 20:03:02 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

    2010-08-26 20:01:19 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

    2010-08-26 20:00:21 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

    2010-08-26 19:59:34 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

    2010-08-26 19:58:33 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

    2010-08-26 19:57:13 0 d-----w- c:\windows\Logs

    2010-08-26 19:30:17 0 d-----w- c:\docume~1\striker\applic~1\Canneverbe Limited

    2010-08-26 19:30:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited

    2010-08-26 16:01:08 0 d-----w- c:\programas\JDownloader

    2010-08-25 20:40:54 45056 ----a-w- c:\windows\system32\WNASPI32.DLL

    2010-08-25 20:40:54 16877 ----a-w- c:\windows\system32\drivers\ASPI32.SYS

    2010-08-25 20:34:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero

    2010-08-24 21:43:30 0 d-----w- c:\programas\Microsoft

    ==================== Find3M ====================

    2010-09-18 02:26:57 83434 ----a-w- c:\windows\system32\perfc016.dat

    2010-09-18 02:26:57 488968 ----a-w- c:\windows\system32\perfh016.dat

    2010-09-07 18:15:51 348160 ----a-w- c:\windows\system32\msvcr71.dll

    2010-09-07 18:15:50 499712 ----a-w- c:\windows\system32\msvcp71.dll

    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

    2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe

    2010-08-09 17:13:47 48128 ---ha-w- c:\windows\system32\asr_pact.dll

    2010-07-27 06:28:51 8504320 ------w- c:\windows\system32\dllcache\shell32.dll

    2010-07-23 06:13:27 590848 ----a-w- c:\windows\system32\rpcrt4.dll

    2010-07-23 06:13:27 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll

    2010-07-22 06:19:06 5632 ----a-w- c:\windows\system32\xpsp4res.dll

    2010-07-15 23:20:59 4100 ----a-w- c:\windows\system32\hdvirffo.dll

    2010-06-30 12:24:24 149504 ----a-w- c:\windows\system32\schannel.dll

    2010-06-30 12:24:24 149504 ------w- c:\windows\system32\dllcache\schannel.dll

    2010-06-27 22:18:19 6508 ----a-w- c:\windows\system32\d3d9caps.dat

    2010-06-24 21:29:48 1861248 ----a-w- c:\windows\system32\win32k.sys

    2010-06-24 21:29:48 1861248 ------w- c:\windows\system32\dllcache\win32k.sys

    2010-06-23 11:31:28 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

    2010-03-29 20:56:01 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat

    2010-03-29 20:56:01 32768 --sha-w- c:\windows\system32\config\systemprofile\definições locais\histórico\history.ie5\index.dat

    2010-03-29 20:55:30 32768 --sha-w- c:\windows\system32\config\systemprofile\definições locais\histórico\history.ie5\mshist012010032920100330\index.dat

    2010-03-29 20:56:01 32768 --sha-w- c:\windows\system32\config\systemprofile\definições locais\temporary internet files\content.ie5\index.dat

    2010-03-29 21:28:41 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

    ============= FINISH: 15:56:29,21 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume1

    Install Date: 29-03-2010 21:54:41

    System Uptime: 19-09-2010 14:24:58 (1 hours ago)

    Motherboard: Intel Corp. | | Base Board Product Name

    Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz | CPU | 1862/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 186 GiB total, 149,35 GiB free.

    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP92: 21-06-2010 21:04:36 - Ponto de verificação do sistema

    RP93: 22-06-2010 19:55:13 - Software Distribution Service 3.0

    RP94: 24-06-2010 1:14:34 - Ponto de verificação do sistema

    RP95: 25-06-2010 21:10:35 - Ponto de verificação do sistema

    RP96: 26-06-2010 21:54:42 - Ponto de verificação do sistema

    RP97: 26-06-2010 22:27:50 - Instalado Microsoft Office Excel Viewer

    RP98: 27-06-2010 19:34:45 - Instalado REALTEK GbE & FE Ethernet PCI-E NIC Driver

    RP99: 27-06-2010 19:38:18 - Installed TOSHIBA Controls

    RP100: 27-06-2010 19:43:36 - Instalado TOSHIBA Common Module

    RP101: 28-06-2010 20:42:38 - Ponto de verificação do sistema

    RP102: 30-06-2010 22:46:03 - Ponto de verificação do sistema

    RP103: 02-07-2010 1:35:40 - Ponto de verificação do sistema

    RP104: 03-07-2010 2:25:43 - Removed ESET Smart Security

    RP105: 03-07-2010 2:33:54 - Installed ESET Smart Security

    RP106: 03-07-2010 23:49:12 - Removed ESET Smart Security

    RP107: 04-07-2010 1:03:12 - Instalado Kaspersky Internet Security 2011.

    RP108: 04-07-2010 1:33:03 - Removido Kaspersky Internet Security 2011.

    RP109: 05-07-2010 12:17:36 - Installed ESET Smart Security

    RP110: 06-07-2010 22:53:31 - Ponto de verificação do sistema

    RP111: 08-07-2010 17:36:53 - Ponto de verificação do sistema

    RP112: 09-07-2010 17:54:25 - Ponto de verificação do sistema

    RP113: 10-07-2010 20:52:36 - Ponto de verificação do sistema

    RP114: 11-07-2010 21:10:52 - Ponto de verificação do sistema

    RP115: 12-07-2010 21:12:03 - Ponto de verificação do sistema

    RP116: 13-07-2010 18:19:52 - Software Distribution Service 3.0

    RP117: 14-07-2010 18:45:47 - Ponto de verificação do sistema

    RP118: 15-07-2010 19:35:29 - Ponto de verificação do sistema

    RP119: 16-07-2010 20:11:31 - Ponto de verificação do sistema

    RP120: 17-07-2010 20:21:15 - Ponto de verificação do sistema

    RP121: 18-07-2010 22:38:12 - Ponto de verificação do sistema

    RP122: 20-07-2010 3:50:05 - Ponto de verificação do sistema

    RP123: 01-08-2010 5:29:16 - Installed Samsung USB Driver

    RP124: 07-08-2010 17:57:16 - Software Distribution Service 3.0

    RP125: 09-08-2010 15:10:49 - Ponto de verificação do sistema

    RP126: 10-08-2010 16:14:41 - Ponto de verificação do sistema

    RP127: 11-08-2010 22:17:03 - Installed DirectX

    RP128: 12-08-2010 19:17:34 - Software Distribution Service 3.0

    RP129: 13-08-2010 23:11:23 - Ponto de verificação do sistema

    RP130: 15-08-2010 17:42:57 - Software Distribution Service 3.0

    RP131: 16-08-2010 0:39:41 - Software Distribution Service 3.0

    RP132: 17-08-2010 13:09:06 - Removido WebFldrs XP

    RP133: 18-08-2010 22:08:36 - Ponto de verificação do sistema

    RP134: 19-08-2010 22:22:10 - Ponto de verificação do sistema

    RP135: 21-08-2010 15:10:52 - Ponto de verificação do sistema

    RP136: 22-08-2010 15:23:07 - Ponto de verificação do sistema

    RP137: 23-08-2010 15:54:05 - Ponto de verificação do sistema

    RP138: 24-08-2010 16:45:39 - Ponto de verificação do sistema

    RP139: 24-08-2010 22:35:42 - Removido Windows Live Sync

    RP140: 25-08-2010 21:20:57 - Foi instalado o Windows XP com KB942288-v3.

    RP141: 25-08-2010 21:32:10 - Nero BurnLite 10 instalado.

    RP142: 25-08-2010 21:41:35 - Nero BurnLite 10 removido.

    RP143: 25-08-2010 23:14:39 - Nero BurnLite 10 removido.

    RP144: 25-08-2010 23:18:45 - Removed Nero Toolbar.

    RP145: 26-08-2010 20:55:32 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    RP146: 26-08-2010 20:56:52 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    RP147: 26-08-2010 20:57:41 - Installed DirectX

    RP148: 26-08-2010 20:58:25 - Installed DirectX

    RP149: 26-08-2010 20:59:25 - Installed DirectX

    RP150: 26-08-2010 21:00:12 - Installed DirectX

    RP151: 26-08-2010 21:01:09 - Installed DirectX

    RP152: 26-08-2010 21:02:51 - Installed DirectX

    RP153: 27-08-2010 0:08:15 - Removed YouTube Downloader Toolbar v1.0.

    RP154: 27-08-2010 20:47:25 - Software Distribution Service 3.0

    RP155: 27-08-2010 22:16:59 - Software Distribution Service 3.0

    RP156: 27-08-2010 23:16:40 - Software Distribution Service 3.0

    RP157: 28-08-2010 19:30:04 - Software Distribution Service 3.0

    RP158: 29-08-2010 3:00:40 - Software Distribution Service 3.0

    RP159: 29-08-2010 13:36:09 - Software Distribution Service 3.0

    RP160: 29-08-2010 22:20:25 - Installed FriendAdderElite

    RP161: 30-08-2010 0:05:10 - Software Distribution Service 3.0

    RP162: 30-08-2010 13:50:54 - Software Distribution Service 3.0

    RP163: 30-08-2010 17:31:52 - Software Distribution Service 3.0

    RP164: 30-08-2010 19:51:32 - Software Distribution Service 3.0

    RP165: 31-08-2010 0:06:56 - Software Distribution Service 3.0

    RP166: 31-08-2010 13:33:14 - Software Distribution Service 3.0

    RP167: 01-09-2010 3:00:43 - Software Distribution Service 3.0

    RP168: 01-09-2010 23:22:00 - Software Distribution Service 3.0

    RP169: 02-09-2010 12:24:43 - Software Distribution Service 3.0

    RP170: 03-09-2010 20:09:33 - Software Distribution Service 3.0

    RP171: 03-09-2010 22:35:08 - Software Distribution Service 3.0

    RP172: 04-09-2010 19:53:38 - Software Distribution Service 3.0

    RP173: 05-09-2010 3:00:42 - Software Distribution Service 3.0

    RP174: 06-09-2010 3:00:45 - Software Distribution Service 3.0

    RP175: 06-09-2010 13:06:11 - Instalado Creative Mass Storage Drivers

    RP176: 07-09-2010 17:30:27 - Software Distribution Service 3.0

    RP177: 07-09-2010 19:42:16 - Software Distribution Service 3.0

    RP178: 08-09-2010 3:00:43 - Software Distribution Service 3.0

    RP179: 09-09-2010 1:16:50 - Software Distribution Service 3.0

    RP180: 10-09-2010 1:17:53 - Software Distribution Service 3.0

    RP181: 11-09-2010 14:59:23 - Ponto de verificação do sistema

    RP182: 12-09-2010 2:38:11 - Software Distribution Service 3.0

    RP183: 12-09-2010 23:51:56 - Software Distribution Service 3.0

    RP184: 14-09-2010 2:00:20 - Software Distribution Service 3.0

    RP185: 15-09-2010 8:08:31 - Software Distribution Service 3.0

    RP186: 17-09-2010 17:44:36 - Software Distribution Service 3.0

    RP187: 18-09-2010 3:00:38 - Software Distribution Service 3.0

    ==== Installed Programs ======================

    Actualização de Segurança para o Windows Media Player (KB975558)

    Actualização de Segurança para o Windows Media Player (KB978695)

    Actualização de segurança para Windows Internet Explorer 8 (KB2183461)

    Actualização de segurança para Windows Internet Explorer 8 (KB982381)

    Actualização de segurança para Windows XP (KB2079403)

    Actualização de segurança para Windows XP (KB2115168)

    Actualização de segurança para Windows XP (KB2121546)

    Actualização de segurança para Windows XP (KB2160329)

    Actualização de segurança para Windows XP (KB2229593)

    Actualização de segurança para Windows XP (KB2259922)

    Actualização de segurança para Windows XP (KB2286198)

    Actualização de segurança para Windows XP (KB2347290)

    Actualização de segurança para Windows XP (KB975562)

    Actualização de segurança para Windows XP (KB978542)

    Actualização de segurança para Windows XP (KB979482)

    Actualização de segurança para Windows XP (KB979559)

    Actualização de segurança para Windows XP (KB980195)

    Actualização de segurança para Windows XP (KB980218)

    Actualização de segurança para Windows XP (KB980436)

    Actualização de segurança para Windows XP (KB981322)

    Actualização de segurança para Windows XP (KB981852)

    Actualização de segurança para Windows XP (KB981997)

    Actualização de segurança para Windows XP (KB982214)

    Actualização de segurança para Windows XP (KB982665)

    Actualização de segurança para Windows XP (KB982802)

    Actualização para Windows XP (KB2141007)

    Actualização para Windows XP (KB961503)

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Reader 9.3.4 - Português

    Assistente de Início de Sessão do Windows Live

    Correcção para o Microsoft .NET Framework 3.5 Language Pack SP1 - enu (KB960043)

    DirectCOM

    Drivers de armazenamento em massa da Creative

    Easy WiFi Radar 1.0.5

    ESET Smart Security

    Ferramenta de Carregamento do Windows Live

    FLV Player 2.0 (build 25)

    FriendAdderElite

    Fuse Drivers

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)

    Hotfix para Windows XP (KB942288-v3)

    Hotfix para Windows XP (KB981793)

    Intel® Graphics Media Accelerator Driver

    JDownloader

    Junk Mail filter update

    Messenger Plus! Live

    Microsoft .NET Framework 2.0 Service Pack 2

    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTG

    Microsoft .NET Framework 3.0 Service Pack 2

    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTG

    Microsoft .NET Framework 3.5 Language Pack SP1 - ptg

    Microsoft .NET Framework 3.5 SP1

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

    Microsoft Office Excel Viewer

    Microsoft Silverlight

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    mIRC

    Mozilla Firefox (3.6.9)

    MSVCRT

    MSXML 6.0 Parser

    Navifirm by a2phone 1.00

    Nokia Batteries Compatibility 1.0

    Nokia Connectivity Cable Driver

    Nokia Flashing Cable Driver

    Nokia Service Tool Drivers

    Phoenix Service Software

    Phoenix Service Software 2010.12.11.42838

    PL-2303 USB-to-Serial

    RealPlayer

    REALTEK GbE & FE Ethernet PCI-E NIC Driver

    RealUpgrade 1.0

    Samsung USB Driver

    Segoe UI

    Subtitle Workshop 2.51

    TomTom HOME Visual Studio Merge Modules

    TOSHIBA Controls

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    VLC media player 1.1.4

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Mail

    Windows Live Messenger

    WinSetupFromUSB

    ==== End Of File ===========================

    GMER 1.0.15.15281 - http://www.gmer.net

    Rootkit scan 2010-09-21 21:27:59

    Windows 5.1.2600 Service Pack 3

    Running: gmer.exe; Driver: C:\DOCUME~1\striker\DEFINI~1\Temp\pxtdapow.sys

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\drivers\oreans32.sys section is writeable [0xBA2F8280, 0x7B1C, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Programas\ESET\ESET Smart Security\ekrn.exe[572] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00]

    .text C:\Programas\Mozilla Firefox\firefox.exe[1012] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 004013F0 C:\Programas\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    .text C:\Programas\Mozilla Firefox\plugin-container.exe[4068] USER32.dll!TrackPopupMenu 7E3E531E 5 Bytes JMP 103FDDE0 C:\Programas\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\Explorer.EXE[684] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\Explorer.EXE[684] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\Explorer.EXE[684] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\Explorer.EXE[684] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\Explorer.EXE[684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\Explorer.EXE[684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\Explorer.EXE[684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\Explorer.EXE[684] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E15605] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\WINDOWS\Explorer.EXE[684] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\WINDOWS\Explorer.EXE[684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\Explorer.EXE[684] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\WINDOWS\Explorer.EXE[684] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\firefox.exe[1012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\firefox.exe[1012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\firefox.exe[1012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\firefox.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\firefox.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\firefox.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\firefox.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\firefox.exe[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\firefox.exe[1012] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E15605] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\firefox.exe[1012] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\firefox.exe[1012] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\ESET\ESET Smart Security\egui.exe[2340] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\ESET\ESET Smart Security\egui.exe[2340] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\ESET\ESET Smart Security\egui.exe[2340] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\ESET\ESET Smart Security\egui.exe[2340] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\ESET\ESET Smart Security\egui.exe[2340] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\ESET\ESET Smart Security\egui.exe[2340] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\Programas\ESET\ESET Smart Security\egui.exe[2340] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\ESET\ESET Smart Security\egui.exe[2340] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\system32\ctfmon.exe[2660] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\system32\ctfmon.exe[2660] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\system32\ctfmon.exe[2660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\system32\ctfmon.exe[2660] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\system32\ctfmon.exe[2660] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\WINDOWS\system32\ctfmon.exe[2660] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\system32\ctfmon.exe[2660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\system32\ctfmon.exe[2660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\WINDOWS\system32\ctfmon.exe[2660] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\WINDOWS\system32\ctfmon.exe[2660] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Documents and Settings\striker\Ambiente de trabalho\gmer\gmer.exe[3132] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Documents and Settings\striker\Ambiente de trabalho\gmer\gmer.exe[3132] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Documents and Settings\striker\Ambiente de trabalho\gmer\gmer.exe[3132] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Documents and Settings\striker\Ambiente de trabalho\gmer\gmer.exe[3132] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Documents and Settings\striker\Ambiente de trabalho\gmer\gmer.exe[3132] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Documents and Settings\striker\Ambiente de trabalho\gmer\gmer.exe[3132] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Documents and Settings\striker\Ambiente de trabalho\gmer\gmer.exe[3132] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\Documents and Settings\striker\Ambiente de trabalho\gmer\gmer.exe[3132] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Java\jre6\bin\javaw.exe[3280] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Java\jre6\bin\javaw.exe[3280] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Java\jre6\bin\javaw.exe[3280] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Java\jre6\bin\javaw.exe[3280] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Java\jre6\bin\javaw.exe[3280] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Java\jre6\bin\javaw.exe[3280] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Java\jre6\bin\javaw.exe[3280] @ C:\WINDOWS\system32\shell32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\Programas\Java\jre6\bin\javaw.exe[3280] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Java\jre6\bin\javaw.exe[3280] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\Programas\Java\jre6\bin\javaw.exe[3280] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Spybot - Search & Destroy\TeaTimer.exe[3348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Spybot - Search & Destroy\TeaTimer.exe[3348] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Spybot - Search & Destroy\TeaTimer.exe[3348] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Spybot - Search & Destroy\TeaTimer.exe[3348] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Spybot - Search & Destroy\TeaTimer.exe[3348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Spybot - Search & Destroy\TeaTimer.exe[3348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Spybot - Search & Destroy\TeaTimer.exe[3348] @ C:\WINDOWS\system32\shell32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\Programas\Spybot - Search & Destroy\TeaTimer.exe[3348] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Spybot - Search & Destroy\TeaTimer.exe[3348] @ C:\WINDOWS\system32\wininet.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E15605] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\Programas\Spybot - Search & Destroy\TeaTimer.exe[3348] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\Programas\Spybot - Search & Destroy\TeaTimer.exe[3348] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\plugin-container.exe[4068] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\plugin-container.exe[4068] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\plugin-container.exe[4068] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\plugin-container.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\plugin-container.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\plugin-container.exe[4068] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884A05] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\plugin-container.exe[4068] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\plugin-container.exe[4068] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\plugin-container.exe[4068] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E15605] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\plugin-container.exe[4068] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (API avançada com base em Windows 32/Microsoft Corporation)

    IAT C:\Programas\Mozilla Firefox\plugin-container.exe[4068] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884A00] C:\WINDOWS\system32\kernel32.dll (DLL cliente da API BASE do Windows NT/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

    AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

    AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

    AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

    AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EA4C161E-D483-0C47-FC1E-05F8E14ED9CE}

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EA4C161E-D483-0C47-FC1E-05F8E14ED9CE}@iaegpcmllgllcjlcnh 0x6A 0x61 0x6E 0x61 ...

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EA4C161E-D483-0C47-FC1E-05F8E14ED9CE}@hachjklbfkammlhk 0x6A 0x61 0x6E 0x61 ...

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EA4C161E-D483-0C47-FC1E-05F8E14ED9CE}@abighmndjmkllejljfgdpjipifmpcceagd 0x6B 0x61 0x6F 0x65 ...

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EA4C161E-D483-0C47-FC1E-05F8E14ED9CE}@mahggmkkhnekeebpcimidieena 0x64 0x62 0x6A 0x67 ...

    ---- EOF - GMER 1.0.15 ----

    Ola,Peço desculpa por nao ter postado logo os logs.

    Cumps :cool:

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 10-09-21.01 - striker 21-09-2010 23:21:12.1.2 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.2038.1549 [GMT 1:00]

    Executando de: c:\documents and settings\striker\Ambiente de trabalho\ComboFix.exe

    AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\documents and settings\striker\Application Data\inst.exe

    c:\windows\system32\drivers\npf.sys

    c:\windows\system32\Packet.dll

    c:\windows\system32\WanPacket.dll

    c:\windows\system32\wpcap.dll

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_NPF

    -------\Service_NPF

    (((((((((((((((( Arquivos/Ficheiros criados de 2010-08-21 to 2010-09-21 ))))))))))))))))))))))))))))

    .

    2010-09-21 22:31 . 2010-09-21 22:31 -------- d-----w- c:\windows\system32\xircom

    2010-09-21 22:31 . 2010-09-21 22:31 -------- d-----w- c:\windows\system32\wbem\snmp

    2010-09-21 22:31 . 2010-09-21 22:31 -------- d-----w- c:\programas\microsoft frontpage

    2010-09-21 21:34 . 2010-09-21 21:34 47360 ----a-w- c:\documents and settings\striker\Application Data\pcouffin.sys

    2010-09-21 21:28 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

    2010-09-21 21:28 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

    2010-09-21 21:28 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

    2010-09-21 21:28 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll

    2010-09-21 21:28 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll

    2010-09-21 21:27 . 2010-09-21 21:28 -------- d-----w- c:\programas\Trojan Remover

    2010-09-21 21:27 . 2010-09-21 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software

    2010-09-21 21:27 . 2010-09-21 21:27 -------- d-----w- c:\documents and settings\striker\Application Data\Simply Super Software

    2010-09-19 20:28 . 2010-09-21 21:34 -------- d-----w- c:\documents and settings\striker\Application Data\Vso

    2010-09-19 15:36 . 2010-09-19 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

    2010-09-15 07:08 . 2010-09-15 07:08 -------- d-----w- C:\3849e55268ef4016c2

    2010-09-11 16:10 . 2010-09-21 21:33 -------- d-----w- c:\programas\URUSoft

    2010-09-07 18:32 . 2010-09-07 22:45 -------- d-----w- c:\documents and settings\striker\Application Data\vlc

    2010-09-07 18:24 . 2010-09-07 18:24 -------- d-----w- c:\programas\VideoLAN

    2010-09-07 18:20 . 2010-09-07 18:20 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

    2010-09-07 18:20 . 2010-09-07 18:20 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

    2010-09-06 12:06 . 2005-08-16 10:23 38422 ------w- c:\windows\system32\drivers\StMp3Rec.sys

    2010-09-06 12:06 . 2010-09-06 12:06 -------- d-----w- c:\programas\Creative

    2010-08-30 21:30 . 2010-08-30 21:30 -------- d-----w- c:\programas\Makayama Interactive

    2010-08-29 21:20 . 2010-08-29 21:20 -------- d-----w- c:\programas\FriendAdderElite

    2010-08-29 14:14 . 2010-08-29 14:14 -------- d-----w- C:\Nova pasta

    2010-08-26 20:03 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

    2010-08-26 20:01 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

    2010-08-26 20:00 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

    2010-08-26 19:59 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

    2010-08-26 19:58 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

    2010-08-26 19:57 . 2010-08-26 19:57 -------- d-----w- c:\windows\Logs

    2010-08-26 19:30 . 2010-08-26 19:30 -------- d-----w- c:\documents and settings\striker\Application Data\Canneverbe Limited

    2010-08-26 19:30 . 2010-08-26 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited

    2010-08-26 16:01 . 2010-09-21 19:01 -------- d-----w- c:\programas\JDownloader

    2010-08-25 20:40 . 2002-07-17 09:03 45056 ----a-w- c:\windows\system32\WNASPI32.DLL

    2010-08-25 20:40 . 2002-07-17 07:53 16877 ----a-w- c:\windows\system32\drivers\ASPI32.SYS

    2010-08-25 20:37 . 2010-08-25 20:37 -------- d-----w- c:\documents and settings\striker\Application Data\Nero

    2010-08-25 20:34 . 2010-08-25 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

    2010-08-24 21:43 . 2010-08-24 21:43 -------- d-----w- c:\programas\Microsoft

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-09-21 02:21 . 2008-04-15 11:00 83434 ----a-w- c:\windows\system32\perfc016.dat

    2010-09-21 02:21 . 2008-04-15 11:00 488968 ----a-w- c:\windows\system32\perfh016.dat

    2010-09-07 18:20 . 2010-09-07 18:20 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

    2010-09-07 18:20 . 2010-09-07 18:20 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

    2010-09-07 18:20 . 2010-09-07 18:20 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

    2010-09-07 18:20 . 2010-09-07 18:20 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

    2010-09-07 18:20 . 2010-09-07 18:20 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

    2010-09-07 18:20 . 2010-09-07 18:20 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

    2010-09-07 18:20 . 2010-09-07 18:20 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

    2010-09-07 18:20 . 2010-09-07 18:15 -------- d-----w- c:\programas\Ficheiros comuns\Real

    2010-09-07 18:18 . 2010-09-07 18:15 -------- d-----w- c:\programas\Real

    2010-09-07 18:18 . 2010-09-07 18:18 -------- d-----w- c:\programas\Ficheiros comuns\xing shared

    2010-09-07 18:15 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

    2010-09-07 18:15 . 2003-07-11 08:16 499712 ----a-w- c:\windows\system32\msvcp71.dll

    2010-09-06 12:05 . 2010-03-29 21:31 -------- d--h--w- c:\programas\InstallShield Installation Information

    2010-09-04 18:47 . 2010-08-11 21:21 -------- d-----w- c:\programas\Microsoft Silverlight

    2010-08-24 21:44 . 2010-03-29 23:29 -------- d-----w- c:\programas\Windows Live

    2010-08-17 13:17 . 2008-04-15 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

    2010-08-17 12:08 . 2010-04-11 19:28 -------- d-----w- c:\programas\VDownloader

    2010-08-16 22:53 . 2010-03-29 23:29 -------- d-----w- c:\programas\Messenger Plus! Live

    2010-08-11 21:12 . 2010-03-29 22:51 -------- d-----w- c:\programas\MSN Messenger

    2010-08-11 21:10 . 2010-08-11 21:10 -------- d-----w- c:\programas\Windows Live SkyDrive

    2010-08-11 20:46 . 2010-08-11 20:46 -------- d-----w- c:\programas\Ficheiros comuns\Windows Live

    2010-08-09 17:13 . 2010-08-09 17:13 48128 ---ha-w- c:\windows\system32\asr_pact.dll

    2010-07-23 06:13 . 2010-01-12 22:57 590848 ----a-w- c:\windows\system32\rpcrt4.dll

    2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll

    2010-07-15 23:20 . 2010-07-15 23:20 4100 ----a-w- c:\windows\system32\hdvirffo.dll

    2010-06-30 12:24 . 2010-01-12 22:56 149504 ----a-w- c:\windows\system32\schannel.dll

    2010-06-27 22:18 . 2010-03-30 23:16 6508 ----a-w- c:\windows\system32\d3d9caps.dat

    2010-06-24 21:29 . 2010-01-12 22:57 1861248 ----a-w- c:\windows\system32\win32k.sys

    2010-06-24 12:28 . 2010-01-12 22:47 919040 ----a-w- c:\windows\system32\wininet.dll

    .

    ------- Sigcheck -------

    [-] 2010-01-12 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MsnMsgr"="c:\programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

    "SpybotSD TeaTimer"="c:\programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "egui"="c:\programas\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]

    "TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2010-09-07 202256]

    "Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

    "TrojanScanner"="c:\programas\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "_nltide_3"="advpack.dll" [2010-01-12 128512]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

    2010-06-09 08:06 976832 ----a-w- c:\programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

    2010-06-20 02:04 35760 ----a-w- c:\programas\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

    2005-05-03 18:43 69632 ----a-w- c:\windows\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

    2008-12-18 13:28 178712 ----a-w- c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

    2008-12-18 13:28 150040 ----a-w- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    2008-04-14 20:39 1695232 ------w- c:\programas\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

    2008-12-18 13:28 150040 ----a-w- c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    2010-03-17 20:53 421888 ----a-w- c:\programas\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

    2008-01-29 15:47 16859648 ----a-w- c:\windows\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    2010-02-18 10:43 248040 ----a-w- c:\programas\Ficheiros comuns\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]

    2008-03-04 11:12 360448 ----a-w- c:\programas\TOSHIBA\TOSHIBA Applet\THotkey.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Programas\\Java\\jre6\\bin\\javaw.exe"=

    "c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [04-04-2010 20:01 33824]

    R2 ekrn;Eset Service;c:\programas\ESET\ESET Smart Security\ekrn.exe [21-12-2007 8:21 468224]

    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [27-06-2010 19:43 5888]

    R3 RTL8187B;Placa de rede sem fios Realtek RTL8187B, 802.11b/g, de 54 Mbps e USB 2.0;c:\windows\system32\drivers\RTL8187B.sys [29-03-2010 22:31 341376]

    S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\docume~1\striker\DEFINI~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe --> c:\docume~1\striker\DEFINI~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe [?]

    S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\striker\DEFINI~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\striker\DEFINI~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]

    S3 fsbl;F-Secure BlackLight Engine Driver;\??\c:\docume~1\striker\DEFINI~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys --> c:\docume~1\striker\DEFINI~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys [?]

    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [19-06-2010 0:17 137344]

    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [19-06-2010 0:17 8320]

    S3 UFS2XX;UFS2XX.SYS UFS2 device driver;c:\windows\system32\drivers\UFS2XX.sys [04-04-2010 13:05 57672]

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2010-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-09-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-796845957-1801674531-1003.job

    - c:\programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

    2010-09-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-796845957-1801674531-1003.job

    - c:\programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://start.icq.com/

    uInternet Connection Wizard,ShellNext = iexplore

    uInternet Settings,ProxyServer = socks=

    FF - ProfilePath - c:\documents and settings\striker\Application Data\Mozilla\Firefox\Profiles\pkpeqkta.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt/

    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&fl=1&ei=utf-8&vl=lang_pt&type=937811&p=

    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

    FF - plugin: c:\documents and settings\striker\Application Data\Mozilla\Firefox\Profiles\pkpeqkta.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}\plugins\npww.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\npww.dll

    FF - plugin: c:\programas\Veetle\Player\npvlc.dll

    FF - plugin: c:\programas\Veetle\plugins\npVeetle.dll

    FF - plugin: c:\programas\Veetle\VLCBroadcast\npvbp.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----

    c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    MSConfigStartUp-aliim - c:\programas\trademanager\aliim.exe

    MSConfigStartUp-ICQ - c:\programas\ICQ7.1\ICQ.exe

    MSConfigStartUp-TFncKy - TFncKy.exe

    MSConfigStartUp-TomTomHOME - c:\programas\TomTom HOME 2\TomTomHOMERunner.exe

    MSConfigStartUp-uTorrent - c:\programas\uTorrent\uTorrent.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-09-21 23:33

    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_USERS\S-1-5-21-1454471165-796845957-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EA4C161E-D483-0C47-FC1E-05F8E14ED9CE}*]

    @Allowed: (Read) (RestrictedCode)

    @Allowed: (Read) (RestrictedCode)

    "iaegpcmllgllcjlcnh"=hex:6a,61,6e,61,70,65,6d,62,67,62,6e,66,66,67,68,6a,6e,6d,

    6e,65,00,e4

    "hachjklbfkammlhk"=hex:6a,61,6e,61,70,65,6d,62,67,62,6e,66,66,67,68,6a,6e,6d,

    6e,65,00,e4

    "abighmndjmkllejljfgdpjipifmpcceagd"=hex:6b,61,6f,65,64,68,65,62,6b,70,65,6f,

    61,6b,6c,62,69,62,6c,61,64,6d,00,00

    "mahggmkkhnekeebpcimidieena"=hex:64,62,6a,67,69,6f,6d,62,6c,6a,6c,6b,6b,66,61,

    70,65,69,6a,69,65,6e,69,6a,6a,61,6f,66,68,62,68,65,6a,67,61,62,62,66,64,68,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'explorer.exe'(956)

    c:\windows\system32\msi.dll

    c:\windows\system32\webcheck.dll

    c:\windows\system32\WPDShServiceObj.dll

    c:\windows\system32\PortableDeviceTypes.dll

    c:\windows\system32\PortableDeviceApi.dll

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\windows\system32\agrsmsvc.exe

    c:\programas\Java\jre6\bin\jqs.exe

    c:\programas\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

    c:\windows\system32\wbem\wmiapsrv.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2010-09-21 23:39:08 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2010-09-21 22:39

    Pré-execução: 159.277.658.112 bytes livres

    Pós execução: 163.199.971.328 bytes livres

    WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    UnsupportedDebug="do not select this" /debug

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 50915868AC9D06B80A72639432454085

    Agradecido por a ajuda prestada.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":


    RegNull::
    [HKEY_USERS\S-1-5-21-1454471165-796845957-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EA4C161E-D483-0C47-FC1E-05F8E14ED9CE}*]

    • Salve este arquivo como: CFScript.txt
      CFScriptB-4.gif
    • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 10-09-21.01 - striker 24-09-2010 21:23:44.2.2 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.2038.1282 [GMT 1:00]

    Executando de: c:\documents and settings\striker\Ambiente de trabalho\ComboFix.exe

    Comandos utilizados :: c:\documents and settings\striker\Ambiente de trabalho\CFScript.txt

    AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2010-08-24 to 2010-09-24 ))))))))))))))))))))))))))))

    .

    2010-09-22 21:01 . 2010-09-22 21:05 -------- d-----w- c:\programas\Windows Live Safety Center

    2010-09-22 20:40 . 2010-09-22 20:40 -------- d-----w- c:\programas\CCleaner

    2010-09-21 22:31 . 2010-09-21 22:31 -------- d-----w- c:\windows\system32\xircom

    2010-09-21 22:31 . 2010-09-21 22:31 -------- d-----w- c:\windows\system32\wbem\snmp

    2010-09-21 22:31 . 2010-09-21 22:31 -------- d-----w- c:\programas\microsoft frontpage

    2010-09-21 21:34 . 2010-09-21 21:34 47360 ----a-w- c:\documents and settings\striker\Application Data\pcouffin.sys

    2010-09-19 20:28 . 2010-09-21 21:34 -------- d-----w- c:\documents and settings\striker\Application Data\Vso

    2010-09-19 15:36 . 2010-09-19 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

    2010-09-15 07:08 . 2010-09-15 07:08 -------- d-----w- C:\3849e55268ef4016c2

    2010-09-11 16:10 . 2010-09-21 21:33 -------- d-----w- c:\programas\URUSoft

    2010-09-07 18:32 . 2010-09-07 22:45 -------- d-----w- c:\documents and settings\striker\Application Data\vlc

    2010-09-07 18:24 . 2010-09-07 18:24 -------- d-----w- c:\programas\VideoLAN

    2010-09-07 18:20 . 2010-09-07 18:20 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

    2010-09-07 18:20 . 2010-09-07 18:20 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

    2010-09-06 12:06 . 2005-08-16 10:23 38422 ------w- c:\windows\system32\drivers\StMp3Rec.sys

    2010-09-06 12:06 . 2010-09-06 12:06 -------- d-----w- c:\programas\Creative

    2010-08-30 21:30 . 2010-08-30 21:30 -------- d-----w- c:\programas\Makayama Interactive

    2010-08-29 21:20 . 2010-08-29 21:20 -------- d-----w- c:\programas\FriendAdderElite

    2010-08-29 14:14 . 2010-08-29 14:14 -------- d-----w- C:\Nova pasta

    2010-08-26 20:03 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

    2010-08-26 20:01 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

    2010-08-26 20:00 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

    2010-08-26 19:59 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

    2010-08-26 19:58 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

    2010-08-26 19:57 . 2010-08-26 19:57 -------- d-----w- c:\windows\Logs

    2010-08-26 19:30 . 2010-08-26 19:30 -------- d-----w- c:\documents and settings\striker\Application Data\Canneverbe Limited

    2010-08-26 19:30 . 2010-08-26 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited

    2010-08-26 16:01 . 2010-09-24 19:38 -------- d-----w- c:\programas\JDownloader

    2010-08-25 20:40 . 2002-07-17 09:03 45056 ----a-w- c:\windows\system32\WNASPI32.DLL

    2010-08-25 20:40 . 2002-07-17 07:53 16877 ----a-w- c:\windows\system32\drivers\ASPI32.SYS

    2010-08-25 20:37 . 2010-08-25 20:37 -------- d-----w- c:\documents and settings\striker\Application Data\Nero

    2010-08-25 20:34 . 2010-08-25 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-09-24 13:19 . 2008-04-15 11:00 488968 ----a-w- c:\windows\system32\perfh016.dat

    2010-09-24 13:19 . 2008-04-15 11:00 83434 ----a-w- c:\windows\system32\perfc016.dat

    2010-09-07 18:20 . 2010-09-07 18:20 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

    2010-09-07 18:20 . 2010-09-07 18:20 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

    2010-09-07 18:20 . 2010-09-07 18:20 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

    2010-09-07 18:20 . 2010-09-07 18:20 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

    2010-09-07 18:20 . 2010-09-07 18:20 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

    2010-09-07 18:20 . 2010-09-07 18:20 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

    2010-09-07 18:20 . 2010-09-07 18:20 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

    2010-09-07 18:20 . 2010-09-07 18:15 -------- d-----w- c:\programas\Ficheiros comuns\Real

    2010-09-07 18:18 . 2010-09-07 18:15 -------- d-----w- c:\programas\Real

    2010-09-07 18:18 . 2010-09-07 18:18 -------- d-----w- c:\programas\Ficheiros comuns\xing shared

    2010-09-07 18:15 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

    2010-09-07 18:15 . 2003-07-11 08:16 499712 ----a-w- c:\windows\system32\msvcp71.dll

    2010-09-06 12:05 . 2010-03-29 21:31 -------- d--h--w- c:\programas\InstallShield Installation Information

    2010-09-04 18:47 . 2010-08-11 21:21 -------- d-----w- c:\programas\Microsoft Silverlight

    2010-08-24 21:44 . 2010-03-29 23:29 -------- d-----w- c:\programas\Windows Live

    2010-08-24 21:43 . 2010-08-24 21:43 -------- d-----w- c:\programas\Microsoft

    2010-08-17 13:17 . 2008-04-15 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

    2010-08-17 12:08 . 2010-04-11 19:28 -------- d-----w- c:\programas\VDownloader

    2010-08-16 22:53 . 2010-03-29 23:29 -------- d-----w- c:\programas\Messenger Plus! Live

    2010-08-11 21:12 . 2010-03-29 22:51 -------- d-----w- c:\programas\MSN Messenger

    2010-08-11 21:10 . 2010-08-11 21:10 -------- d-----w- c:\programas\Windows Live SkyDrive

    2010-08-11 20:46 . 2010-08-11 20:46 -------- d-----w- c:\programas\Ficheiros comuns\Windows Live

    2010-08-09 17:13 . 2010-08-09 17:13 48128 ---ha-w- c:\windows\system32\asr_pact.dll

    2010-07-23 06:13 . 2010-01-12 22:57 590848 ----a-w- c:\windows\system32\rpcrt4.dll

    2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll

    2010-07-15 23:20 . 2010-07-15 23:20 4100 ----a-w- c:\windows\system32\hdvirffo.dll

    2010-06-30 12:24 . 2010-01-12 22:56 149504 ----a-w- c:\windows\system32\schannel.dll

    2010-06-27 22:18 . 2010-03-30 23:16 6508 ----a-w- c:\windows\system32\d3d9caps.dat

    .

    ------- Sigcheck -------

    [-] 2010-01-12 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MsnMsgr"="c:\programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

    "SpybotSD TeaTimer"="c:\programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "egui"="c:\programas\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]

    "TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2010-09-07 202256]

    "Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "_nltide_3"="advpack.dll" [2010-01-12 128512]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

    2010-06-09 08:06 976832 ----a-w- c:\programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

    2010-06-20 02:04 35760 ----a-w- c:\programas\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

    2005-05-03 18:43 69632 ----a-w- c:\windows\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

    2008-12-18 13:28 178712 ----a-w- c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

    2008-12-18 13:28 150040 ----a-w- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    2008-04-14 20:39 1695232 ------w- c:\programas\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

    2008-12-18 13:28 150040 ----a-w- c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    2010-03-17 20:53 421888 ----a-w- c:\programas\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

    2008-01-29 15:47 16859648 ----a-w- c:\windows\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    2010-02-18 10:43 248040 ----a-w- c:\programas\Ficheiros comuns\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]

    2008-03-04 11:12 360448 ----a-w- c:\programas\TOSHIBA\TOSHIBA Applet\THotkey.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Programas\\Java\\jre6\\bin\\javaw.exe"=

    "c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [04-04-2010 20:01 33824]

    R2 ekrn;Eset Service;c:\programas\ESET\ESET Smart Security\ekrn.exe [21-12-2007 8:21 468224]

    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [27-06-2010 19:43 5888]

    R3 RTL8187B;Placa de rede sem fios Realtek RTL8187B, 802.11b/g, de 54 Mbps e USB 2.0;c:\windows\system32\drivers\RTL8187B.sys [29-03-2010 22:31 341376]

    S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\docume~1\striker\DEFINI~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe --> c:\docume~1\striker\DEFINI~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe [?]

    S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\striker\DEFINI~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\striker\DEFINI~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]

    S3 fsbl;F-Secure BlackLight Engine Driver;\??\c:\docume~1\striker\DEFINI~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys --> c:\docume~1\striker\DEFINI~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys [?]

    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [19-06-2010 0:17 137344]

    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [19-06-2010 0:17 8320]

    S3 UFS2XX;UFS2XX.SYS UFS2 device driver;c:\windows\system32\drivers\UFS2XX.sys [04-04-2010 13:05 57672]

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2010-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-09-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-796845957-1801674531-1003.job

    - c:\programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

    2010-09-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-796845957-1801674531-1003.job

    - c:\programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://start.icq.com/

    uInternet Connection Wizard,ShellNext = iexplore

    uInternet Settings,ProxyServer = socks=

    FF - ProfilePath - c:\documents and settings\striker\Application Data\Mozilla\Firefox\Profiles\pkpeqkta.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt/

    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&fl=1&ei=utf-8&vl=lang_pt&type=937811&p=

    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

    FF - plugin: c:\documents and settings\striker\Application Data\Mozilla\Firefox\Profiles\pkpeqkta.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}\plugins\npww.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\npww.dll

    FF - plugin: c:\programas\Veetle\Player\npvlc.dll

    FF - plugin: c:\programas\Veetle\plugins\npVeetle.dll

    FF - plugin: c:\programas\Veetle\VLCBroadcast\npvbp.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----

    c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-09-24 21:29

    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'winlogon.exe'(1372)

    c:\windows\system32\igfxdev.dll

    - - - - - - - > 'explorer.exe'(2624)

    c:\windows\system32\msi.dll

    c:\windows\system32\webcheck.dll

    c:\windows\system32\WPDShServiceObj.dll

    c:\windows\system32\PortableDeviceTypes.dll

    c:\windows\system32\PortableDeviceApi.dll

    .

    Tempo para conclusão: 2010-09-24 21:32:24

    ComboFix-quarantined-files.txt 2010-09-24 20:32

    ComboFix2.txt 2010-09-21 22:39

    Pré-execução: 166.795.726.848 bytes livres

    Pós execução: 167.063.535.616 bytes livres

    - - End Of File - - F287CBB534736A57DB3B541364F90E8F

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Leia atentamente toda a instrução abaixo antes de executar o programa.

    Faça download do Kaspersky Removal Tool e salve em seu desktop.

    • Instale o programa normalmente, seguindo todas as instruções.
    • Uma pasta chamada Virus Removal Tool será criada no desktop.
    • Na tela do programa clique nas opções:
      • Meu computador
      • Hidden Startup objects
      • Disk boot sectors
      • System Memory

      [*]Clique no botão Start Scan.[*]Seja paciente, o scan é demorado![*]Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.[*]Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:

      • Desinfection (quando possível)
      • Delete
      • Skip
    • Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
    • Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
      • Autoscan
      • Group by result
      • All Events

      [*]Expanda Autoscan clicando no sinal ao lado de +[*]Expanda Result: Detected.[*]Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.[*]Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.[*]Abra o Bloco de Notas e cole (ctrl + v)[*]Dê um nome para o arquivo e salve numa pasta de sua preferência.[*]Feche o resultado clicando no botão Exit.[*]Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.[*]Reinicie o computador quando for pedido.[*]Poste o conteúdo desse arquivo em sua próxima resposta.

    OBSERVAÇÃO1:
    Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,

    • verde
      :
      baixo risco
    • amarelo
      :
      médio risco
    • vermelho
      :
      alto risco

    Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em
    Skip
    .

    OBSERVAÇÃO2:
    Se no resultado final do scan apenas tiver
    Result:
    OK
    , não precisa gerar um relatório, apenas informe deste.

    OBSERVAÇÃO3:
    Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus:
    c:\
    QooBox
    . Caso isto aconteça escolha a opção
    Skip
    , pois a mesma pertence ao
    ComboFix
    e será removida quando o mesmo for desinstalado.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Autoscan: malfunction (events: 72576, objects: 0, time: Unknown)

    Result: OK (events: 70679)

    Result: Detected (events: 6)

    25-09-2010 19:45:04 C:\Documents and Settings\striker\Os meus documentos\Desblokear Huaweys+Zte(tlms vodafone,optimus etc)\BB5_JAF_UFS_WorkStation.rar/BB5_JAF_UFS_WorkStation/exes/BB5_PRINCE.exe/UPX

    25-09-2010 19:52:09 C:\Documents and Settings\striker\Os meus documentos\Desblokear Huaweys+Zte(tlms vodafone,optimus etc)\BB5_JAF_UFS_WorkStation\exes\BB5_PRINCE.exe/UPX

    25-09-2010 19:58:14 C:\Documents and Settings\striker\Os meus documentos\Desblokear Huaweys+Zte(tlms vodafone,optimus etc)\Nokia_BB5_Unlocker_Free_By_Cinek\Nokia_BB5_Unlocker_Free_By_Cinek.exe

    25-09-2010 20:03:35 C:\Program Files\ODEON\JAF\Virtual_PKEY_V5.exe

    25-09-2010 20:14:59 C:\Programas\mIRC\mirc.exe Information

    25-09-2010 20:48:59 C:\System Volume Information\_restore{4744E0E9-61BA-48DD-B02E-5E1D64E09740}\RP105\A0026528.exe Information

    Result: Archive (events: 1179)

    Result: Packed (events: 681)

    Result: Corrupted (events: 5)

    Result: Deleted (events: 3)

    Result: Cannot be deleted (events: 1)

    Result: Backed up (events: 3)

    Result: Not processed (events: 2)

    Result: Password protected (events: 15)

    Result: Will be deleted on system restart (events: 1)

    Result: Task started (events: 1)

    Autoscan: completed 4 hours ago (events: 95516, objects: 97061, time: 08:02:41)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Seus problemas iniciais não tem relação com malware. Aconselho que poste na seção Software - Outros.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ola nao entendi muito bem a sua resposta,o laptop esta com problemas,mas nao será malware foi isso que quis dizer?sera software instalado?

    de frisar que o virus remooval tool da kaspersky,eliminou alguns trojans.

    Grato.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    possuo um laptop com indices de estar com virus,ele bloqueia por vezes o firefox,o windows diz sempre que encontrou 3 actualizaçoes,mesmo eu dando ordem para instalar,depois de reiniciar pede sempre para instalar as mesmas que ja foram instaladas, e por vezes o WLMessenger nao recebe as mensagens em tempo real.

    Seus problemas iniciais não tem relação com malware. Aconselho que poste na seção Software - Outros.

    Ola nao entendi muito bem a sua resposta,o laptop esta com problemas,mas nao será malware foi isso que quis dizer?sera software instalado?

    de frisar que o virus remooval tool da kaspersky,eliminou alguns trojans.

    Grato.

    Pessoalmente reinstalaria os programas.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×