Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
negohedley

Ajuda, tmp.exe,análise do log via Gmer e RSIT

Recommended Posts

Então pessoal, tô com um problema aqui com um tal de "tmp.exe" que abre uma janela do DOS e fica jogando o cursor pra todo lado, estranhei, porque antes ele dava uma mensagem que o "Sub-sistema DOS 16 bits, encontrou uma instrução proibida", mais ou menos isso. Segue o log seguindo o tutorial para postar algo nessa seção:

Logfile of random's system information tool 1.04 (written by random/random)

Run by Administrador at 2008-11-14 01:33:48

Microsoft Windows XP Professional Service Pack 2

System drive C: has 22 GB (16%) free of 140 GB

Total RAM: 1790 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:33:53, on 14/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\LG Software\IP Operator\IP Operator.exe

C:\Arquivos de programas\LG Software\On Screen Display\HotKey.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\LG Software\Status Indicator\SITray.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\LG Software\Battery Miser\batterymiser.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Administrador\Desktop\Hedley\Gmer\gmer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\Administrador\Desktop\Hedley\RSIT.exe

C:\Arquivos de programas\trend micro\Administrador.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [iPO3] "C:\Arquivos de programas\LG Software\IP Operator\IP Operator.exe" -aUtOsTaRtFrOmReG

O4 - HKLM\..\Run: [KeybdUtility] "C:\Arquivos de programas\LG Software\On Screen Display\HotKey.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [LGSI] "C:\Arquivos de programas\LG Software\Status Indicator\SITray.exe"

O4 - HKLM\..\Run: [synTPEnh] "C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [batterymiser] "C:\Arquivos de programas\LG Software\Battery Miser\batterymiser.exe"

O4 - HKLM\..\Run: [updateSys] c:\windows\system32\regedit32.exe

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updRegistry] c:\windows\system32\regedit32.exe

O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_S93.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205260456187

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221080905359

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F38B6ED3-B625-4C00-9B37-EC5D0EF58B20}: NameServer = 200.165.132.155 200.149.55.140

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Start BT in service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 11151 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-05 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]

EpsonToolBandKicker Class - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IPO3"=C:\Arquivos de programas\LG Software\IP Operator\IP Operator.exe [2007-02-16 1028096]

"KeybdUtility"=C:\Arquivos de programas\LG Software\On Screen Display\HotKey.exe [2007-04-10 2691072]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"LGSI"=C:\Arquivos de programas\LG Software\Status Indicator\SITray.exe [2006-07-10 53248]

"SynTPEnh"=C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe [2007-06-21 815104]

"batterymiser"=C:\Arquivos de programas\LG Software\Battery Miser\batterymiser.exe [2007-02-23 327680]

"UpdateSys"=c:\windows\system32\regedit32.exe [2008-06-17 45056]

"StartCCC"=C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]

"AppleSyncNotifier"=C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]

"QuickTime Task"=C:\Arquivos de programas\QuickTime\QTTask.exe [2008-09-06 413696]

"iTunesHelper"=C:\Arquivos de programas\iTunes\iTunesHelper.exe [2008-10-01 289576]

"avgnt"=C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"ISTray"=C:\Arquivos de programas\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

"ZoneAlarm Client"=C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe [2008-08-21 981904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

"UpdRegistry"=c:\windows\system32\regedit32.exe [2008-06-17 45056]

"EPSON Stylus CX5600 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE [2007-03-01 180736]

"DAEMON Tools Lite"=C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [2008-02-13 486856]

"SUPERAntiSpyware"=C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-07 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

C:\Arquivos de programas\Alcohol Soft\Alcohol 52\axcmd.exe [2008-03-20 216520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [2008-02-13 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Personal Firewall]

C:\Arquivos de programas\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Arquivos de programas\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe [2008-06-19 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Arquivos de programas\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

C:\Arquivos de programas\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL [2008-11-07 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2008-06-03 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"=C:\WINDOWS\system32\bmpsap.dll [2007-02-23 114688]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [2008-11-07 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"

"C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Arquivos de programas\DreMule\emule.exe"="C:\Arquivos de programas\DreMule\emule.exe:*:Enabled:Dreamule"

"C:\Arquivos de programas\Wolfenstein - Enemy Territory\ET.exe"="C:\Arquivos de programas\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe"="C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Arquivos de programas\Windows Media Player\wmplayer.exe"="C:\Arquivos de programas\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"

"C:\Documents and Settings\Administrador\Desktop\SXadrez.exe"="C:\Documents and Settings\Administrador\Desktop\SXadrez.exe:*:Enabled:SXadrez"

"C:\Arquivos de programas\Real\RealPlayer\realplay.exe"="C:\Arquivos de programas\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

"C:\Documents and Settings\Administrador\Desktop\Hedley\Jogos\rFactor\rFactor\rFactor.exe"="C:\Documents and Settings\Administrador\Desktop\Hedley\Jogos\rFactor\rFactor\rFactor.exe:*:Enabled:rFactor"

"C:\Arquivos de programas\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"="C:\Arquivos de programas\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:*:Enabled:iolo Firewall®"

"C:\Arquivos de programas\TVUPlayer\TVUPlayer.exe"="C:\Arquivos de programas\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo"

"C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Arquivos de programas\iTunes\iTunes.exe"="C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{611d0073-1c70-11dd-9bb0-00030d000001}]

shell\Auto\command - F:\program.exe e

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

======List of files/folders created in the last 1 months======

2008-11-14 01:33:16 ----D---- C:\Arquivos de programas\trend micro

2008-11-14 01:33:15 ----D---- C:\rsit

2008-11-14 01:08:39 ----A---- C:\WINDOWS\gmer.ini

2008-11-14 01:08:37 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-14 01:08:37 ----A---- C:\WINDOWS\gmer.exe

2008-11-14 01:08:37 ----A---- C:\WINDOWS\gmer.dll

2008-11-14 00:30:31 ----D---- C:\DVDVideoSoft

2008-11-14 00:30:03 ----D---- C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

2008-11-14 00:30:02 ----D---- C:\Arquivos de programas\DVDVideoSoft

2008-11-13 22:07:47 ----A---- C:\WINDOWS\system32\vsregexp.dll

2008-11-13 22:07:43 ----A---- C:\WINDOWS\system32\zlcommdb.dll

2008-11-13 22:07:43 ----A---- C:\WINDOWS\system32\zlcomm.dll

2008-11-13 22:07:38 ----A---- C:\WINDOWS\system32\vswmi.dll

2008-11-13 22:07:37 ----A---- C:\WINDOWS\system32\zpeng25.dll

2008-11-13 22:07:37 ----A---- C:\WINDOWS\system32\vsxml.dll

2008-11-13 22:07:36 ----D---- C:\WINDOWS\system32\ZoneLabs

2008-11-13 22:07:35 ----A---- C:\WINDOWS\system32\vspubapi.dll

2008-11-13 22:07:35 ----A---- C:\WINDOWS\system32\vsmonapi.dll

2008-11-13 22:06:55 ----A---- C:\WINDOWS\system32\vsutil.dll

2008-11-13 22:06:55 ----A---- C:\WINDOWS\system32\vsinit.dll

2008-11-13 22:06:55 ----A---- C:\WINDOWS\system32\vsdata.dll

2008-11-13 21:53:06 ----D---- C:\Arquivos de programas\Zone Labs

2008-11-13 21:53:02 ----D---- C:\WINDOWS\Internet Logs

2008-11-13 21:23:56 ----D---- C:\!KillBox

2008-11-13 21:22:01 ----A---- C:\HijackThis.exe

2008-11-07 18:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2008-11-07 18:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-11-07 18:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-11-07 18:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-11-07 18:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2008-11-07 18:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-11-07 17:55:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

2008-11-07 17:48:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$

2008-11-07 17:47:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2008-11-07 17:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$

2008-11-07 17:47:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2008-11-07 17:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2008-11-07 17:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2008-11-07 17:43:51 ----D---- C:\WINDOWS\SQL9_KB948109_ENU

2008-11-07 17:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$

2008-11-07 13:48:51 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2008-11-07 13:48:47 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com

2008-11-07 13:48:47 ----D---- C:\Arquivos de programas\SUPERAntiSpyware

2008-11-07 13:23:11 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\uniblue

2008-11-07 13:22:29 ----D---- C:\Arquivos de programas\Uniblue

2008-11-07 13:20:10 ----D---- C:\Arquivos de programas\Arquivos comuns\PC Tools

2008-11-07 13:09:50 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\PC Tools

2008-11-07 13:09:50 ----D---- C:\Arquivos de programas\Spyware Doctor

2008-11-07 13:00:38 ----A---- C:\WINDOWS\system32\config.nt.bak

2008-11-07 13:00:38 ----A---- C:\WINDOWS\system32\command.com.bak

2008-11-07 13:00:38 ----A---- C:\WINDOWS\system32\autoexec.nt.bak

2008-11-03 15:08:07 ----D---- C:\Arquivos de programas\Adobe

2008-10-30 15:11:11 ----D---- C:\Arquivos de programas\aMSN

2008-10-26 15:33:44 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-10-26 15:33:44 ----D---- C:\Arquivos de programas\Avira

2008-10-26 14:58:05 ----D---- C:\Arquivos de programas\Kaspersky Lab

2008-10-25 10:10:54 ----D---- C:\Arquivos de programas\Microsoft Games

2008-10-23 11:16:17 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Google

2008-10-23 11:15:54 ----D---- C:\Arquivos de programas\Google

2008-10-20 20:50:17 ----A---- C:\WINDOWS\cdplayer.ini

2008-10-18 22:23:34 ----D---- C:\Arquivos de programas\iPod

2008-10-18 22:23:32 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-18 22:23:32 ----D---- C:\Arquivos de programas\iTunes

2008-10-18 22:22:59 ----D---- C:\Arquivos de programas\Bonjour

2008-10-18 22:22:20 ----D---- C:\Arquivos de programas\QuickTime

2008-10-18 22:21:28 ----D---- C:\Arquivos de programas\Apple Software Update

2008-10-18 22:03:29 ----A---- C:\WINDOWS\system32\ptpusb.dll

2008-10-18 22:03:28 ----A---- C:\WINDOWS\system32\ptpusd.dll

2008-10-17 13:15:42 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

2008-10-17 13:15:37 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe

======List of files/folders modified in the last 1 months======

2008-11-14 01:33:49 ----DC---- C:\Temp

2008-11-14 01:33:16 ----D---- C:\Arquivos de programas

2008-11-14 01:08:39 ----D---- C:\WINDOWS

2008-11-14 01:08:37 ----D---- C:\WINDOWS\system32\drivers

2008-11-14 01:05:23 ----A---- C:\WINDOWS\NeroDigital.ini

2008-11-14 00:30:09 ----D---- C:\WINDOWS\Prefetch

2008-11-14 00:30:03 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-11-14 00:19:28 ----D---- C:\Arquivos de programas\DreMule

2008-11-14 00:14:40 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

2008-11-13 22:40:13 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-11-13 22:30:16 ----D---- C:\WINDOWS\Temp

2008-11-13 22:17:55 ----D---- C:\Arquivos de programas\Mozilla Firefox

2008-11-13 22:14:21 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-13 22:07:53 ----D---- C:\WINDOWS\system32

2008-11-13 22:06:55 ----SHD---- C:\WINDOWS\Installer

2008-11-13 22:06:55 ----SHD---- C:\Config.Msi

2008-11-13 18:32:30 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

2008-11-11 18:34:40 ----HD---- C:\WINDOWS\inf

2008-11-11 18:34:39 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-09 15:36:26 ----D---- C:\WINDOWS\Microsoft.NET

2008-11-08 22:57:10 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-08 22:57:10 ----D---- C:\Arquivos de programas\Microsoft Silverlight

2008-11-08 22:57:10 ----D---- C:\Arquivos de programas\Internet Explorer

2008-11-07 18:04:07 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-07 18:03:48 ----A---- C:\WINDOWS\imsins.BAK

2008-11-07 18:01:45 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-11-07 17:57:46 ----D---- C:\WINDOWS\system32\CatRoot

2008-11-07 17:53:36 ----RSD---- C:\WINDOWS\assembly

2008-11-07 17:48:26 ----D---- C:\WINDOWS\WinSxS

2008-11-07 17:44:19 ----D---- C:\Arquivos de programas\Microsoft SQL Server

2008-11-07 17:43:28 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$

2008-11-07 17:42:44 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$

2008-11-07 17:41:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2008-11-07 17:40:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$

2008-11-07 17:40:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2008-11-07 17:40:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2008-11-07 17:40:00 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$

2008-11-07 17:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$

2008-11-07 17:37:10 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$

2008-11-07 17:35:44 ----D---- C:\Arquivos de programas\Outlook Express

2008-11-07 17:35:44 ----D---- C:\Arquivos de programas\Arquivos comuns\System

2008-11-07 15:24:57 ----D---- C:\Arquivos de programas\UltraVNC

2008-11-07 15:24:46 ----D---- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-11-07 15:20:01 ----D---- C:\Arquivos de programas\Super_DVD_Creator_9.8

2008-11-07 15:19:31 ----D---- C:\Arquivos de programas\NCH Swift Sound

2008-11-07 15:17:29 ----SD---- C:\WINDOWS\Tasks

2008-11-07 14:01:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-10-26 21:53:07 ----D---- C:\Arquivos de programas\Wolfenstein - Enemy Territory

2008-10-26 15:05:47 ----D---- C:\WINDOWS\Minidump

2008-10-26 14:50:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-10-26 13:55:34 ----D---- C:\Arquivos de programas\MSXML 4.0

2008-10-25 10:17:50 ----D---- C:\WINDOWS\system32\DirectX

2008-10-25 10:06:30 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2008-10-23 11:20:03 ----A---- C:\WINDOWS\system32\BASSMOD.dll

2008-10-20 21:18:08 ----D---- C:\WINDOWS\system32\config

2008-10-20 20:50:46 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Skype

2008-10-20 20:27:41 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\skypePM

2008-10-19 14:32:21 ----D---- C:\DVDTemp

2008-10-18 23:00:33 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

2008-10-18 22:23:48 ----DC---- C:\WINDOWS\system32\DRVSTORE

2008-10-18 22:22:22 ----D---- C:\Arquivos de programas\Arquivos comuns\Apple

2008-10-17 13:18:43 ----A---- C:\WINDOWS\NetwkCfg.txt

2008-10-17 13:16:23 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Adobe

2008-10-15 13:59:29 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-10 75072]

R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]

R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40192]

R1 Ndisipo;NDIS Protocol Driver for IPO3; C:\WINDOWS\system32\DRIVERS\ndisipo.sys [2005-07-20 15232]

R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []

R1 SASDIFSV;SASDIFSV; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys []

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-08-21 353680]

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]

R1 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]

R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-04-03 1333152]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-14 2455040]

R3 avgntflt;avgntflt; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-05-23 16272]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-28 9600]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]

R3 lgsnd_filter;lgsnd_filter; C:\WINDOWS\system32\drivers\lgsnd_filter.sys [2005-12-14 7552]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-07-21 47360]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-28 5888]

R3 SASENUM;SASENUM; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASENUM.SYS []

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-06-21 201792]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]

R3 usbvideo;Dispositivo de vídeo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]

R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]

R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]

R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-07-30 264832]

S3 ajzvwuz4;ajzvwuz4; C:\WINDOWS\system32\drivers\ajzvwuz4.sys []

S3 akf73s2w;akf73s2w; C:\WINDOWS\system32\drivers\akf73s2w.sys []

S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-11-15 528096]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 giveio;giveio; \??\C:\WINDOWS\giveio.sys []

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-14 85969]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]

S3 lgodd_filter;lgodd_filter; C:\WINDOWS\system32\drivers\lgodd_filter.sys []

S3 LGPCETH;LGPCETH; \??\C:\Arquivos de programas\LG Software\Status Indicator\LGPCETH.sys []

S3 LGPCNDIS;LGPCNDIS; \??\C:\Arquivos de programas\LG Software\Status Indicator\LGPCNDIS.sys []

S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]

S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]

S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]

S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-20 23680]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 npkcrypt;npkcrypt; \??\C:\Arquivos de programas\Lineage II\system\npkcrypt.sys []

S3 Profos;Profos; \??\C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Threat Scanner\profos.sys []

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 Trufos;Trufos; \??\C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Threat Scanner\trufos.sys []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-26 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-26 151297]

R2 Apple Mobile Device;Dispositivo Celular da Apple; C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-14 483328]

R2 Bonjour Service;Bonjour Service; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-11 66872]

R2 sdAuxService;PC Tools Auxiliary Service; C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]

R2 sdCoreService;PC Tools Security Service; C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]

R2 SQLWriter;Escritor VSS do SQL Server; c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]

R2 StarWindServiceAE;StarWind AE Service; C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]

R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-08-21 2405776]

R3 iPod Service;iPod Service; C:\Arquivos de programas\iPod\bin\iPodService.exe [2008-10-01 536872]

R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920]

S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Start BT in service;Start BT in service; C:\Arquivos de programas\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-05-29 52080]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Serviço de Partilha de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

S4 MSSQLServerADHelper;Auxiliar do SQL Server Active Directory; c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Arquivos de programas\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]

S4 NetTcpPortSharing;Serviço de Compartilhamento de Porta Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 SQLBrowser;Navegador do SQL Server; c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------

Editado por negohedley

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara, eu to tentando postar o novo log em um novo topico mas dá esse erro:

Fatal error: Maximum execution time of 30 seconds exceeded in /www/forum/includes/functions.php on line 1745

já tentei postar umas 15 vezes, mas sempre da isso.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, tente este:

Faça o download de DDS e salve no desktop.

  • Temporariamente desative os seus programas de proteção.
  • Duplo clique em dds.scr.
  • Quando terminar, o DDS.txt irá abrir.
  • Salve os resultados e cole-os na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

DDS (Version 1.0) - NTFSx86

Run by Administrador at 19:12:31,89 on 19/11/2008

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1790.996 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\LG Software\IP Operator\IP Operator.exe

C:\Arquivos de programas\LG Software\On Screen Display\HotKey.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\LG Software\Status Indicator\SITray.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\LG Software\Battery Miser\batterymiser.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\windows\system32\regedit32.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Documents and Settings\Administrador\Desktop\Hedley\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.yahoo.com.br/

mWinlogon: UIHost=c:\documents and settings\all users\dados de aplicativos\tuneup software\tuneup utilities\winstyler\tu_logonui.exe

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\arquivos de programas\real\realplayer\rpbrowserrecordplugin.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_01\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\arquivos de programas\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\arquivos de programas\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\arquivos de programas\epson\epson web-to-page\EPSON Web-To-Page.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [updRegistry] c:\windows\system32\regedit32.exe

uRun: [EPSON Stylus CX5600 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatical.exe /fu "c:\windows\temp\E_S93.tmp" /EF "HKCU"

uRun: [DAEMON Tools Lite] "c:\arquivos de programas\daemon tools lite\daemon.exe" -autorun

uRun: [sUPERAntiSpyware] c:\arquivos de programas\superantispyware\SUPERAntiSpyware.exe

mRun: [iPO3] "c:\arquivos de programas\lg software\ip operator\IP Operator.exe" -aUtOsTaRtFrOmReG

mRun: [KeybdUtility] "c:\arquivos de programas\lg software\on screen display\HotKey.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [LGSI] "c:\arquivos de programas\lg software\status indicator\SITray.exe"

mRun: [synTPEnh] "c:\arquivos de programas\synaptics\syntp\SynTPEnh.exe"

mRun: [batterymiser] "c:\arquivos de programas\lg software\battery miser\batterymiser.exe"

mRun: [updateSys] c:\windows\system32\regedit32.exe

mRun: [startCCC] "c:\arquivos de programas\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [AppleSyncNotifier] c:\arquivos de programas\arquivos comuns\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\arquivos de programas\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\arquivos de programas\avira\antivir personaledition classic\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [iSTray] "c:\arquivos de programas\spyware doctor\pctsTray.exe"

mRun: [ZoneAlarm Client] "c:\arquivos de programas\zone labs\zonealarm\zlclient.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_01\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\PCTLsp.dll

TCP: {F38B6ED3-B625-4C00-9B37-EC5D0EF58B20} = 200.165.132.155 200.149.55.140

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\arquivos de programas\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {26F5978F-6493-4ee3-B114-C0C3ACCF9D4D} - c:\windows\system32\bmpsap.dll

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\arquivos de programas\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-11-7 160792]

S3 lgodd_filter;lgodd_filter;c:\windows\system32\drivers\lgodd_filter.sys []

S3 LGPCETH;LGPCETH;\??\c:\arquivos de programas\lg software\status indicator\LGPCETH.sys [2006-6-22 9216]

S3 LGPCNDIS;LGPCNDIS;\??\c:\arquivos de programas\lg software\status indicator\LGPCNDIS.sys [2006-6-22 9216]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-5 18176]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-5 7680]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-6-24 42112]

S3 Start BT in service;Start BT in service;c:\arquivos de programas\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-5-29 52080]

=============== Created Last 30 ================

2008-11-19 19:12 <DIR> -cd----- c:\temp\RarSFX0

2008-11-19 15:55 <DIR> -cd----- c:\temp\plugtmp-1

2008-11-19 15:47 <DIR> -cd----- c:\temp\WPDNSE

2008-11-18 18:02 <DIR> -cd----- c:\temp\Adobe

2008-11-18 13:14 7,464 ac------ c:\temp\tmp.exe

2008-11-17 15:50 <DIR> --d----- C:\atheros_AR242x

2008-11-14 13:27 <DIR> -cd----- c:\temp\plugtmp

2008-11-14 01:33 <DIR> --d----- c:\arquivos de programas\trend micro

2008-11-14 01:08 250 a------- c:\windows\gmer.ini

2008-11-14 01:03 244 a---h--- C:\sqmnoopt10.sqm

2008-11-14 01:03 232 a---h--- C:\sqmdata10.sqm

2008-11-14 00:30 <DIR> --d----- C:\DVDVideoSoft

2008-11-14 00:30 <DIR> --d----- c:\arquivos de programas\arquivos comuns\DVDVideoSoft

2008-11-14 00:30 <DIR> --d----- c:\arquivos de programas\DVDVideoSoft

2008-11-14 00:27 <DIR> -cd----- c:\temp\mProjector1658900338

2008-11-13 22:07 4,212 a---h--- c:\windows\system32\zllictbl.dat

2008-11-13 22:07 1,221,008 a------- c:\windows\system32\zpeng25.dll

2008-11-13 22:07 <DIR> --d----- c:\windows\system32\ZoneLabs

2008-11-13 22:07 348,371 a------- c:\windows\system32\vsconfig.xml

2008-11-13 22:06 <DIR> -cd----- c:\temp\111308220650

2008-11-13 21:55 <DIR> -cd----- c:\temp\111308215519

2008-11-13 21:53 <DIR> --d----- c:\arquivos de programas\Zone Labs

2008-11-13 21:53 <DIR> -cd----- c:\temp\111308215302

2008-11-13 21:53 <DIR> --d----- c:\windows\Internet Logs

2008-11-13 21:53 <DIR> -cd----- c:\temp\111308215301

2008-11-13 21:23 <DIR> --d----- C:\!KillBox

2008-11-13 21:22 218,112 a------- C:\HijackThis.exe

2008-11-07 18:06 <DIR> -cd----- c:\temp\WER195c.dir00

2008-11-07 17:43 <DIR> --d----- c:\windows\SQL9_KB948109_ENU

2008-11-07 16:27 272,384 -c------ c:\windows\system32\dllcache\bthport.sys

2008-11-07 16:27 272,384 -------- c:\windows\system32\drivers\bthport.sys

2008-11-07 15:18 900,432 ac------ c:\temp\MsgPlusUninstall.exe

2008-11-07 15:17 569,348 ac------ c:\temp\uninst.exe

2008-11-07 14:33 160,792 a------- c:\windows\system32\drivers\pctfw2.sys

2008-11-07 14:01 <DIR> --d----- c:\documents and settings\administrador\amsn

2008-11-07 13:51 158,960 ac------ c:\temp\SSUPDATE.EXE

2008-11-07 13:48 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\SUPERAntiSpyware.com

2008-11-07 13:48 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\SUPERAntiSpyware.com

2008-11-07 13:48 <DIR> --d----- c:\arquivos de programas\SUPERAntiSpyware

2008-11-07 13:23 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\uniblue

2008-11-07 13:22 <DIR> --d----- c:\arquivos de programas\Uniblue

2008-11-07 13:21 <DIR> -cd----- c:\temp\mia5C.tmp

2008-11-07 13:20 <DIR> --d----- c:\arquivos de programas\arquivos comuns\PC Tools

2008-11-07 13:19 <DIR> -cd----- c:\temp\is-64BRN.tmp

2008-11-07 13:10 81,288 a------- c:\windows\system32\drivers\iksyssec.sys

2008-11-07 13:10 66,952 a------- c:\windows\system32\drivers\iksysflt.sys

2008-11-07 13:10 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys

2008-11-07 13:10 29,576 a------- c:\windows\system32\drivers\kcom.sys

2008-11-07 13:09 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\PC Tools

2008-11-07 13:09 <DIR> --d----- c:\arquivos de programas\Spyware Doctor

2008-11-07 13:00 52,472 a------- c:\windows\system32\command.com.bak

2008-11-07 13:00 2,969 a------- c:\windows\system32\config.nt.bak

2008-11-07 13:00 515 a------- c:\windows\system32\autoexec.nt.bak

2008-11-03 20:14 <DIR> --d----- c:\documents and settings\administrador\.nbi

2008-11-03 15:32 <DIR> --d----- c:\documents and settings\administrador\.SunDownloadManager

2008-10-30 15:11 <DIR> --d----- c:\arquivos de programas\aMSN

2008-10-26 15:33 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Avira

2008-10-26 15:33 <DIR> --d----- c:\arquivos de programas\Avira

2008-10-26 14:58 <DIR> --d----- c:\arquivos de programas\Kaspersky Lab

2008-10-25 10:10 <DIR> --d----- c:\arquivos de programas\Microsoft Games

2008-10-20 20:50 50 a------- c:\windows\cdplayer.ini

==================== Find3M ====================

2008-11-18 18:48 202,536 a------- c:\windows\system32\PnkBstrB.exe

2008-11-14 14:23 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\uTorrent

2008-11-14 00:19 <DIR> --d----- c:\arquivos de programas\DreMule

2008-11-07 17:44 <DIR> --d----- c:\arquivos de programas\Microsoft SQL Server

2008-11-07 15:24 <DIR> --d----- c:\arquivos de programas\UltraVNC

2008-11-07 15:24 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Wise Installation Wizard

2008-11-07 15:20 <DIR> --d----- c:\arquivos de programas\Super_DVD_Creator_9.8

2008-11-07 15:19 <DIR> --d----- c:\arquivos de programas\NCH Swift Sound

2008-11-07 14:01 649,862 a------- c:\windows\system32\perfh016.dat

2008-11-07 14:01 171,158 a------- c:\windows\system32\perfc016.dat

2008-10-26 21:53 <DIR> --d----- c:\arquivos de programas\Wolfenstein - Enemy Territory

2008-10-26 14:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

2008-10-26 13:55 <DIR> --d----- c:\arquivos de programas\MSXML 4.0

2008-10-18 22:23 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-18 22:23 <DIR> --d----- c:\arquivos de programas\iTunes

2008-10-18 22:23 <DIR> --d----- c:\arquivos de programas\iPod

2008-10-18 22:22 <DIR> --d----- c:\arquivos de programas\Bonjour

2008-10-18 22:22 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Apple

2008-10-12 20:06 <DIR> --d----- c:\arquivos de programas\FLV Player

2008-10-10 22:42 107,888 a------- c:\windows\system32\CmdLineExt.dll

2008-10-10 11:21 <DIR> --d----- c:\arquivos de programas\SopCast

2008-10-07 18:55 <DIR> --d----- c:\arquivos de programas\Sony

2008-10-07 17:05 <DIR> --d----- c:\arquivos de programas\Programas RFB

2008-10-06 21:15 <DIR> --d----- c:\arquivos de programas\MSDN

2008-10-06 21:08 <DIR> --d----- c:\arquivos de programas\Microsoft Visual Studio 9.0

2008-10-06 21:08 <DIR> --d----- c:\arquivos de programas\Business Objects

2008-10-06 21:07 <DIR> --d----- c:\arquivos de programas\Microsoft Device Emulator

2008-10-06 21:07 <DIR> --d----- c:\arquivos de programas\Windows Mobile 5.0 SDK R2

2008-10-06 21:00 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Merge Modules

2008-10-06 21:00 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PreEmptive Solutions

2008-10-06 20:57 <DIR> --d----- c:\arquivos de programas\HTML Help Workshop

2008-10-06 20:55 <DIR> --d----- c:\arquivos de programas\CE Remote Tools

2008-10-06 20:54 <DIR> --d----- c:\arquivos de programas\Microsoft Web Designer Tools

2008-10-06 18:28 <DIR> --d----- c:\arquivos de programas\StarUML

2008-10-03 11:01 2,279,424 a------- c:\windows\system32\TUKernel.exe

2008-10-02 14:15 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\TuneUp Software

2008-10-02 14:15 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\TuneUp Software

2008-09-26 21:07 103,201 a------- c:\windows\hpoins08.dat

2008-09-26 21:06 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Hewlett-Packard

2008-09-26 21:03 <DIR> --d----- c:\arquivos de programas\HP

2008-09-15 12:40 1,846,144 a------- c:\windows\system32\win32k.sys

2008-09-13 10:55 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\EPSON

2008-09-05 15:49 499,712 a------- c:\windows\system32\msvcp71.dll

2008-09-05 15:49 348,160 a------- c:\windows\system32\msvcr71.dll

2008-08-29 09:18 87,336 a------- c:\windows\system32\dns-sd.exe

2008-08-29 08:53 61,440 a------- c:\windows\system32\dnssd.dll

2008-08-26 05:11 826,368 a------- c:\windows\system32\wininet.dll

2008-08-10 23:36 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\BlackBean

2008-08-02 12:09 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Nero

2008-07-29 21:33 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\WordPod

2008-07-25 22:32 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Vso

2008-07-21 10:56 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\vsosdk

2008-07-14 12:07 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\ESET

2008-07-14 11:11 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Comodo

2008-07-14 11:11 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Comodo

2008-07-02 23:10 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\ATI

2008-06-29 20:37 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2008-06-18 15:57 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PC Tools

2008-06-17 19:10 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2008-06-16 11:30 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Codemasters

2008-06-03 11:13 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Hide IP NG

2008-05-17 12:53 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\NCH Swift Sound

2008-05-17 12:53 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\NCH Swift Sound

2008-05-09 12:27 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Publish Providers

2008-05-09 12:27 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Sony

2008-04-25 23:54 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\TVU Networks

2008-04-25 23:54 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\TVU Networks

2008-04-22 12:20 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Key Metric Software

2008-04-22 12:16 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\iolo

2008-04-19 14:24 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Ahead

2008-04-19 13:57 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\iolo

2008-04-14 16:37 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Any Video Converter

2008-03-17 22:42 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Dev-Cpp

2008-03-11 16:52 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\DAEMON Tools

2008-03-11 15:44 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Atheros

2008-03-11 15:21 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\TMP

2008-06-17 19:31 45,056 ---shr-- c:\windows\system32\regedit32.exe

2008-08-11 15:30 16,384 a--sh--- c:\windows\temp\cookies\index.dat

2008-08-11 15:30 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat

2008-08-11 15:30 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 19:13:26,00 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes' Anti-Malware 1.30

Versão do banco de dados: 1413

Windows 5.1.2600 Service Pack 2

20/11/2008 12:15:44

mbam-log-2008-11-20 (12-15-44).txt

Tipo de Verificação: Rápida

Objetos verificados: 62115

Tempo decorrido: 7 minute(s), 36 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 1

Arquivos infectados: 3

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

C:\Arquivos de programas\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Arquivos infectados:

C:\Arquivos de programas\MicroAV\MicroAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MicroAV\MicroAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MicroAV\MicroAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Logfile of HijackThis v1.99.1

Scan saved at 12:17:26, on 20/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\LG Software\IP Operator\IP Operator.exe

C:\Arquivos de programas\LG Software\On Screen Display\HotKey.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\LG Software\Status Indicator\SITray.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\LG Software\Battery Miser\batterymiser.exe

C:\windows\system32\regedit32.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrador\Desktop\Hedley\Gmer\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [iPO3] "C:\Arquivos de programas\LG Software\IP Operator\IP Operator.exe" -aUtOsTaRtFrOmReG

O4 - HKLM\..\Run: [KeybdUtility] "C:\Arquivos de programas\LG Software\On Screen Display\HotKey.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [LGSI] "C:\Arquivos de programas\LG Software\Status Indicator\SITray.exe"

O4 - HKLM\..\Run: [synTPEnh] "C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [batterymiser] "C:\Arquivos de programas\LG Software\Battery Miser\batterymiser.exe"

O4 - HKLM\..\Run: [updateSys] c:\windows\system32\regedit32.exe

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updRegistry] c:\windows\system32\regedit32.exe

O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_S93.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205260456187

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221080905359

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Start BT in service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu Java está desatualizado.

Versões antigas e desatualizadas, estão mais vulneráveis aos malwares.

  • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 10 e salve no seu ambiente de trabalho (Desktop).
  • Navegue até "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Clique em "Download". (está do lado direito)
  • Selecione a sua Plataforma: "Windows".
  • Selecione a sua linguagem: "Português".
  • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
  • Clique "Continue".
  • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
  • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
  • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
  • Clique em Remover ou Modificar/Remover.
  • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
  • Reinicie o seu computador, após ter removido as versões antigas de Java.
  • Dê agora o duplo-clique em jre-6u10-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

No mais o seu log está limpo

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Desative e ative novamente a Restauração do Sistema
  • Utilize um navegador alternativo e mais seguro: firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito obrigado Lusitano!

Sua instruções foram de grande ajuda. Agradeço mais uma vez.

Mas, infelizmente, o tal do "tmp.exe" continua ativo.

Iriei formatar minha máquina(mais uma razão para fazer isso).

Mais uma vez, muito obrigado.

E estudarei para ajudar outras pessoas, assim como você.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, Vamos tentar mais uma ferramenta.

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-11-20.02 - Administrador 2008-11-21 11:58:59.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1044 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\Hedley\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrador\Dados de aplicativos\inst.exe

c:\windows\inst.exe

c:\windows\system32\_000005_.tmp.dll

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\_000009_.tmp.dll

c:\windows\system32\regedit32.exe

c:\windows\system32\tmp41.tmp

c:\windows\system32\tmp42.tmp

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-21 to 2008-11-21 ))))))))))))))))))))))))))))

.

2008-11-21 12:04 . 2008-11-21 12:04 53,248 --a--c--- c:\temp\catchme.dll

2008-11-21 11:59 . 2008-11-21 11:59 <DIR> d----c--- c:\temp\WPDNSE

2008-11-20 13:45 . 2008-11-20 13:49 <DIR> d-------- c:\arquivos de programas\SpywareBlaster

2008-11-20 13:30 . 2008-11-20 13:30 410,976 --a------ c:\windows\system32\deploytk.dll

2008-11-20 13:30 . 2008-11-20 13:30 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-11-20 13:16 . 2008-11-20 13:49 <DIR> d----c--- c:\temp\hsperfdata_Administrador

2008-11-20 12:03 . 2008-11-20 12:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-11-20 12:03 . 2008-11-20 12:03 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2008-11-20 12:03 . 2008-11-20 12:03 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-20 12:03 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-20 12:03 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-20 00:03 . 2008-11-20 00:03 <DIR> d-------- c:\documents and settings\Administrador\.idlerc

2008-11-19 19:37 . 2008-11-21 12:04 <DIR> d----c--- c:\temp\plugtmp-2

2008-11-19 19:12 . 2008-11-19 19:14 <DIR> d----c--- c:\temp\RarSFX0

2008-11-19 15:55 . 2008-11-19 16:03 <DIR> d----c--- c:\temp\plugtmp-1

2008-11-18 18:02 . 2008-11-18 18:02 <DIR> d----c--- c:\temp\Adobe

2008-11-17 15:50 . 2007-07-30 20:56 <DIR> d-------- C:\atheros_AR242x

2008-11-14 13:27 . 2008-11-14 13:39 <DIR> d----c--- c:\temp\plugtmp

2008-11-14 01:33 . 2008-11-14 01:33 <DIR> d-------- C:\rsit

2008-11-14 01:33 . 2008-11-19 16:35 <DIR> d-------- c:\arquivos de programas\trend micro

2008-11-14 01:03 . 2008-11-14 01:03 244 --ah----- C:\sqmnoopt10.sqm

2008-11-14 01:03 . 2008-11-14 01:03 232 --ah----- C:\sqmdata10.sqm

2008-11-14 00:30 . 2008-11-14 00:31 <DIR> d-------- C:\DVDVideoSoft

2008-11-14 00:30 . 2008-11-14 00:30 <DIR> d-------- c:\arquivos de programas\DVDVideoSoft

2008-11-14 00:30 . 2008-11-14 00:30 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2008-11-14 00:27 . 2008-11-21 12:04 <DIR> d----c--- c:\temp\mProjector1658900338

2008-11-13 22:07 . 2008-11-13 22:07 <DIR> d-------- c:\windows\system32\ZoneLabs

2008-11-13 22:07 . 2008-08-21 20:41 1,221,008 --a------ c:\windows\system32\zpeng25.dll

2008-11-13 22:07 . 2008-11-21 11:47 348,371 --a------ c:\windows\system32\vsconfig.xml

2008-11-13 22:07 . 2008-11-13 22:07 4,212 --ah----- c:\windows\system32\zllictbl.dat

2008-11-13 22:06 . 2008-11-21 12:03 <DIR> d----c--- c:\temp\111308220650

2008-11-13 21:55 . 2008-11-21 12:03 <DIR> d----c--- c:\temp\111308215519

2008-11-13 21:53 . 2008-11-21 11:50 <DIR> d-------- c:\windows\Internet Logs

2008-11-13 21:53 . 2008-11-21 12:03 <DIR> d----c--- c:\temp\111308215302

2008-11-13 21:53 . 2008-11-21 12:03 <DIR> d----c--- c:\temp\111308215301

2008-11-13 21:53 . 2008-11-13 21:53 <DIR> d-------- c:\arquivos de programas\Zone Labs

2008-11-07 18:06 . 2008-11-21 12:04 <DIR> d----c--- c:\temp\WER195c.dir00

2008-11-07 17:43 . 2008-11-07 17:43 <DIR> d-------- c:\windows\SQL9_KB948109_ENU

2008-11-07 16:27 . 2008-06-14 14:59 272,384 --------- c:\windows\system32\drivers\bthport.sys

2008-11-07 16:27 . 2008-06-14 14:59 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2008-11-07 14:33 . 2008-11-07 14:25 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys

2008-11-07 14:01 . 2008-11-07 17:16 <DIR> d-------- c:\documents and settings\Administrador\amsn

2008-11-07 13:48 . 2008-11-07 13:48 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2008-11-07 13:48 . 2008-11-07 13:48 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com

2008-11-07 13:48 . 2008-11-18 18:48 <DIR> d-------- c:\arquivos de programas\SUPERAntiSpyware

2008-11-07 13:23 . 2008-11-07 13:23 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\uniblue

2008-11-07 13:22 . 2008-11-07 13:22 <DIR> d-------- c:\arquivos de programas\Uniblue

2008-11-07 13:21 . 2008-11-21 12:04 <DIR> d----c--- c:\temp\mia5C.tmp

2008-11-07 13:20 . 2008-11-07 14:33 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\PC Tools

2008-11-07 13:19 . 2008-11-21 12:03 <DIR> d----c--- c:\temp\is-64BRN.tmp

2008-11-07 13:10 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys

2008-11-07 13:10 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys

2008-11-07 13:10 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys

2008-11-07 13:10 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys

2008-11-07 13:09 . 2008-11-07 13:09 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\PC Tools

2008-11-07 13:09 . 2008-11-21 11:47 <DIR> d-------- c:\arquivos de programas\Spyware Doctor

2008-11-07 13:00 . 2001-10-28 08:06 52,472 --a------ c:\windows\system32\command.com.bak

2008-11-07 13:00 . 2008-03-11 13:53 2,969 --a------ c:\windows\system32\config.nt.bak

2008-11-07 13:00 . 2001-10-28 08:06 515 --a------ c:\windows\system32\autoexec.nt.bak

2008-11-03 20:14 . 2008-11-03 20:14 <DIR> d-------- c:\documents and settings\Administrador\.nbi

2008-11-03 15:32 . 2008-11-03 20:24 <DIR> d-------- c:\documents and settings\Administrador\.SunDownloadManager

2008-10-30 15:11 . 2008-10-30 15:11 <DIR> d-------- c:\arquivos de programas\aMSN

2008-10-26 15:33 . 2008-10-26 15:33 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avira

2008-10-26 15:33 . 2008-10-26 15:33 <DIR> d-------- c:\arquivos de programas\Avira

2008-10-26 14:58 . 2008-10-26 14:58 <DIR> d-------- c:\arquivos de programas\Kaspersky Lab

2008-10-25 10:10 . 2008-10-25 10:10 <DIR> d-------- c:\arquivos de programas\Microsoft Games

2008-10-23 11:15 . 2008-10-23 11:15 <DIR> d-------- c:\arquivos de programas\Google

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-21 14:47 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-11-21 04:12 202,536 ----a-w c:\windows\system32\PnkBstrB.exe

2008-11-21 04:12 139,240 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-11-20 16:30 --------- d-----w c:\arquivos de programas\Java

2008-11-14 17:23 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\uTorrent

2008-11-14 03:19 --------- d-----w c:\arquivos de programas\DreMule

2008-11-09 01:57 --------- d-----w c:\arquivos de programas\Microsoft Silverlight

2008-11-07 21:01 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2008-11-07 20:44 --------- d-----w c:\arquivos de programas\Microsoft SQL Server

2008-11-07 18:24 --------- d-----w c:\arquivos de programas\UltraVNC

2008-11-07 18:24 --------- d-----w c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-11-07 18:20 --------- d-----w c:\arquivos de programas\Super_DVD_Creator_9.8

2008-11-07 18:19 --------- d-----w c:\arquivos de programas\NCH Swift Sound

2008-11-03 18:08 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-10-27 04:48 32 --sha-w c:\windows\system32\drivers\fidbox2.idx

2008-10-27 04:48 32 --sha-w c:\windows\system32\drivers\fidbox2.dat

2008-10-27 04:48 32 --sha-w c:\windows\system32\drivers\fidbox.idx

2008-10-27 04:48 32 --sha-w c:\windows\system32\drivers\fidbox.dat

2008-10-27 00:53 --------- d-----w c:\arquivos de programas\Wolfenstein - Enemy Territory

2008-10-26 17:50 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-10-26 16:55 --------- d-----w c:\arquivos de programas\MSXML 4.0

2008-10-25 13:06 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-10-20 23:50 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Skype

2008-10-20 23:27 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\skypePM

2008-10-19 02:00 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer

2008-10-19 01:23 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-19 01:23 --------- d-----w c:\arquivos de programas\iTunes

2008-10-19 01:23 --------- d-----w c:\arquivos de programas\iPod

2008-10-19 01:22 --------- d-----w c:\arquivos de programas\QuickTime

2008-10-19 01:22 --------- d-----w c:\arquivos de programas\Bonjour

2008-10-19 01:22 --------- d-----w c:\arquivos de programas\Arquivos comuns\Apple

2008-10-19 01:21 --------- d-----w c:\arquivos de programas\Apple Software Update

2008-10-12 23:06 --------- d-----w c:\arquivos de programas\FLV Player

2008-10-11 01:42 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-10-10 14:21 --------- d-----w c:\arquivos de programas\SopCast

2008-10-07 21:55 --------- d-----w c:\arquivos de programas\Sony

2008-10-07 20:05 --------- d-----w c:\arquivos de programas\Programas RFB

2008-10-07 00:15 --------- d-----w c:\arquivos de programas\MSDN

2008-10-07 00:08 --------- d-----w c:\arquivos de programas\Microsoft Visual Studio 9.0

2008-10-07 00:08 --------- d-----w c:\arquivos de programas\Business Objects

2008-10-07 00:07 --------- d-----w c:\arquivos de programas\Windows Mobile 5.0 SDK R2

2008-10-07 00:07 --------- d-----w c:\arquivos de programas\Microsoft Device Emulator

2008-10-07 00:05 --------- d-----w c:\arquivos de programas\Microsoft.NET

2008-10-07 00:00 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\PreEmptive Solutions

2008-10-07 00:00 --------- d-----w c:\arquivos de programas\Arquivos comuns\Merge Modules

2008-10-06 23:57 --------- d-----w c:\arquivos de programas\MSBuild

2008-10-06 23:57 --------- d-----w c:\arquivos de programas\HTML Help Workshop

2008-10-06 23:55 --------- d-----w c:\arquivos de programas\CE Remote Tools

2008-10-06 23:54 --------- d-----w c:\arquivos de programas\Microsoft Web Designer Tools

2008-10-06 21:28 --------- d-----w c:\arquivos de programas\StarUML

2008-10-03 14:01 2,279,424 ----a-w c:\windows\system32\TUKernel.exe

2008-10-02 17:15 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\TuneUp Software

2008-10-02 17:15 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\TuneUp Software

2008-10-01 15:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys

2008-09-27 00:06 --------- d-----w c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-09-27 00:03 --------- d-----w c:\arquivos de programas\HP

2008-09-15 15:40 1,846,144 ----a-w c:\windows\system32\win32k.sys

2008-09-05 18:49 499,712 ----a-w c:\windows\system32\msvcp71.dll

2008-09-05 18:49 348,160 ----a-w c:\windows\system32\msvcr71.dll

2008-09-03 23:04 302,696 ------w C:\atheros_AR242x.zip

2008-08-29 12:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 11:53 61,440 ----a-w c:\windows\system32\dnssd.dll

2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll

2008-08-21 13:18 122,880 ----a-w c:\windows\DesinstRecnet.exe

2008-07-21 11:37 47,360 ----a-w c:\documents and settings\Administrador\Dados de aplicativos\pcouffin.sys

2008-05-28 13:30 14 ----a-w c:\documents and settings\Administrador\getfile.dat

2008-04-02 20:19 32 ----a-w c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

"EPSON Stylus CX5600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE" [2007-03-01 180736]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]

"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-18 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IPO3"="c:\arquivos de programas\LG Software\IP Operator\IP Operator.exe" [2007-02-16 1028096]

"KeybdUtility"="c:\arquivos de programas\LG Software\On Screen Display\HotKey.exe" [2007-04-10 2691072]

"LGSI"="c:\arquivos de programas\LG Software\Status Indicator\SITray.exe" [2006-07-10 53248]

"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2007-06-21 815104]

"batterymiser"="c:\arquivos de programas\LG Software\Battery Miser\batterymiser.exe" [2007-02-23 327680]

"StartCCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"ISTray"="c:\arquivos de programas\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]

"ZoneAlarm Client"="c:\arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-11-20 136600]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2007-02-23 114688]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-11-07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\\Documents and Settings\\All Users\\Dados de aplicativos\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-11-07 14:00 352256 c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

--a------ 2008-03-20 13:39 216520 c:\arquivos de programas\Alcohol Soft\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

--a------ 2008-10-01 11:57 111936 c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-02-13 20:09 486856 c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-10-01 17:57 289576 c:\arquivos de programas\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2008-06-19 09:53 570664 c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 14:09 413696 c:\arquivos de programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\DreMule\\emule.exe"=

"c:\\Arquivos de programas\\Wolfenstein - Enemy Territory\\ET.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

"c:\\Arquivos de programas\\Real\\RealPlayer\\realplay.exe"=

"c:\\Arquivos de programas\\TVUPlayer\\TVUPlayer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5900:TCP"= 5900:TCP:vnc5900

"5800:TCP"= 5800:TCP:vnc5800

R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-11-07 160792]

S3 lgodd_filter;lgodd_filter;c:\windows\system32\drivers\lgodd_filter.sys []

S3 LGPCETH;LGPCETH;\??\c:\arquivos de programas\LG Software\Status Indicator\LGPCETH.sys [2006-06-22 9216]

S3 LGPCNDIS;LGPCNDIS;\??\c:\arquivos de programas\LG Software\Status Indicator\LGPCNDIS.sys [2006-06-22 9216]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-05 18176]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-05 7680]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2008-06-24 42112]

S3 Start BT in service;Start BT in service;c:\arquivos de programas\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-05-29 52080]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{611d0073-1c70-11dd-9bb0-00030d000001}]

\Shell\Auto\Command - F:\program.exe e

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-11-07 c:\windows\Tasks\1-Click Maintenance.job

- c:\arquivos de programas\TuneUp Utilities 2008\OneClick.exe []

2008-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-UpdRegistry - c:\windows\system32\regedit32.exe

HKLM-Run-UpdateSys - c:\windows\system32\regedit32.exe

MSConfigStartUp-iolo Personal Firewall - c:\arquivos de programas\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe

MSConfigStartUp-SMSystemAnalyzer - c:\arquivos de programas\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\qqe8uqey.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com.br

FF -: plugin - c:\arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\arquivos de programas\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - c:\arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - c:\arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF -: plugin - c:\arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\npdeploytk.dll

FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-21 12:04:08

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwClose

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-11-21 12:06:42

ComboFix-quarantined-files.txt 2008-11-21 15:06:23

Pré-execução: 28 pasta(s) 24.187.392.000 bytes disponíveis

Pós execução: 28 pasta(s) 25,446,342,656 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=8GTRSW /Kernel=TUKernel.exe

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=8GTRSW-BAK

302 --- E O F --- 2008-07-11 17:27:55

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lusitano, se ajudar, o tal do "tmp.exe" fica na pasta TEMP, mas sempre que eu o deleto, ele volta a aparecer.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Baixe o ATF-Cleaner.

  • Clique em ATF-Cleaner.exe .
  • Em "Select Files To Delete", marque Select All.
  • Clique em Empty Selected.
  • Na janela Done Cleaning dê o OK e Exit.

Atenção: Se utiliza o Firefox:

  • No topo clique em Firefox e escolha: Select All
  • Depois, clique em Empty Selected.

Atenção: Se utiliza o Opera:

  • No topo clique em Opera e escolha: Select All
  • Depois, clique em Empty Selected.

Temporariamente desactive o seu anti-virus!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e cole-o na sua próxima mensagem.

    [*]Gere e cole também um novo log do HijackThis.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Problema resolvido!

Muuuuuuuuito obrigado Lusitano!!

O Combofix deu jeito nesse problema!

E uma duvida, como eu faço pra aprender a analisar logs, estudar essas coisas(essa parte de segurança a faculdade não me ensinou)?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×