Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Felipe-Ce

Pc com perda de performance

Recommended Posts

Venho notando que nesses últimos dias o meu Norton vem avisando uma tentativa de invasão por um Trojan chamado:

Trojan.Vundo

Tá ficando chato porque toda vez que ele avisa dessa tentativa de invasão o Norton minimiza a tela do programa que estou usando. E venho notando uma pequena perda performance no meu pc. Muito pequena mas é uma coisa notória.

Peço que vocês me ajudem e se possível analisem meu log.

Logfile of HijackThis v1.99.1

Scan saved at 02:18:05, on 23/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

D:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

D:\Arquivos de programas\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

D:\WINDOWS\system32\CTHELPER.EXE

D:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe

D:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

D:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

D:\WINDOWS\system32\CTsvcCDA.exe

D:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

D:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\IoctlSvc.exe

D:\WINDOWS\system32\PnkBstrA.exe

D:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

D:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

D:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

D:\WINDOWS\system32\wscntfy.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

D:\Arquivos de programas\Internet Explorer\iexplore.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

D:\Arquivos de programas\MSN Messenger\msnmsgr.exe

D:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Aplicativos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\ARQUIV~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {CF3FC4E8-8132-4D99-B43D-AEC175D64E8B} - D:\WINDOWS\system32\ljjifdd.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [CTSysVol] D:\Arquivos de programas\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] D:\Arquivos de programas\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [sBDrvDet] D:\Arquivos de programas\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] D:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [type32] "D:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [ccApp] "D:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "D:\Arquivos de programas\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [NSWosCheck] D:\Arquivos de programas\Norton SystemWorks Premier\osCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] D:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "D:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Arquivos de programas\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Arquivos de programas\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205207844875

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D787C8EA-3F7C-4CC3-B0C6-2D423B9BBC9E}: NameServer = 200.165.132.155 200.149.55.140

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\ARQUIV~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: ljjifdd - D:\WINDOWS\SYSTEM32\ljjifdd.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - D:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - D:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Arquivos de programas\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - D:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - D:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Speed Disk service - Symantec Corporation - D:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Symantec Core LC - Unknown owner - D:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vai abaixo o log do ComboFix

ComboFix 08-03-22.3 - Felipe & Davi 2008-03-23 10:33:18.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1617 [GMT -3:00]

Executando de: D:\Documents and Settings\Felipe & Davi\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

D:\WINDOWS\system32\fcccbcd.dll

D:\WINDOWS\system32\ljjifdd.dll

D:\WINDOWS\system32\nnnmkjg.dll

.

((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))

.

2008-03-22 10:41 . 2008-03-22 10:41 <DIR> d-------- D:\Arquivos de programas\THQ

2008-03-22 10:38 . 2008-03-22 10:38 <DIR> d-------- D:\Arquivos de programas\MSXML 4.0

2008-03-21 17:42 . 2008-03-21 17:42 <DIR> d-------- D:\Arquivos de programas\Alcohol Soft

2008-03-21 16:04 . 2008-03-21 16:04 <DIR> d-------- D:\Arquivos de programas\NeroInstall.bak

2008-03-21 15:58 . 2008-03-21 15:58 <DIR> d-------- D:\Documents and Settings\Felipe & Davi\Dados de aplicativos\Nero

2008-03-21 15:56 . 2008-03-21 15:56 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-03-21 15:56 . 2008-03-21 15:56 <DIR> d-------- D:\Arquivos de programas\Nero

2008-03-21 15:56 . 2008-03-21 15:58 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\Nero

2008-03-19 15:49 . 2008-03-19 15:49 <DIR> d-------- D:\Documents and Settings\Felipe & Davi\Dados de aplicativos\Symantec

2008-03-18 21:02 . 2008-03-18 21:02 <DIR> d-------- D:\Arquivos de programas\Kustom Appz Software

2008-03-18 12:51 . 2008-03-18 12:51 196 --a------ D:\WINDOWS\GSdx9-sse2.INI

2008-03-18 12:51 . 2008-03-18 12:51 196 --a------ D:\WINDOWS\GSdx9-sse-TT.INI

2008-03-18 12:36 . 2008-03-18 12:55 196 --a------ D:\WINDOWS\GSdx9.INI

2008-03-17 22:26 . 2008-03-17 22:26 <DIR> d-------- D:\Documents and Settings\Felipe & Davi\Dados de aplicativos\fltk.org

2008-03-17 14:43 . 2008-03-17 14:43 335 --a------ D:\WINDOWS\game.ini

2008-03-17 14:36 . 2008-03-17 14:36 <DIR> d-------- D:\Arquivos de programas\Activision

2008-03-17 14:34 . 2008-03-17 14:34 <DIR> d--hs---- D:\WINDOWS\ftpcache

2008-03-14 14:54 . 2008-03-14 15:10 <DIR> d-------- D:\Arquivos de programas\zbattle.net

2008-03-14 12:20 . 2008-03-14 12:20 <DIR> d-------- D:\Documents and Settings\Felipe & Davi\Dados de aplicativos\Ubisoft

2008-03-14 12:19 . 2008-03-14 12:19 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Ubisoft

2008-03-14 12:16 . 2007-10-12 15:14 3,734,536 --a------ D:\WINDOWS\system32\d3dx9_36.dll

2008-03-14 12:16 . 2007-10-12 15:14 1,374,232 --a------ D:\WINDOWS\system32\D3DCompiler_36.dll

2008-03-14 12:16 . 2007-10-02 09:56 444,776 --a------ D:\WINDOWS\system32\d3dx10_36.dll

2008-03-14 12:16 . 2007-10-22 03:39 267,272 --a------ D:\WINDOWS\system32\xactengine2_10.dll

2008-03-14 12:16 . 2007-07-20 00:57 267,112 --a------ D:\WINDOWS\system32\xactengine2_9.dll

2008-03-14 12:15 . 2007-05-16 16:45 3,497,832 --a------ D:\WINDOWS\system32\d3dx9_34.dll

2008-03-14 12:15 . 2007-05-16 16:45 1,124,720 --a------ D:\WINDOWS\system32\D3DCompiler_34.dll

2008-03-14 12:15 . 2007-05-16 16:45 443,752 --a------ D:\WINDOWS\system32\d3dx10_34.dll

2008-03-14 12:15 . 2007-06-20 20:46 266,088 --a------ D:\WINDOWS\system32\xactengine2_8.dll

2008-03-14 12:15 . 2007-10-22 03:37 17,928 --a------ D:\WINDOWS\system32\X3DAudio1_2.dll

2008-03-14 12:08 . 2008-03-14 12:08 <DIR> d-------- D:\Documents and Settings\Felipe & Davi\Dados de aplicativos\InstallShield

2008-03-14 12:08 . 2008-03-14 12:08 <DIR> d-------- D:\Arquivos de programas\Ubisoft

2008-03-13 13:41 . 2008-03-13 13:41 <DIR> d-------- D:\Arquivos de programas\Google

2008-03-12 15:53 . 2004-08-03 23:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys

2008-03-12 13:25 . 2008-03-12 13:25 <DIR> d-------- D:\Documents and Settings\Felipe & Davi\Dados de aplicativos\Microsoft Games

2008-03-12 13:15 . 2007-07-19 18:14 3,727,720 --a------ D:\WINDOWS\system32\d3dx9_35.dll

2008-03-12 13:15 . 2007-07-19 18:14 1,358,192 --a------ D:\WINDOWS\system32\D3DCompiler_35.dll

2008-03-12 13:15 . 2007-07-19 18:14 444,776 --a------ D:\WINDOWS\system32\d3dx10_35.dll

2008-03-12 12:55 . 2008-03-12 12:55 <DIR> d-------- D:\Arquivos de programas\Microsoft Games

2008-03-12 11:20 . 2008-03-12 11:20 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\Adobe

2008-03-12 00:58 . 2008-03-22 17:25 511 --a------ D:\WINDOWS\n02.ini

2008-03-12 00:53 . 2008-03-22 02:07 498 --a------ D:\WINDOWS\kaillera.ini

2008-03-11 20:31 . 2008-03-23 10:31 <DIR> d-------- D:\Documents and Settings\Felipe & Davi\Dados de aplicativos\MegauploadToolbar

2008-03-11 20:31 . 2008-03-11 20:31 <DIR> d-------- D:\Arquivos de programas\MegauploadToolbar

2008-03-11 19:42 . 2008-03-11 19:42 <DIR> d-------- D:\Documents and Settings\Felipe & Davi\Dados de aplicativos\Media Player Classic

2008-03-11 19:42 . 2008-03-23 02:07 69 --a------ D:\WINDOWS\NeroDigital.ini

2008-03-11 18:54 . 2008-03-22 19:22 107,832 --a------ D:\WINDOWS\system32\PnkBstrB.exe

2008-03-11 18:54 . 2008-03-11 18:54 66,872 --a------ D:\WINDOWS\system32\PnkBstrA.exe

2008-03-11 18:54 . 2008-03-22 19:22 22,328 --a------ D:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-03-11 18:07 . 2008-03-16 00:26 <DIR> d-------- D:\Documents and Settings\Felipe & Davi\Dados de aplicativos\teamspeak2

2008-03-11 18:07 . 2008-03-11 18:07 <DIR> d-------- D:\Arquivos de programas\Teamspeak2_RC2

2008-03-11 18:07 . 2008-03-11 18:07 34,064 --a------ D:\WINDOWS\system32\lhacm.acm

2008-03-11 17:02 . 2008-03-11 17:02 <DIR> d-------- D:\Arquivos de programas\America's Army Server Manager

2008-03-11 17:02 . 2008-03-22 17:05 <DIR> d-------- D:\Arquivos de programas\America's Army

2008-03-11 16:17 . 2008-03-11 16:17 <DIR> d-------- D:\Arquivos de programas\uTorrent

2008-03-11 16:16 . 2008-03-22 23:34 <DIR> d-------- D:\Documents and Settings\Felipe & Davi\Dados de aplicativos\uTorrent

2008-03-11 11:44 . 2008-03-11 11:44 <DIR> d-------- D:\WINDOWS\system32\WAV

2008-03-11 11:44 . 2008-03-11 11:44 <DIR> d-------- D:\Arquivos de programas\USB_PS2 Vibration Pad

2008-03-11 11:40 . 2008-03-21 16:22 <DIR> d-------- D:\Arquivos de programas\7-Zip

2008-03-11 11:35 . 2008-03-11 11:35 <DIR> d-------- D:\Arquivos de programas\KONAMI

2008-03-11 11:22 . 2008-03-11 11:22 <DIR> d-------- D:\Arquivos de programas\Lavalys

2008-03-11 02:51 . 2008-03-12 12:07 <DIR> d-------- D:\Documents and Settings\Felipe & Davi\Contacts

2008-03-11 02:44 . 2008-01-12 18:32 23,904 --a------ D:\WINDOWS\system32\drivers\COH_Mon.sys

2008-03-11 02:44 . 2008-01-15 09:54 10,537 --a------ D:\WINDOWS\system32\drivers\COH_Mon.cat

2008-03-11 02:44 . 2008-01-15 05:28 706 --a------ D:\WINDOWS\system32\drivers\COH_Mon.inf

2008-03-11 02:16 . 2008-03-11 02:40 <DIR> d-------- D:\Arquivos de programas\Norton AntiVirus

2008-03-11 02:13 . 2008-03-19 15:49 <DIR> d-------- D:\Arquivos de programas\Norton SystemWorks Premier

2008-03-11 02:12 . 2008-03-11 02:37 123,952 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-03-11 02:12 . 2008-03-11 02:37 60,800 --a------ D:\WINDOWS\system32\S32EVNT1.DLL

2008-03-11 02:12 . 2008-03-11 02:37 10,740 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-03-11 02:12 . 2008-03-11 02:37 805 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-03-11 02:11 . 2008-03-11 02:44 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-03-11 02:11 . 2008-03-11 02:37 <DIR> d-------- D:\Arquivos de programas\Symantec

2008-03-11 02:11 . 2008-03-21 17:42 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-03-11 02:06 . 2008-03-11 02:06 <DIR> d-------- D:\Documents and Settings\Felipe & Davi\Dados de aplicativos\Ahead

2008-03-11 02:04 . 2008-03-21 15:47 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\Ahead

2008-03-11 02:01 . 2006-10-26 19:56 32,592 --a------ D:\WINDOWS\system32\msonpmon.dll

2008-03-11 02:00 . 2008-03-11 02:00 <DIR> d-------- D:\Arquivos de programas\MSBuild

2008-03-11 02:00 . 2008-03-11 02:00 <DIR> d-------- D:\Arquivos de programas\Microsoft Works

2008-03-11 01:58 . 2008-03-11 01:59 <DIR> d-------- D:\WINDOWS\SHELLNEW

2008-03-11 01:58 . 2008-03-11 01:58 <DIR> dr-h----- D:\MSOCache

2008-03-11 01:58 . 2008-03-11 02:01 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-11 01:54 . 2008-03-11 01:54 <DIR> d-------- D:\Arquivos de programas\K-Lite Codec Pack

2008-03-11 01:51 . 2008-03-14 11:58 716,272 --a------ D:\WINDOWS\system32\drivers\sptd.sys

2008-03-11 01:49 . 2008-03-11 01:49 268 --ah----- D:\sqmdata00.sqm

2008-03-11 01:49 . 2008-03-11 01:49 244 --ah----- D:\sqmnoopt00.sqm

2008-03-11 01:47 . 2008-03-11 01:47 <DIR> d-------- D:\Arquivos de programas\MSN Messenger

2008-03-11 01:41 . 2008-03-11 18:54 <DIR> d-------- D:\WINDOWS\system32\LogFiles

2008-03-11 01:41 . 2008-03-11 01:41 <DIR> d-------- D:\WINDOWS\system32\drivers\UMDF

2008-03-11 01:41 . 2008-03-11 01:41 <DIR> d-------- D:\Arquivos de programas\Windows Media Connect 2

2008-03-11 01:11 . 2008-03-11 01:12 <DIR> d-------- D:\WINDOWS\system32\pt-br

2008-03-11 01:07 . 2007-12-06 23:09 6,066,176 -----c--- D:\WINDOWS\system32\dllcache\ieframe.dll

2008-03-11 01:07 . 2007-07-01 00:31 2,455,488 -----c--- D:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-03-11 01:07 . 2007-07-01 00:36 1,024,000 -----c--- D:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-03-11 01:07 . 2007-12-06 23:09 459,264 -----c--- D:\WINDOWS\system32\dllcache\msfeeds.dll

2008-03-11 01:07 . 2007-12-06 23:09 383,488 -----c--- D:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-03-11 01:07 . 2007-12-06 23:09 267,776 -----c--- D:\WINDOWS\system32\dllcache\iertutil.dll

2008-03-11 01:07 . 2007-12-06 23:09 63,488 -----c--- D:\WINDOWS\system32\dllcache\icardie.dll

2008-03-11 01:07 . 2007-12-06 23:09 52,224 -----c--- D:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-03-11 01:07 . 2007-12-06 08:00 13,824 -----c--- D:\WINDOWS\system32\dllcache\ieudinit.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-11 02:59 --------- d-----w D:\Arquivos de programas\microsoft frontpage

2008-03-11 02:58 --------- d-----w D:\Arquivos de programas\Serviços on-line

2008-03-11 02:57 --------- d-----w D:\Arquivos de programas\Arquivos comuns\Serviços

2008-02-18 19:21 132,904 ----a-w D:\WINDOWS\system32\drivers\imagesrv.sys

2008-02-18 19:21 11,304 ----a-w D:\WINDOWS\system32\drivers\imagedrv.sys

2008-02-18 19:04 95,600 ----a-w D:\WINDOWS\system32\NeroCo.dll

2008-01-16 01:00 31,698 ----a-w D:\Arquivos de programas\nv4_disp.cat

2007-12-24 16:49 7,680 ----a-w D:\WINDOWS\system32\ff_vfw.dll

2007-12-10 17:24 35,321 ----a-w D:\Arquivos de programas\NvApps.xm_

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

"AlcoholAutomount"="D:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 04:23 221568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSysVol"="D:\Arquivos de programas\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]

"CTDVDDET"="D:\Arquivos de programas\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00 45056]

"CTHelper"="CTHELPER.EXE" [2003-10-06 03:57 24576 D:\WINDOWS\system32\CTHELPER.EXE]

"SBDrvDet"="D:\Arquivos de programas\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056]

"UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]

"type32"="D:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe" [2004-06-03 05:51 172032]

"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 D:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"GrooveMonitor"="D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"NWEReboot"="" []

"ccApp"="D:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2006-10-28 03:38 107112]

"osCheck"="D:\Arquivos de programas\Norton AntiVirus\osCheck.exe" [2006-09-05 23:22 26248]

"NSWosCheck"="D:\Arquivos de programas\Norton SystemWorks Premier\osCheck.exe" [2007-12-03 01:41 25472]

"Adobe Reader Speed Launcher"="D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"NeroFilterCheck"="D:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]

"NBKeyScan"="D:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=D:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

path=D:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk

backup=D:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"D:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"D:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"D:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"D:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

"D:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"D:\\Arquivos de programas\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"D:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"D:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"D:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"D:\\Arquivos de programas\\America's Army\\System\\ArmyOps.exe"=

"C:\\Emuladores\\Mame\\mame32k.exe"=

"D:\\Arquivos de programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

R2 PfDetNT;PfDetNT;D:\WINDOWS\system32\drivers\PfModNT.sys [2003-03-05 04:07]

S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e218e19-f755-11dc-a056-0019db64110d}]

\Shell\Auto\command - I:\msnmsgr_plus.exe

\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr_plus.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c1cf8e-f065-11dc-a041-0019db64110d}]

\Shell\Auto\command - Cn911.exe

\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-03-21 23:00:19 D:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Felipe & Davi.job"

- D:\ARQUIV~1\NORTON~2\Navw32.exel/TASK:

"2008-03-17 15:00:07 D:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"

- D:\Arquivos de programas\Norton SystemWorks Premier\OBC.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-23 10:36:52

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

D:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

D:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

D:\WINDOWS\system32\CTsvcCDA.exe

D:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

D:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\IoctlSvc.exe

D:\WINDOWS\system32\PnkBstrA.exe

D:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

D:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

.

**************************************************************************

.

Completion time: 2008-03-23 10:37:41 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-23 13:37:38

Compartilhar este post


Link para o post
Compartilhar em outros sites

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Monday, March 24, 2008 7:11:26 AM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 24/03/2008

Kaspersky Anti-Virus database records: 657071

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

Scan Statistics:

Total number of scanned objects: 51883

Number of viruses found: 2

Number of infected objects: 6

Number of suspicious objects: 0

Duration of the scan process: 00:39:16

Infected Object Name / Virus Name / Last Action

C:\Aplicativos\daemon4121-lite.exe/stream/data0050 Infected: not-a-virus:AdWare.Win32.Shopper.r skipped

C:\Aplicativos\daemon4121-lite.exe/stream Infected: not-a-virus:AdWare.Win32.Shopper.r skipped

C:\Aplicativos\daemon4121-lite.exe NSIS: infected - 2 skipped

C:\Downloads\Nero 8 Ultra Edition v8.3.2.1 [Multilanguage].rar/Nero 8 Ultra Edition V8.3.2.1 [Multilanguage].exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\Downloads\Nero 8 Ultra Edition v8.3.2.1 [Multilanguage].rar/Nero 8 Ultra Edition V8.3.2.1 [Multilanguage].exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\Downloads\Nero 8 Ultra Edition v8.3.2.1 [Multilanguage].rar RAR: infected - 2 skipped

C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{B2DB5D19-E657-4961-AF29-97766B7A14E2}\RP3\change.log Object is locked skipped

D:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080323-103655.log Object is locked skipped

D:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

D:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

D:\Arquivos de programas\Arquivos comuns\Symantec Shared\NFWEVT.LOG Object is locked skipped

D:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDALRT.log Object is locked skipped

D:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDCON.log Object is locked skipped

D:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDDBG.log Object is locked skipped

D:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDFW.log Object is locked skipped

D:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDIDS.log Object is locked skipped

D:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSYS.log Object is locked skipped

D:\Arquivos de programas\Nero\Nero8\Nero BackItUp\BIU2.txt Object is locked skipped

D:\Arquivos de programas\Norton AntiVirus\AVApp.log Object is locked skipped

D:\Arquivos de programas\Norton AntiVirus\AVError.log Object is locked skipped

D:\Arquivos de programas\Norton AntiVirus\AVVirus.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Common Client\settings.dat Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\LiveUpdate\2008-03-24_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Shared\QBackup\index.qbs Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SPBBC\BBConfig.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SPBBC\BBDebug.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SPBBC\BBDetect.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SPBBC\BBNotify.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SPBBC\BBRefr.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SPBBC\BBSetDev.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SPBBC\BBStHash.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SPBBC\BBValid.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SPBBC\SPPolicy.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SPBBC\SPStart.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SPBBC\SPStop.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SRTSP\SrtETmp\49B52CD6.TMP Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SRTSP\SrtETmp\E9033DE1.TMP Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

D:\Documents and Settings\All Users\Dados de aplicativos\Symantec\SubEng\submissions.idx Object is locked skipped

D:\Documents and Settings\Felipe & Davi\Configurações locais\Dados de aplicativos\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped

D:\Documents and Settings\Felipe & Davi\Configurações locais\Dados de aplicativos\Adobe\Updater5\aumLib.log Object is locked skipped

D:\Documents and Settings\Felipe & Davi\Configurações locais\Dados de aplicativos\Microsoft\Feeds Cache\index.dat Object is locked skipped

D:\Documents and Settings\Felipe & Davi\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

D:\Documents and Settings\Felipe & Davi\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

D:\Documents and Settings\Felipe & Davi\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

D:\Documents and Settings\Felipe & Davi\Configurações locais\Histórico\History.IE5\MSHist012008032420080325\index.dat Object is locked skipped

D:\Documents and Settings\Felipe & Davi\Configurações locais\Temp\~DF277A.tmp Object is locked skipped

D:\Documents and Settings\Felipe & Davi\Configurações locais\Temp\~DF278C.tmp Object is locked skipped

D:\Documents and Settings\Felipe & Davi\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

D:\Documents and Settings\Felipe & Davi\Cookies\index.dat Object is locked skipped

D:\Documents and Settings\Felipe & Davi\NTUSER.DAT Object is locked skipped

D:\Documents and Settings\Felipe & Davi\ntuser.dat.LOG Object is locked skipped

D:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

D:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

D:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

D:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

D:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

D:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

D:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

D:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

D:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

D:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{B2DB5D19-E657-4961-AF29-97766B7A14E2}\RP3\change.log Object is locked skipped

D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

D:\WINDOWS\SchedLgU.Txt Object is locked skipped

D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

D:\WINDOWS\system32\config\default Object is locked skipped

D:\WINDOWS\system32\config\default.LOG Object is locked skipped

D:\WINDOWS\system32\config\Internet.evt Object is locked skipped

D:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

D:\WINDOWS\system32\config\OSession.evt Object is locked skipped

D:\WINDOWS\system32\config\SAM Object is locked skipped

D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

D:\WINDOWS\system32\config\SECURITY Object is locked skipped

D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

D:\WINDOWS\system32\config\software Object is locked skipped

D:\WINDOWS\system32\config\software.LOG Object is locked skipped

D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

D:\WINDOWS\system32\config\system Object is locked skipped

D:\WINDOWS\system32\config\system.LOG Object is locked skipped

D:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

D:\WINDOWS\system32\h323log.txt Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

D:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\WINDOWS\{00000005-00000000-00000000-00001102-00000004-20021102}.CDF Object is locked skipped

Scan process completed.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Apague o arquivo em destaque:

C:\Aplicativos\daemon4121-lite.exe

- No mais, o log está limpo :)

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×