Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
CerealKillerGZ

Analise de log, varios virus :S

Recommended Posts

Oi, e brigado por ler isso aqui xD

Eu fui obrigado a colocar no meu pc um Hd que eu sabia que tinha virus, tentei me precaver mas nao deu.

Esse virus é um... virus! ele se espalha de verdade, se espalhou pelos 10 pcs do escritorio do meu tio, ate ai tudo bem porque eu nem ligo, mas chegou na minha casa ¬¬. Se voce coloca um pendrive ele se instala la, ai você coloca no pc e ele se instala la.

O que ele faz?

- Nao posso fazer varias mudanças que afetam o registro. Alguns programas nao podem ser instalados, pastas ocultas nao aparecem, entre outras "Opções de PAstas" que nao podem ser modificadas.

- Os drives infectados sao tratados como arquivos sem extensao. Quando eu clico nos drives C ou E (sao os 2 hds que eu tenho aqui) o windows pergunta com o que eu quero abrir esse arquivo ?!?! (print)

Virus identificados: ckvo.exe/tavo.exe/kavo.exe e suas variantes E olhrwef.exe

Eu adoraria formatar, como sempre fiz, mas nao tenho como perder um hd de 320gb de coisas musicas muito organizadas, videos, trabalhos etc...

Descrição longa, tentei ser detalhado para que possam me ajudar :)

estou no aguardo ;D segue log do hijackthis e DDs

----------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:53:28, on 24/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Matheus\Desktop\gmer\gmer.exe

C:\Documents and Settings\Matheus\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.semptoshiba.com.br

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\ARQUIV~1\FlashFXP\IEFlash.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.semptoshiba.com.br

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235772082808

O17 - HKLM\System\CCS\Services\Tcpip\..\{F4B85C02-C539-49B1-951C-AB5C799D75E5}: NameServer = 208.67.222.222 208.67.220.220

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5535 bytes

--------------------------------------------------------------

DDS (Ver_09-03-16.01) - NTFSx86

Run by Matheus at 21:34:26,79 on ter 24/03/2009

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.639.201 [GMT -3:00]

AV: avast! antivirus 4.8.1335 [VPS 090324-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

E:\Arquivos de programas\Steam\Steam.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Matheus\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

mDefault_Page_URL = hxxp://www.semptoshiba.com.br

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\arquiv~1\flashfxp\IEFlash.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

mRun: [Ad-Watch] c:\arquivos de programas\lavasoft\ad-aware\AAWTray.exe

mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235772082808

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: {F4B85C02-C539-49B1-951C-AB5C799D75E5} = 208.67.222.222 208.67.220.220

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\matheus\dadosd~1\mozilla\firefox\profiles\5hneozji.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/

FF - component: c:\documents and settings\matheus\dados de aplicativos\mozilla\firefox\profiles\5hneozji.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\documents and settings\matheus\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: e:\arquivos de programas\itunes\mozilla plugins\npitunes.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-21 64160]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-21 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-21 20560]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast4\ashServ.exe [2009-3-21 138680]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast4\ashMaiSv.exe [2009-3-21 254040]

R3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast4\ashWebSv.exe [2009-3-21 352920]

S3 D301bus;GW01 USB WMC Bus Driver (WDM);c:\windows\system32\drivers\D301bus.sys [2009-3-12 83328]

S3 D301mdfl;GW01 USB WMC Modem Filter;c:\windows\system32\drivers\D301mdfl.sys [2009-3-12 14976]

S3 D301mdm;GW01 USB WMC Modem Driver;c:\windows\system32\drivers\D301mdm.sys [2009-3-12 109824]

S3 D301mgmt;GW01 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\D301mgmt.sys [2009-3-12 103808]

S3 d301nd5;GW01 USB WMC Ethernet GW (NDIS);c:\windows\system32\drivers\d301nd5.sys [2009-3-12 24832]

S3 D301obex;GW01 USB WMC OBEX Interface;c:\windows\system32\drivers\D301obex.sys [2009-3-12 99840]

S3 d301unic;GW01 USB WMC Ethernet GW (WDM);c:\windows\system32\drivers\d301unic.sys [2009-3-12 105728]

=============== Created Last 30 ================

2009-03-22 19:54 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Macrovision Shared

2009-03-22 14:52 29,079 a------- c:\windows\FontData.fdb

2009-03-21 21:56 64,160 a------- c:\windows\system32\drivers\Lbd.sys

2009-03-21 21:51 <DIR> -cd-h--- c:\docume~1\alluse~1\dadosd~1\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-03-21 21:51 <DIR> --d----- c:\arquivos de programas\Lavasoft

2009-03-21 20:38 100,864 ---shr-- c:\windows\system32\nmdfgds1.dll

2009-03-21 03:14 127 a------- c:\windows\system32\MRT.INI

2009-03-21 00:44 <DIR> --d----- c:\arquivos de programas\Eltima Software

2009-03-21 00:38 <DIR> --d----- c:\windows\Downloaded Installations

2009-03-20 22:48 180,224 -c------ c:\windows\system32\dllcache\scrobj.dll

2009-03-20 22:48 512,000 -c------ c:\windows\system32\dllcache\jscript.dll

2009-03-20 22:48 172,032 -c------ c:\windows\system32\dllcache\scrrun.dll

2009-03-20 22:48 90,112 -c------ c:\windows\system32\dllcache\wshext.dll

2009-03-20 22:48 430,080 -c------ c:\windows\system32\dllcache\vbscript.dll

2009-03-20 22:48 135,168 -c------ c:\windows\system32\dllcache\cscript.exe

2009-03-20 22:48 155,648 -c------ c:\windows\system32\dllcache\wscript.exe

2009-03-20 14:46 221,184 a------- c:\windows\system32\wmpns.dll

2009-03-20 13:18 <DIR> --d----- c:\windows\system32\pt-br

2009-03-20 13:18 <DIR> --d----- c:\windows\l2schemas

2009-03-20 13:18 <DIR> --d----- c:\windows\system32\bits

2009-03-20 13:16 <DIR> --d----- c:\windows\ServicePackFiles

2009-03-20 13:14 <DIR> --d----- c:\windows\network diagnostic

2009-03-20 13:10 <DIR> --d----- c:\windows\EHome

2009-03-20 03:08 <DIR> --dsh--- c:\windows\ftpcache

2009-03-17 06:40 <DIR> --d----- c:\windows\system32\LogFiles

2009-03-14 19:39 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\OpenDNS Updater

2009-03-14 19:39 <DIR> --d----- c:\arquivos de programas\OpenDNS Updater

2009-03-14 12:24 410,984 a------- c:\windows\system32\deploytk.dll

2009-03-14 12:24 73,728 a------- c:\windows\system32\javacpl.cpl

2009-03-12 16:18 105,728 a------- c:\windows\system32\drivers\d301unic.sys

2009-03-12 16:18 10,496 a------- c:\windows\system32\drivers\d301cr.sys

2009-03-12 16:18 109,824 a------- c:\windows\system32\drivers\D301mdm.sys

2009-03-12 16:18 103,808 a------- c:\windows\system32\drivers\D301mgmt.sys

2009-03-12 16:18 99,840 a------- c:\windows\system32\drivers\D301obex.sys

2009-03-12 16:18 24,832 a------- c:\windows\system32\drivers\d301nd5.sys

2009-03-12 16:18 14,976 a------- c:\windows\system32\drivers\D301mdfl.sys

2009-03-12 16:18 12,160 a------- c:\windows\system32\drivers\D301cmnt.sys

2009-03-12 16:18 12,160 a------- c:\windows\system32\drivers\D301cm.sys

2009-03-12 16:18 83,328 a------- c:\windows\system32\drivers\D301bus.sys

2009-03-12 16:18 12,160 a------- c:\windows\system32\drivers\D301whnt.sys

2009-03-12 16:18 12,160 a------- c:\windows\system32\drivers\D301wh.sys

2009-03-12 15:44 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\FlashFXP

2009-03-12 15:44 <DIR> --d----- c:\arquivos de programas\FlashFXP

2009-03-12 02:09 93 ---shr-- C:\autorun.inf

2009-03-11 03:01 <DIR> --d----- c:\arquivos de programas\MSXML 4.0

2009-03-10 20:38 107,368 a------- c:\windows\system32\GEARAspi.dll

2009-03-10 20:38 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-03-10 20:38 <DIR> --d----- c:\arquivos de programas\iPod

2009-03-10 20:38 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-03-10 20:37 <DIR> --d----- c:\arquivos de programas\Bonjour

2009-03-10 20:36 32,000 a------- c:\windows\system32\drivers\usbaapl.sys

2009-03-10 20:36 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Apple

2009-03-10 15:07 <DIR> --d----- c:\arquivos de programas\TouchStoneSoftware

2009-03-10 15:06 <DIR> --d----- c:\arquivos de programas\NTFS Undelete

2009-03-10 14:47 <DIR> --d----- c:\windows\SHELLNEW

2009-03-09 22:22 <DIR> --d----- c:\arquivos de programas\Corel

2009-03-09 22:22 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Corel

2009-03-09 22:19 3,088 a--sh--- c:\windows\system32\KGyGaAvL.sys

2009-03-09 18:54 <DIR> --d----- c:\arquivos de programas\Elaborate Bytes

2009-03-05 00:11 295 a---h--- c:\windows\game.ini

2009-03-05 00:04 <DIR> --d----- c:\arquivos de programas\Activision

2009-03-02 15:33 293 a---h--- c:\windows\LEXSTAT.INI

2009-03-02 15:32 298,496 a---h--- c:\windows\unin0416.exe

2009-03-02 15:32 <DIR> --d----- c:\documents and settings\matheus\WINDOWS

2009-03-02 15:32 <DIR> --d----- C:\LXKZ600

2009-02-28 19:36 268,648 a------- c:\windows\system32\mucltui.dll

2009-02-28 19:36 208,744 a------- c:\windows\system32\muweb.dll

2009-02-28 19:36 27,496 a------- c:\windows\system32\mucltui.dll.mui

2009-02-28 06:01 <DIR> --d----- c:\documents and settings\matheus\Contacts

2009-02-28 05:03 <DIR> --d----- c:\docume~1\matheus\dadosd~1\BitTorrent

2009-02-28 05:03 <DIR> --d----- c:\docume~1\matheus\dadosd~1\DNA

2009-02-28 05:03 <DIR> --d----- c:\arquivos de programas\DNA

2009-02-28 05:03 <DIR> --d----- c:\arquivos de programas\BitTorrent

2009-02-28 04:56 268 a---h--- C:\sqmdata00.sqm

2009-02-28 04:56 244 a---h--- C:\sqmnoopt00.sqm

2009-02-28 04:54 <DIR> -cdsh--- c:\arquivos de programas\arquivos comuns\WindowsLiveInstaller

2009-02-27 23:54 184,126 -c------ c:\windows\system32\dllcache\compact.wmz

2009-02-27 20:39 56,832 a------- C:\wspack.dll.vcd

2009-02-27 19:28 81,984 a------- c:\windows\system32\bdod.bin

2009-02-27 19:23 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\BitDefender

2009-02-27 19:22 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Softwin

2009-02-27 19:13 1,846,912 -c------ c:\windows\system32\dllcache\win32k.sys

2009-02-27 19:13 2,149,376 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-27 19:13 2,070,272 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-27 19:13 2,028,032 -c------ c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-27 19:13 2,193,408 -c------ c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-27 19:12 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys

2009-02-27 19:12 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2009-02-27 19:11 333,952 -c------ c:\windows\system32\dllcache\srv.sys

2009-02-27 19:11 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll

2009-02-27 19:11 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll

2009-02-27 19:09 <DIR> --d----- c:\windows\pss

2009-02-27 19:05 26,488 a------- c:\windows\system32\spupdsvc.exe

2009-02-27 19:05 <DIR> --d----- c:\windows\system32\PreInstall

2009-02-27 19:05 <DIR> --d-h--- c:\windows\$hf_mig$

2009-02-27 19:02 31,768 a------- c:\windows\system32\wucltui.dll.mui

2009-02-27 19:02 27,672 a------- c:\windows\system32\wuaucpl.cpl.mui

2009-02-27 19:02 27,672 a------- c:\windows\system32\wuapi.dll.mui

2009-02-27 19:02 18,968 a------- c:\windows\system32\wuaueng.dll.mui

2009-02-27 19:02 <DIR> --d----- c:\windows\system32\SoftwareDistribution

2009-02-27 19:01 <DIR> --ds---- c:\documents and settings\matheus\UserData

2009-02-27 18:59 <DIR> --d----- c:\windows\nvidia icons

2009-02-27 18:59 182,381 a------- c:\windows\system32\nvapps.xml

2009-02-27 18:59 181,895 a------- c:\windows\system32\nvdsp.chm

2009-02-27 18:59 121,529 a------- c:\windows\system32\nvcpl.chm

2009-02-27 18:59 116,384 a------- c:\windows\system32\nv3d.chm

2009-02-27 18:59 54,988 a------- c:\windows\system32\nvmob.chm

2009-02-27 18:59 442,368 a------- c:\windows\system32\nvudisp.exe

2009-02-27 18:59 18,070 a------- c:\windows\system32\nvdisp.nvu

2009-02-27 18:59 <DIR> --d----- c:\windows\nview

2009-02-27 18:59 442,368 a------- c:\windows\system32\NVUNINST.EXE

2009-02-27 18:59 <DIR> --d----- C:\NVIDIA

2009-02-27 18:55 <DIR> --d----- c:\arquivos de programas\K-Lite Codec Pack

2009-02-27 17:33 40,960 a------- c:\windows\system32\ChCfg.exe

2009-02-27 17:33 164 a------- c:\windows\avrack.ini

2009-02-27 17:33 <DIR> --d----- c:\arquivos de programas\Realtek Sound Manager

2009-02-27 17:33 <DIR> --d----- c:\arquivos de programas\AvRack

2009-02-27 17:33 <DIR> --d----- c:\arquivos de programas\Realtek AC97

2009-02-27 17:33 307,200 a------- c:\windows\alcupd.exe

2009-02-27 17:33 217,088 a------- c:\windows\Alcrmv.exe

2009-02-27 17:32 102,400 a----r-- c:\windows\system32\drivers\ianswxp.sys

2009-02-27 17:29 <DIR> --d----- c:\windows\system32\ReinstallBackups

2009-02-27 17:29 <DIR> --d----- c:\arquivos de programas\arquivos comuns\InstallShield

2009-02-27 17:24 25,856 a------- c:\windows\system32\drivers\usbprint.sys

2009-02-27 16:40 <DIR> --d-hr-- c:\documents and settings\matheus\Dados de aplicativos

2009-02-27 16:40 <DIR> --d-h--- c:\documents and settings\matheus\Modelos

2009-02-27 16:40 <DIR> --d-h--- c:\documents and settings\matheus\Configurações locais

2009-02-27 16:40 <DIR> --d-h--- c:\documents and settings\matheus\Ambiente de rede

2009-02-27 16:40 <DIR> --d-h--- c:\documents and settings\matheus\Ambiente de impressão

2009-02-27 16:40 <DIR> --d--r-- c:\documents and settings\matheus\Meus documentos

2009-02-27 16:40 <DIR> --d--r-- c:\documents and settings\matheus\Menu Iniciar

2009-02-27 16:40 <DIR> --d--r-- c:\documents and settings\matheus\Favoritos

2009-02-27 16:40 <DIR> --d----- c:\documents and settings\Matheus

2009-02-27 16:29 8,192 a---h--- c:\windows\REGLOCS.OLD

2009-02-27 16:27 61 a---h--- c:\windows\smscfg.ini

2009-02-27 16:27 333 a------- c:\windows\system32\$ncsp$.inf

2009-02-27 16:26 <DIR> --d----- c:\windows\Cache

2009-02-27 16:23 <DIR> --ds---- c:\windows\system32\Microsoft

2009-02-27 16:21 9,216 ac------ c:\windows\system32\dllcache\kbdnecat.dll

2009-02-27 16:20 0 a---h--- c:\windows\control.ini

2009-02-27 16:20 3,018 a------- c:\windows\system32\CONFIG.NT

2009-02-27 16:20 23,392 a------- c:\windows\system32\nscompat.tlb

2009-02-27 16:20 16,832 a------- c:\windows\system32\amcompat.tlb

2009-02-27 16:20 316,640 a---h--- c:\windows\WMSysPr9.prx

2009-02-27 16:19 <DIR> --dsh--- c:\documents and settings\all users\DRM

2009-02-27 16:19 <DIR> --d-h--- c:\arquivos de programas\WindowsUpdate

2009-02-27 16:19 <DIR> --d----- c:\arquivos de programas\Serviços on-line

2009-02-27 16:18 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Serviços

2009-02-27 16:18 <DIR> --d----- c:\arquivos de programas\arquivos comuns\MSSoap

2009-02-27 16:16 <DIR> --d----- c:\arquivos de programas\Messenger

2009-02-27 16:16 <DIR> --d----- c:\arquivos de programas\MSN Gaming Zone

2009-02-27 16:16 <DIR> --d----- c:\arquivos de programas\Windows NT

2009-02-27 13:12 <DIR> --d----- c:\arquivos de programas\arquivos comuns\ODBC

2009-02-27 13:12 <DIR> --d----- c:\arquivos de programas\arquivos comuns\SpeechEngines

2009-02-27 13:11 <DIR> --d-h--- c:\documents and settings\all users\Modelos

2009-02-27 13:11 <DIR> --d--r-- c:\documents and settings\all users\Menu Iniciar

2009-02-27 13:11 <DIR> --d--r-- c:\documents and settings\all users\Documentos

2009-02-27 13:11 <DIR> --d----- c:\documents and settings\all users\Favoritos

2009-02-27 13:09 <DIR> --d-hr-- c:\documents and settings\all users\Dados de aplicativos

==================== Find3M ====================

2009-03-20 14:47 344,380 a------- c:\windows\system32\perfh016.dat

2009-03-20 14:47 48,628 a------- c:\windows\system32\perfc016.dat

2009-02-28 17:52 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-02-27 16:17 21,844 a------- c:\windows\system32\emptyregdb.dat

2009-02-09 15:56 67,584 a------- c:\windows\system32\ff_vfw.dll

2009-02-09 11:06 1,846,912 a------- c:\windows\system32\win32k.sys

2009-01-29 19:57 23,976 a------- c:\windows\system32\drivers\ElbyCDIO.sys

2009-01-29 18:54 89,256 a------- c:\windows\system32\ElbyCDIO.dll

2009-01-27 18:24 142,504 a------- c:\windows\system32\ElbyVCD.dll

2009-01-26 15:57 29,184 a------- c:\windows\system32\drivers\VClone.sys

2009-01-07 15:14 60,273 a------- c:\windows\system32\pthreadGC2.dll

============= FINISH: 21:34:44,15 ===============

Editado por CerealKillerGZ

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado pela resposta lusitano.

Log:

ComboFix 09-03-25.02 - Matheus 2009-03-26 4:50:17.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1046.18.639.299 [GMT -3:00]

Executando de: c:\documents and settings\Matheus\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

c:\windows\system32\nmdfgds1.dll

c:\windows\system32\pthreadGC2.dll

E:\Autorun.inf

E:\xsia.bat

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-26 to 2009-03-26 ))))))))))))))))))))))))))))

.

2009-03-22 21:21 . 2009-03-22 21:21 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2009-03-22 19:54 . 2009-03-22 19:54 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2009-03-22 14:52 . 2009-03-22 14:52 29,079 --a------ c:\windows\FontData.fdb

2009-03-21 22:12 . 2009-03-21 22:12 <DIR> d-------- c:\arquivos de programas\Alwil Software

2009-03-21 21:56 . 2009-03-21 21:55 64,160 --a------ c:\windows\system32\drivers\Lbd.sys

2009-03-21 21:51 . 2009-03-21 21:56 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2009-03-21 21:51 . 2009-03-21 21:51 <DIR> d--h-c--- c:\documents and settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-03-21 21:51 . 2009-03-21 21:51 <DIR> d-------- c:\arquivos de programas\Lavasoft

2009-03-21 03:14 . 2009-03-21 03:14 127 --a------ c:\windows\system32\MRT.INI

2009-03-21 00:44 . 2009-03-21 00:44 <DIR> d-------- c:\arquivos de programas\Eltima Software

2009-03-21 00:38 . 2009-03-21 00:38 <DIR> d-------- c:\windows\Downloaded Installations

2009-03-20 22:48 . 2008-05-09 07:55 512,000 -----c--- c:\windows\system32\dllcache\jscript.dll

2009-03-20 22:48 . 2008-05-09 07:55 430,080 -----c--- c:\windows\system32\dllcache\vbscript.dll

2009-03-20 22:48 . 2008-05-09 07:55 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll

2009-03-20 22:48 . 2008-05-09 07:55 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll

2009-03-20 22:48 . 2008-05-08 08:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe

2009-03-20 22:48 . 2008-05-09 05:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe

2009-03-20 22:48 . 2008-05-09 07:55 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll

2009-03-20 14:46 . 2008-04-13 23:20 221,184 --a------ c:\windows\system32\wmpns.dll

2009-03-20 13:18 . 2009-03-20 13:18 <DIR> d-------- c:\windows\system32\pt-br

2009-03-20 13:18 . 2009-03-20 13:18 <DIR> d-------- c:\windows\system32\bits

2009-03-20 13:18 . 2009-03-20 13:18 <DIR> d-------- c:\windows\l2schemas

2009-03-20 13:16 . 2009-03-20 13:18 <DIR> d-------- c:\windows\ServicePackFiles

2009-03-20 13:10 . 2009-03-20 13:10 <DIR> d-------- c:\windows\EHome

2009-03-20 03:08 . 2009-03-20 03:08 <DIR> d--hs---- c:\windows\ftpcache

2009-03-17 06:40 . 2009-03-17 06:40 <DIR> d-------- c:\windows\system32\LogFiles

2009-03-14 19:39 . 2009-03-14 19:40 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\OpenDNS Updater

2009-03-14 19:39 . 2009-03-14 19:39 <DIR> d-------- c:\arquivos de programas\OpenDNS Updater

2009-03-14 16:16 . 2009-03-14 16:16 <DIR> d-------- c:\documents and settings\Matheus\Dados de aplicativos\AdobeUM

2009-03-14 16:11 . 2009-03-23 02:06 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-14 12:24 . 2009-03-14 12:24 <DIR> d-------- c:\windows\Sun

2009-03-14 12:24 . 2009-03-14 12:23 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-14 12:24 . 2009-03-14 12:23 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-14 12:23 . 2009-03-14 12:23 <DIR> d-------- c:\arquivos de programas\Java

2009-03-12 16:18 . 2007-07-06 10:44 109,824 --a------ c:\windows\system32\drivers\D301mdm.sys

2009-03-12 16:18 . 2007-07-06 10:44 105,728 --a------ c:\windows\system32\drivers\d301unic.sys

2009-03-12 16:18 . 2007-07-06 10:44 103,808 --a------ c:\windows\system32\drivers\D301mgmt.sys

2009-03-12 16:18 . 2007-07-06 10:44 99,840 --a------ c:\windows\system32\drivers\D301obex.sys

2009-03-12 16:18 . 2007-07-06 10:44 83,328 --a------ c:\windows\system32\drivers\D301bus.sys

2009-03-12 16:18 . 2007-07-06 10:44 24,832 --a------ c:\windows\system32\drivers\d301nd5.sys

2009-03-12 16:18 . 2007-07-06 10:44 14,976 --a------ c:\windows\system32\drivers\D301mdfl.sys

2009-03-12 16:18 . 2007-07-06 10:44 12,160 --a------ c:\windows\system32\drivers\D301whnt.sys

2009-03-12 16:18 . 2007-07-06 10:44 12,160 --a------ c:\windows\system32\drivers\D301wh.sys

2009-03-12 16:18 . 2007-07-06 10:44 12,160 --a------ c:\windows\system32\drivers\D301cmnt.sys

2009-03-12 16:18 . 2007-07-06 10:44 12,160 --a------ c:\windows\system32\drivers\D301cm.sys

2009-03-12 16:18 . 2007-07-06 10:44 10,496 --a------ c:\windows\system32\drivers\d301cr.sys

2009-03-12 15:44 . 2009-03-12 15:44 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\FlashFXP

2009-03-12 15:44 . 2009-03-12 15:44 <DIR> d-------- c:\arquivos de programas\FlashFXP

2009-03-11 03:01 . 2009-03-11 03:01 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-10 20:38 . 2009-03-10 20:38 <DIR> d-------- c:\documents and settings\Matheus\Dados de aplicativos\Apple Computer

2009-03-10 20:38 . 2009-03-10 20:38 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-03-10 20:38 . 2009-03-10 20:38 <DIR> d-------- c:\arquivos de programas\iPod

2009-03-10 20:38 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll

2009-03-10 20:38 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys

2009-03-10 20:37 . 2009-03-10 20:38 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-03-10 20:37 . 2009-03-10 20:37 <DIR> d-------- c:\arquivos de programas\QuickTime

2009-03-10 20:37 . 2009-03-15 04:18 <DIR> d-------- c:\arquivos de programas\Bonjour

2009-03-10 20:36 . 2009-03-10 20:36 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple

2009-03-10 20:36 . 2009-03-10 20:38 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Apple

2009-03-10 20:36 . 2009-03-10 20:36 <DIR> d-------- c:\arquivos de programas\Apple Software Update

2009-03-10 20:36 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys

2009-03-10 15:07 . 2009-03-10 15:07 <DIR> d-------- c:\arquivos de programas\TouchStoneSoftware

2009-03-10 15:06 . 2009-03-10 15:06 <DIR> d-------- c:\arquivos de programas\Recuva

2009-03-10 15:06 . 2009-03-10 15:28 <DIR> d-------- c:\arquivos de programas\NTFS Undelete

2009-03-10 14:47 . 2009-03-10 14:50 <DIR> d-------- c:\windows\SHELLNEW

2009-03-10 14:46 . 2009-03-10 14:46 <DIR> dr-h----- C:\MSOCache

2009-03-10 14:46 . 2009-03-21 03:09 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-03-09 22:22 . 2009-03-09 22:22 <DIR> d-------- c:\arquivos de programas\Corel

2009-03-09 22:22 . 2009-03-09 22:22 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Corel

2009-03-09 22:19 . 2009-03-24 13:21 3,088 --ahs---- c:\windows\system32\KGyGaAvL.sys

2009-03-09 18:59 . 2009-03-09 22:24 <DIR> d-------- c:\documents and settings\Matheus\Dados de aplicativos\Corel

2009-03-09 18:58 . 2009-03-12 16:17 <DIR> d-------- c:\documents and settings\Matheus\Dados de aplicativos\InstallShield

2009-03-09 18:58 . 2009-03-09 18:58 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\InstallShield

2009-03-09 18:54 . 2009-03-09 18:54 <DIR> d-------- c:\arquivos de programas\Elaborate Bytes

2009-03-05 00:11 . 2009-03-05 00:11 295 --ah----- c:\windows\game.ini

2009-03-05 00:04 . 2009-03-05 00:04 <DIR> d-------- c:\arquivos de programas\Activision

2009-03-02 15:33 . 2009-03-24 13:34 293 --ah----- c:\windows\LEXSTAT.INI

2009-03-02 15:32 . 2009-03-02 15:32 <DIR> d-------- C:\LXKZ600

2009-03-02 15:32 . 2009-03-02 15:32 <DIR> d-------- c:\documents and settings\Matheus\WINDOWS

2009-03-02 15:32 . 1997-04-18 11:53 298,496 --ah----- c:\windows\unin0416.exe

2009-02-28 19:36 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-02-28 19:36 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-02-28 19:36 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-02-28 06:48 . 2009-02-28 06:48 <DIR> d-------- c:\documents and settings\Matheus\Dados de aplicativos\Media Player Classic

2009-02-28 06:01 . 2009-03-24 20:38 <DIR> d-------- c:\documents and settings\Matheus\Contacts

2009-02-28 05:03 . 2009-03-14 16:15 <DIR> d-------- c:\documents and settings\Matheus\Dados de aplicativos\DNA

2009-02-28 05:03 . 2009-03-25 19:45 <DIR> d-------- c:\documents and settings\Matheus\Dados de aplicativos\BitTorrent

2009-02-28 05:03 . 2009-03-14 12:14 <DIR> d-------- c:\arquivos de programas\DNA

2009-02-28 05:03 . 2009-02-28 05:03 <DIR> d-------- c:\arquivos de programas\BitTorrent

2009-02-28 04:56 . 2009-03-21 22:01 <DIR> d----c--- c:\windows\system32\DRVSTORE

2009-02-28 04:56 . 2009-02-28 04:56 268 --ah----- C:\sqmdata00.sqm

2009-02-28 04:56 . 2009-02-28 04:56 244 --ah----- C:\sqmnoopt00.sqm

2009-02-28 04:54 . 2009-02-28 04:54 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-02-28 04:54 . 2009-02-28 04:56 <DIR> d-------- c:\arquivos de programas\Windows Live

2009-02-28 04:54 . 2009-02-28 04:55 <DIR> d--hsc--- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-02-27 23:54 . 2004-08-04 00:36 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys

2009-02-27 20:39 . 2009-02-27 19:39 56,832 --a------ C:\wspack.dll.vcd

2009-02-27 19:28 . 2009-03-21 21:31 81,984 --a------ c:\windows\system32\bdod.bin

2009-02-27 19:23 . 2009-03-21 21:32 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\BitDefender

2009-02-27 19:22 . 2009-03-21 21:32 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Softwin

2009-02-27 19:16 . 2008-12-12 14:02 3,088,896 -----c--- c:\windows\system32\dllcache\mshtml.dll

2009-02-27 19:16 . 2008-10-15 22:02 1,499,136 -----c--- c:\windows\system32\dllcache\shdocvw.dll

2009-02-27 19:16 . 2008-10-15 22:02 668,160 -----c--- c:\windows\system32\dllcache\wininet.dll

2009-02-27 19:16 . 2008-10-15 22:02 619,520 -----c--- c:\windows\system32\dllcache\urlmon.dll

2009-02-27 19:16 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-02-27 19:16 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-02-27 19:13 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-27 19:13 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-27 19:13 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-27 19:13 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-27 19:13 . 2009-02-09 11:06 1,846,912 -----c--- c:\windows\system32\dllcache\win32k.sys

2009-02-27 19:12 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-02-27 19:12 . 2008-05-08 11:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys

2009-02-27 19:11 . 2008-04-11 16:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2009-02-27 19:11 . 2008-10-15 13:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2009-02-27 19:11 . 2008-12-11 07:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys

2009-02-27 19:05 . 2009-03-21 03:16 <DIR> d--h----- c:\windows\$hf_mig$

2009-02-27 19:05 . 2007-08-10 08:12 26,488 --a------ c:\windows\system32\spupdsvc.exe

2009-02-27 19:02 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll

2009-02-27 19:02 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui

2009-02-27 19:02 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui

2009-02-27 19:02 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

2009-02-27 19:02 . 2008-10-16 14:07 18,968 --a------ c:\windows\system32\wuaueng.dll.mui

2009-02-27 19:01 . 2009-02-27 19:01 <DIR> d---s---- c:\documents and settings\Matheus\UserData

2009-02-27 18:59 . 2009-02-27 18:59 <DIR> d-------- c:\windows\nview

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-27 19:21 --------- d-----w c:\arquivos de programas\microsoft frontpage

2009-02-27 19:19 --------- d-----w c:\arquivos de programas\Serviços on-line

2009-02-27 19:18 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll

2009-02-09 14:06 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-01-29 22:57 23,976 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys

2009-01-29 21:54 89,256 ----a-w c:\windows\system32\ElbyCDIO.dll

2009-01-27 21:24 142,504 ----a-w c:\windows\system32\ElbyVCD.dll

2009-01-26 18:57 29,184 ----a-w c:\windows\system32\drivers\VClone.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Ad-Watch"="c:\arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-21 515416]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenDNS Update]

c:\arquivos de programas\OpenD [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

--a------ 2008-08-14 07:58 611712 c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2009-02-28 05:03 321344 c:\arquivos de programas\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

--a----t- 2009-03-10 00:48 133104 c:\documents and settings\Matheus\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

--a------ 2006-09-11 04:40 218032 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-11-20 12:20 290088 e:\arquivos de programas\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-05-02 22:46 13529088 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-05-02 22:46 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]

--a------ 2003-03-11 16:24 86016 c:\arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-11-04 10:30 413696 c:\arquivos de programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2009-03-12 00:59 1410296 e:\arquivos de programas\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2009-03-14 12:23 148888 c:\arquivos de programas\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]

--a------ 2009-01-29 19:11 52392 c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-05-02 22:46 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--ah----- 2005-12-14 18:06 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\Arquivos de programas\\Steam\\steamapps\\cerealkillergz\\team fortress 2\\hl2.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"e:\\Arquivos de programas\\Steam\\steamapps\\cerealkillergz\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"e:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-21 64160]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-21 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-21 20560]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]

S3 D301bus;GW01 USB WMC Bus Driver (WDM);c:\windows\system32\drivers\D301bus.sys [2009-03-12 83328]

S3 D301mdfl;GW01 USB WMC Modem Filter;c:\windows\system32\drivers\D301mdfl.sys [2009-03-12 14976]

S3 D301mdm;GW01 USB WMC Modem Driver;c:\windows\system32\drivers\D301mdm.sys [2009-03-12 109824]

S3 D301mgmt;GW01 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\D301mgmt.sys [2009-03-12 103808]

S3 d301nd5;GW01 USB WMC Ethernet GW (NDIS);c:\windows\system32\drivers\d301nd5.sys [2009-03-12 24832]

S3 D301obex;GW01 USB WMC OBEX Interface;c:\windows\system32\drivers\D301obex.sys [2009-03-12 99840]

S3 d301unic;GW01 USB WMC Ethernet GW (WDM);c:\windows\system32\drivers\d301unic.sys [2009-03-12 105728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39cf7c37-0d99-11de-9ed4-000fea278262}]

\Shell\AutoRun\command - H:\1u0o8bnq.cmd

\Shell\explore\Command - H:\1u0o8bnq.cmd

\Shell\open\Command - H:\1u0o8bnq.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39cf7c38-0d99-11de-9ed4-000fea278262}]

\Shell\AutoRun\command - I:\1u0o8bnq.cmd

\Shell\explore\Command - I:\1u0o8bnq.cmd

\Shell\open\Command - I:\1u0o8bnq.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46a94472-0a97-11de-9ec9-806d6172696f}]

\Shell\AutoRun\command - F:\yh.cmd

\Shell\open\Command - F:\yh.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51dc384e-0908-11de-acd2-000fea278262}]

\Shell\AutoRun\command - J:\u.com

\Shell\open\Command - J:\u.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efdc564c-1195-11de-bc9f-806d6172696f}]

\Shell\AutoRun\command - D:\uxkl0apt.bat

\Shell\open\Command - D:\uxkl0apt.bat

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-03-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-21 21:55]

2009-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4028512469-3048247690-2978380963-1005.job

- c:\documents and settings\Matheus\Configura []

.

- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-cdoosoft - c:\windows\system32\olhrwef.exe

MSConfigStartUp-kamsoft - c:\windows\system32\ckvo.exe

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {F4B85C02-C539-49B1-951C-AB5C799D75E5} = 208.67.222.222 208.67.220.220

FF - ProfilePath - c:\documents and settings\Matheus\Dados de aplicativos\Mozilla\Firefox\Profiles\5hneozji.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/

FF - component: c:\documents and settings\Matheus\Dados de aplicativos\Mozilla\Firefox\Profiles\5hneozji.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: e:\arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-26 04:52:11

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2009-03-26 4:53:26

ComboFix-quarantined-files.txt 2009-03-26 07:53:19

Pré-execução: 11 pasta(s) 33.943.453.696 bytes disponíveis

Pós execução: 10 pasta(s) 34,247,450,624 bytes disponíveis

WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

301 --- E O F --- 2009-03-21 06:17:13

Editado por CerealKillerGZ

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

( 1 ) Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

( 2 ) Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Mostrar":


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39cf7c37-0d99-11de-9ed4-000fea278262}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39cf7c38-0d99-11de-9ed4-000fea278262}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46a94472-0a97-11de-9ec9-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51dc384e-0908-11de-acd2-000fea278262}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efdc564c-1195-11de-bc9f-806d6172696f}]
Registry::

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Cole o conteúdo desse arquivo C:\ComboFix.txt.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado pela ajuda Lusitano

Notei que apareceu uma pasta aqui C:\Qoobox. Parece normal pra mim, logs, quarentena etc...

Coloquei os logs anteriores pra nao atrapalhar =)

Segue o Novo Log.

---------------------------------------------

ComboFix 09-04-01.01 - Matheus 2009-04-02 19:50:09.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1046.18.639.317 [GMT -3:00]

Executando de: c:\documents and settings\Matheus\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Matheus\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1335 [VPS 090402-1] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-02 to 2009-04-02 ))))))))))))))))))))))))))))

.

2009-03-30 14:15 . 2009-03-30 14:16 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-30 14:15 . 2009-03-30 14:15 <DIR> d-------- c:\arquivos de programas\iPod

2009-03-30 14:13 . 2009-03-30 14:13 <DIR> d-------- c:\arquivos de programas\QuickTime

2009-03-30 14:10 . 2009-03-05 23:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll

2009-03-28 21:55 . 2009-03-28 21:55 <DIR> d-------- c:\arquivos de programas\Mouse Driver

2009-03-28 21:55 . 2003-06-20 10:16 77 --a------ c:\windows\system32\ToggleDesktop.scf

2009-03-28 19:59 . 2009-03-28 19:59 <DIR> d-------- c:\windows\Logs

2009-03-22 21:21 . 2009-03-22 21:21 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2009-03-22 19:54 . 2009-03-22 19:54 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2009-03-22 14:52 . 2009-03-27 03:59 42,667 --a------ c:\windows\FontData.fdb

2009-03-21 22:12 . 2009-03-21 22:12 <DIR> d-------- c:\arquivos de programas\Alwil Software

2009-03-21 21:56 . 2009-03-21 21:55 64,160 --a------ c:\windows\system32\drivers\Lbd.sys

2009-03-21 21:51 . 2009-03-21 21:56 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2009-03-21 21:51 . 2009-03-21 21:51 <DIR> d--h-c--- c:\documents and settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-03-21 21:51 . 2009-03-21 21:51 <DIR> d-------- c:\arquivos de programas\Lavasoft

2009-03-21 03:14 . 2009-03-21 03:14 127 --a------ c:\windows\system32\MRT.INI

2009-03-21 00:44 . 2009-03-21 00:44 <DIR> d-------- c:\arquivos de programas\Eltima Software

2009-03-21 00:38 . 2009-03-21 00:38 <DIR> d-------- c:\windows\Downloaded Installations

2009-03-20 22:48 . 2008-05-09 07:55 512,000 -----c--- c:\windows\system32\dllcache\jscript.dll

2009-03-20 22:48 . 2008-05-09 07:55 430,080 -----c--- c:\windows\system32\dllcache\vbscript.dll

2009-03-20 22:48 . 2008-05-09 07:55 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll

2009-03-20 22:48 . 2008-05-09 07:55 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll

2009-03-20 22:48 . 2008-05-08 08:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe

2009-03-20 22:48 . 2008-05-09 05:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe

2009-03-20 22:48 . 2008-05-09 07:55 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll

2009-03-20 14:46 . 2008-04-13 23:20 221,184 --a------ c:\windows\system32\wmpns.dll

2009-03-20 13:18 . 2009-03-20 13:18 <DIR> d-------- c:\windows\system32\pt-br

2009-03-20 13:18 . 2009-03-20 13:18 <DIR> d-------- c:\windows\system32\bits

2009-03-20 13:18 . 2009-03-20 13:18 <DIR> d-------- c:\windows\l2schemas

2009-03-20 13:16 . 2009-03-20 13:18 <DIR> d-------- c:\windows\ServicePackFiles

2009-03-20 13:10 . 2009-03-20 13:10 <DIR> d-------- c:\windows\EHome

2009-03-20 03:08 . 2009-03-20 03:08 <DIR> d--hs---- c:\windows\ftpcache

2009-03-17 06:40 . 2009-03-17 06:40 <DIR> d-------- c:\windows\system32\LogFiles

2009-03-14 19:39 . 2009-03-14 19:40 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\OpenDNS Updater

2009-03-14 19:39 . 2009-03-14 19:39 <DIR> d-------- c:\arquivos de programas\OpenDNS Updater

2009-03-14 16:16 . 2009-03-14 16:16 <DIR> d-------- c:\documents and settings\Matheus\Dados de aplicativos\AdobeUM

2009-03-14 16:11 . 2009-03-27 02:11 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-14 12:24 . 2009-03-14 12:24 <DIR> d-------- c:\windows\Sun

2009-03-14 12:24 . 2009-03-14 12:23 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-14 12:24 . 2009-03-14 12:23 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-14 12:23 . 2009-03-14 12:23 <DIR> d-------- c:\arquivos de programas\Java

2009-03-12 16:18 . 2007-07-06 10:44 109,824 --a------ c:\windows\system32\drivers\D301mdm.sys

2009-03-12 16:18 . 2007-07-06 10:44 105,728 --a------ c:\windows\system32\drivers\d301unic.sys

2009-03-12 16:18 . 2007-07-06 10:44 103,808 --a------ c:\windows\system32\drivers\D301mgmt.sys

2009-03-12 16:18 . 2007-07-06 10:44 99,840 --a------ c:\windows\system32\drivers\D301obex.sys

2009-03-12 16:18 . 2007-07-06 10:44 83,328 --a------ c:\windows\system32\drivers\D301bus.sys

2009-03-12 16:18 . 2007-07-06 10:44 24,832 --a------ c:\windows\system32\drivers\d301nd5.sys

2009-03-12 16:18 . 2007-07-06 10:44 14,976 --a------ c:\windows\system32\drivers\D301mdfl.sys

2009-03-12 16:18 . 2007-07-06 10:44 12,160 --a------ c:\windows\system32\drivers\D301whnt.sys

2009-03-12 16:18 . 2007-07-06 10:44 12,160 --a------ c:\windows\system32\drivers\D301wh.sys

2009-03-12 16:18 . 2007-07-06 10:44 12,160 --a------ c:\windows\system32\drivers\D301cmnt.sys

2009-03-12 16:18 . 2007-07-06 10:44 12,160 --a------ c:\windows\system32\drivers\D301cm.sys

2009-03-12 16:18 . 2007-07-06 10:44 10,496 --a------ c:\windows\system32\drivers\d301cr.sys

2009-03-12 15:44 . 2009-03-12 15:44 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\FlashFXP

2009-03-12 15:44 . 2009-03-12 15:44 <DIR> d-------- c:\arquivos de programas\FlashFXP

2009-03-11 03:01 . 2009-03-11 03:01 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-10 20:38 . 2009-03-10 20:38 <DIR> d-------- c:\documents and settings\Matheus\Dados de aplicativos\Apple Computer

2009-03-10 20:38 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll

2009-03-10 20:38 . 2009-01-15 12:19 23,848 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys

2009-03-10 20:37 . 2009-03-10 20:38 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-03-10 20:37 . 2009-03-30 14:14 <DIR> d-------- c:\arquivos de programas\Bonjour

2009-03-10 20:36 . 2009-03-10 20:36 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple

2009-03-10 20:36 . 2009-03-30 14:15 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Apple

2009-03-10 20:36 . 2009-03-10 20:36 <DIR> d-------- c:\arquivos de programas\Apple Software Update

2009-03-10 20:36 . 2009-03-05 23:59 36,864 --a------ c:\windows\system32\drivers\usbaapl.sys

2009-03-10 15:07 . 2009-03-10 15:07 <DIR> d-------- c:\arquivos de programas\TouchStoneSoftware

2009-03-10 15:06 . 2009-03-10 15:06 <DIR> d-------- c:\arquivos de programas\Recuva

2009-03-10 15:06 . 2009-03-10 15:28 <DIR> d-------- c:\arquivos de programas\NTFS Undelete

2009-03-10 14:47 . 2009-03-10 14:50 <DIR> d-------- c:\windows\SHELLNEW

2009-03-10 14:46 . 2009-03-10 14:46 <DIR> dr-h----- C:\MSOCache

2009-03-10 14:46 . 2009-03-21 03:09 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-03-09 22:22 . 2009-03-09 22:22 <DIR> d-------- c:\arquivos de programas\Corel

2009-03-09 22:22 . 2009-03-09 22:22 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Corel

2009-03-09 22:19 . 2009-04-02 01:40 3,088 --ahs---- c:\windows\system32\KGyGaAvL.sys

2009-03-09 18:59 . 2009-03-09 22:24 <DIR> d-------- c:\documents and settings\Matheus\Dados de aplicativos\Corel

2009-03-09 18:58 . 2009-03-12 16:17 <DIR> d-------- c:\documents and settings\Matheus\Dados de aplicativos\InstallShield

2009-03-09 18:58 . 2009-03-09 18:58 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\InstallShield

2009-03-09 18:54 . 2009-03-09 18:54 <DIR> d-------- c:\arquivos de programas\Elaborate Bytes

2009-03-05 00:11 . 2009-03-05 00:11 295 --ah----- c:\windows\game.ini

2009-03-05 00:04 . 2009-03-05 00:04 <DIR> d-------- c:\arquivos de programas\Activision

2009-03-02 15:33 . 2009-03-30 11:28 294 --ah----- c:\windows\LEXSTAT.INI

2009-03-02 15:32 . 2009-03-02 15:32 <DIR> d-------- C:\LXKZ600

2009-03-02 15:32 . 2009-03-02 15:32 <DIR> d-------- c:\documents and settings\Matheus\WINDOWS

2009-03-02 15:32 . 1997-04-18 11:53 298,496 --ah----- c:\windows\unin0416.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-02 22:36 --------- d-----w c:\documents and settings\Matheus\Dados de aplicativos\BitTorrent

2009-03-29 00:55 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-03-22 00:32 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\BitDefender

2009-03-22 00:32 --------- d-----w c:\arquivos de programas\Arquivos comuns\Softwin

2009-03-22 00:31 81,984 ----a-w c:\windows\system32\bdod.bin

2009-03-14 19:15 --------- d-----w c:\documents and settings\Matheus\Dados de aplicativos\DNA

2009-03-14 15:14 --------- d-----w c:\arquivos de programas\DNA

2009-03-09 21:57 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2009-02-28 09:48 --------- d-----w c:\documents and settings\Matheus\Dados de aplicativos\Media Player Classic

2009-02-28 08:03 --------- d-----w c:\arquivos de programas\BitTorrent

2009-02-28 07:56 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-28 07:55 --------- dcsh--w c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-02-28 07:54 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-02-27 21:55 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

2009-02-27 20:33 --------- d-----w c:\arquivos de programas\Realtek Sound Manager

2009-02-27 20:33 --------- d-----w c:\arquivos de programas\Realtek AC97

2009-02-27 20:33 --------- d-----w c:\arquivos de programas\AvRack

2009-02-27 20:32 --------- d-----w c:\arquivos de programas\Intel

2009-02-27 19:21 --------- d-----w c:\arquivos de programas\microsoft frontpage

2009-02-27 19:19 --------- d-----w c:\arquivos de programas\Serviços on-line

2009-02-27 19:18 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll

2009-02-09 14:06 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-01-29 21:54 89,256 ----a-w c:\windows\system32\ElbyCDIO.dll

2009-01-27 21:24 142,504 ----a-w c:\windows\system32\ElbyVCD.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]

"CreativeMouse "="c:\arquivos de programas\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="e:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-03-12 342312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenDNS Update]

c:\arquivos de programas\OpenD [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]

--a------ 2009-03-21 21:55 515416 c:\arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

--a------ 2008-08-14 07:58 611712 c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2009-02-28 05:03 321344 c:\arquivos de programas\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

--a----t- 2009-03-10 00:48 133104 c:\documents and settings\Matheus\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

--a------ 2006-09-11 04:40 218032 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2009-03-12 20:56 342312 e:\arquivos de programas\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-05-02 22:46 13529088 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-05-02 22:46 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]

--a------ 2003-03-11 16:24 86016 c:\arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2009-01-05 16:18 413696 c:\arquivos de programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2009-03-12 00:59 1410296 e:\arquivos de programas\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2009-03-14 12:23 148888 c:\arquivos de programas\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]

--a------ 2009-01-29 19:11 52392 c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-05-02 22:46 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--ah----- 2005-12-14 18:06 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\Arquivos de programas\\Steam\\steamapps\\cerealkillergz\\team fortress 2\\hl2.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"e:\\Arquivos de programas\\Steam\\steamapps\\cerealkillergz\\counter-strike\\hl.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"e:\\Arquivos de programas\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-21 64160]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-21 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-21 20560]

S3 D301bus;GW01 USB WMC Bus Driver (WDM);c:\windows\system32\drivers\D301bus.sys [2009-03-12 83328]

S3 D301mdfl;GW01 USB WMC Modem Filter;c:\windows\system32\drivers\D301mdfl.sys [2009-03-12 14976]

S3 D301mdm;GW01 USB WMC Modem Driver;c:\windows\system32\drivers\D301mdm.sys [2009-03-12 109824]

S3 D301mgmt;GW01 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\D301mgmt.sys [2009-03-12 103808]

S3 d301nd5;GW01 USB WMC Ethernet GW (NDIS);c:\windows\system32\drivers\d301nd5.sys [2009-03-12 24832]

S3 D301obex;GW01 USB WMC OBEX Interface;c:\windows\system32\drivers\D301obex.sys [2009-03-12 99840]

S3 d301unic;GW01 USB WMC Ethernet GW (WDM);c:\windows\system32\drivers\d301unic.sys [2009-03-12 105728]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-03-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-21 21:55]

2009-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4028512469-3048247690-2978380963-1005.job

- c:\documents and settings\Matheus\Configura []

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {F4B85C02-C539-49B1-951C-AB5C799D75E5} = 208.67.222.222 208.67.220.220

FF - ProfilePath - c:\documents and settings\Matheus\Dados de aplicativos\Mozilla\Firefox\Profiles\5hneozji.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/

FF - component: c:\documents and settings\Matheus\Dados de aplicativos\Mozilla\Firefox\Profiles\5hneozji.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: e:\arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-02 19:51:14

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2009-04-02 19:52:29

ComboFix-quarantined-files.txt 2009-04-02 22:52:26

Pré-execução: 12 pasta(s) 29.344.436.224 bytes disponíveis

Pós execução: 11 pasta(s) 29,333,626,880 bytes disponíveis

247 --- E O F --- 2009-03-21 06:17:13

No aguardo...

Editado por CerealKillerGZ

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu log está limpo

  • Clique em Iniciar depois em Executar
  • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

CF_Cleanup.png

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Utilize um navegador alternativo e mais seguro:
    firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Se não utiliza roteador, utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sim, sem mais nenhum sintoma de virus. Ta limpo mesmo :D

MUITO obrigado pela ajuda!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×