Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
JRS9

Não consigo instalar antivirus!

Recommended Posts

Por favor analisem meus LOG'S, eu não consigo mais instalar nenhum antivirus.

1- DDS (Ver_09-03-16.01) - NTFSx86

Run by JR Silva at 18:17:48,42 on ter 05/05/2009

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.127 [GMT -3:00]

AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\JR Silva.MICRO\Meus documentos\Novos Programas\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

mURLSearchHooks: H - No File

BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\arquiv~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\arquiv~1\mcafee\sitead~1\mcieplg.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\arquiv~1\arquiv~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\jrsilv~1.mic\menuin~1\progra~1\inicia~1\is-grm3h.lnk - c:\documents and settings\jr silva.micro\desktop\virus removal tool\is-grm3h\startup.exe

StartupFolder: c:\docume~1\jrsilv~1.mic\menuin~1\progra~1\inicia~1\is-u92t7.lnk - c:\documents and settings\jr silva.micro\desktop\virus removal tool\is-u92t7\startup.exe

StartupFolder: c:\docume~1\jrsilv~1.mic\menuin~1\progra~1\inicia~1\micros~1.lnk - c:\arquivos de programas\microsoft office\office11\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\inicia~1.lnk - c:\arquivos de programas\microsoft office\office11\ONENOTEM.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com.br/s/v/28.33/uploader2.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163713723062

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\arquivos de programas\hp\hpcoretech\comp\hpuiprot.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\arquiv~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\Skype4COM.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jrsilv~1.mic\dadosd~1\mozilla\firefox\profiles\d7y5ujmh.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=

FF - component: c:\arquivos de programas\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\arquivos de programas\google\google earth plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\arquivos de programas\unity\webplayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-2 114768]

R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2009-5-3 3968]

R1 is-GRM3Hdrv;is-GRM3Hdrv;c:\windows\system32\drivers\94229063.sys [2009-5-5 148496]

R1 is-U92T7drv;is-U92T7drv;c:\windows\system32\drivers\08750997.sys [2009-5-5 148496]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-2 20560]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\mcafee\siteadvisor\McSACore.exe [2008-9-9 210216]

S1 SASDIFSV;SASDIFSV;\??\c:\arquivos de programas\superantispyware\sasdifsv.sys --> c:\arquivos de programas\superantispyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\arquivos de programas\superantispyware\saskutil.sys --> c:\arquivos de programas\superantispyware\SASKUTIL.sys [?]

S2 gupdate1c985ddf42d753a;Google Update Service (gupdate1c985ddf42d753a);c:\arquivos de programas\google\update\GoogleUpdate.exe [2009-2-3 133104]

S3 SASENUM;SASENUM;\??\c:\arquivos de programas\superantispyware\sasenum.sys --> c:\arquivos de programas\superantispyware\SASENUM.SYS [?]

=============== Created Last 30 ================

2009-05-05 07:49 148,496 a------- c:\windows\system32\drivers\94229063.sys

2009-05-05 02:25 7,563,296 a--sh--- c:\windows\system32\drivers\fidbox.dat

2009-05-05 02:25 24,920 a--sh--- c:\windows\system32\drivers\fidbox.idx

2009-05-05 02:24 148,496 a------- c:\windows\system32\drivers\08750997.sys

2009-05-03 02:29 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Comodo

2009-05-03 02:29 <DIR> --d----- c:\arquivos de programas\COMODO

2009-05-03 01:29 3,968 a------- c:\windows\system32\drivers\AvgArCln.sys

2009-05-02 19:22 <DIR> -cd----- C:\cmdcons

2009-05-02 19:16 161,792 a------- c:\windows\SWREG.exe

2009-05-02 19:16 98,816 a------- c:\windows\sed.exe

2009-05-02 17:24 <DIR> --d----- c:\arquivos de programas\Sygate

2009-05-02 17:24 <DIR> --d----- c:\arquivos de programas\Firebird

2009-05-02 17:24 <DIR> --d----- c:\arquivos de programas\Corel

2009-05-02 17:24 <DIR> --d-h--- c:\documents and settings\jr silva.micro\Recent(2)

2009-05-02 17:24 <DIR> --d----- c:\arquivos de programas\Softwin

2009-05-02 17:24 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Avira

2009-05-02 17:23 <DIR> --d----- c:\arquivos de programas\SUPERAntiSpyware

2009-04-30 19:07 <DIR> --d----- c:\docume~1\jrsilv~1.mic\dadosd~1\Malwarebytes

2009-04-30 19:07 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-04-30 19:07 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-30 19:07 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-04-30 19:07 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-04-29 09:28 <DIR> --d----- c:\arquivos de programas\daniel web studio

2009-04-28 16:21 55,640 a------- c:\windows\system32\drivers\avgntflt.sys

2009-04-24 08:14 <DIR> --d----- c:\windows\system32\Adobe

2009-04-20 06:15 <DIR> -cd----- C:\Arquivos Media Player

2009-04-19 10:30 23,392 a------- c:\windows\system32\nscompat.tlb

2009-04-19 10:30 16,832 a------- c:\windows\system32\amcompat.tlb

2009-04-19 10:29 221,184 a------- c:\windows\system32\wmpns.dll

2009-04-16 17:13 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe

2009-04-16 17:13 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll

2009-04-16 17:13 286,208 -c------ c:\windows\system32\dllcache\pdh.dll

2009-04-16 17:13 111,104 -c------ c:\windows\system32\dllcache\services.exe

2009-04-16 17:13 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll

2009-04-16 17:13 683,520 -c------ c:\windows\system32\dllcache\advapi32.dll

2009-04-16 17:13 731,648 -c------ c:\windows\system32\dllcache\lsasrv.dll

2009-04-16 17:13 730,624 -c------ c:\windows\system32\dllcache\ntdll.dll

2009-04-16 17:13 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-16 09:57 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb

2009-04-16 09:57 216,064 -c------ c:\windows\system32\dllcache\wordpad.exe

2009-04-15 23:45 410,984 a------- c:\windows\system32\deploytk.dll

2009-04-15 23:45 73,728 a------- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2009-04-19 10:04 152,918 a------- c:\windows\system32\perfh016.dat

2009-04-19 10:04 39,076 a------- c:\windows\system32\perfc016.dat

2009-03-06 11:20 286,208 a------- c:\windows\system32\pdh.dll

2009-03-02 21:06 826,368 a------- c:\windows\system32\wininet.dll

2009-02-20 14:11 78,336 a------- c:\windows\system32\ieencode.dll

2009-02-10 19:07 2,070,272 a------- c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:06 1,846,912 a------- c:\windows\system32\win32k.sys

2009-02-09 08:25 2,193,280 a------- c:\windows\system32\ntoskrnl.exe

2009-02-09 08:25 111,104 a------- c:\windows\system32\services.exe

2009-02-09 07:53 731,648 a------- c:\windows\system32\lsasrv.dll

2009-02-09 07:53 730,624 a------- c:\windows\system32\ntdll.dll

2009-02-09 07:53 683,520 a------- c:\windows\system32\advapi32.dll

2009-02-09 07:53 401,408 a------- c:\windows\system32\rpcss.dll

2009-02-06 07:39 35,328 a------- c:\windows\system32\sc.exe

2008-03-10 21:22 4,265,560 a------- c:\arquivos de programas\FLV PlayerRCATSetup.exe

2008-03-10 20:15 411,248 a------- c:\arquivos de programas\FLV PlayerRCSetup.exe

2002-04-05 15:29 1,208,320 -------- c:\arquivos de programas\SothinkHtmlEditor.exe

2001-04-26 12:00 1,340,187 -------- c:\arquivos de programas\SothinkHTMLEditor.chm

2001-04-26 12:00 561,152 -------- c:\arquivos de programas\SiteManager.exe

2001-04-26 12:00 176,128 -------- c:\arquivos de programas\TagDefine.exe

2001-04-26 12:00 17,034 -------- c:\arquivos de programas\HTMLKeyword.txt

2001-04-26 12:00 4,723 -------- c:\arquivos de programas\license.txt

2007-06-22 15:44 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012007062220070623\index.dat

2008-02-13 18:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008021320080214\index.dat

2008-09-14 06:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008091420080915\index.dat

============= FINISH: 18:18:47,07 ===============

2- GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-05-05 19:44:41

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF57066B8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF5706574]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF5706A52]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF570614C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF570664E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF570608C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF57060F0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF570676E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF570672E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF57068AE]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[592] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002

IAT C:\WINDOWS\system32\services.exe[592] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado a Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia,

Em primeiro lugar gostaria de agradecer as suas instruções, pois foram muito uteis.

Ps.: Já exclui o Bitdefender há meses, não entendo porque ele sempre aparece nos logs.

Segue log do COMBOFIX! Obrigado!

ComboFix 09-05-11.08 - JR Silva 12/05/2009 8:22.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.669 [GMT -3:00]

Executando de: c:\documents and settings\JR Silva.MICRO\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated)

AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-12 to 2009-05-12 ))))))))))))))))))))))))))))

.

2009-05-11 21:11 . 2009-05-11 21:11 -------- d-----w c:\windows\LastGood

2009-05-11 20:31 . 2009-05-11 20:31 -------- d-sh--w c:\documents and settings\JR Silva.MICRO\IECompatCache

2009-05-11 20:29 . 2009-05-11 20:29 -------- d-sh--w c:\documents and settings\JR Silva.MICRO\PrivacIE

2009-05-11 20:28 . 2009-05-11 20:28 -------- d-sh--w c:\documents and settings\JR Silva.MICRO\IETldCache

2009-05-11 20:26 . 2009-05-11 20:26 -------- d-----w c:\windows\ie8updates

2009-05-11 20:23 . 2009-05-11 20:25 -------- dc-h--w c:\windows\ie8

2009-05-11 20:22 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll

2009-05-10 03:42 . 2009-05-10 03:42 -------- d-sh--w C:\found.000

2009-05-08 23:24 . 2009-05-08 23:24 -------- d-----r c:\documents and settings\LocalService\Meus documentos

2009-05-08 21:50 . 2009-05-08 21:50 -------- d-----w c:\arquivos de programas\Avira

2009-05-08 21:13 . 2009-05-08 21:10 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys

2009-05-08 21:07 . 2009-05-08 21:24 -------- d-----w c:\documents and settings\JR Silva.MICRO\.housecall6.6

2009-05-08 13:27 . 2001-09-06 02:17 980034 -c--a-w c:\windows\system32\dllcache\cicap.sys

2009-05-08 13:26 . 2008-04-13 18:40 8192 -c--a-w c:\windows\system32\dllcache\changer.sys

2009-05-08 13:25 . 2001-09-06 02:15 49182 -c--a-w c:\windows\system32\dllcache\cem56n5.sys

2009-05-08 13:25 . 2001-09-06 02:15 22044 -c--a-w c:\windows\system32\dllcache\cem33n5.sys

2009-05-08 13:25 . 2001-09-06 02:15 22044 -c--a-w c:\windows\system32\dllcache\cem28n5.sys

2009-05-08 13:25 . 2001-09-06 02:15 27164 -c--a-w c:\windows\system32\dllcache\ce3n5.sys

2009-05-08 13:25 . 2001-09-06 02:15 21530 -c--a-w c:\windows\system32\dllcache\ce2n5.sys

2009-05-08 13:25 . 2001-08-18 00:52 7680 -c--a-w c:\windows\system32\dllcache\cd20xrnt.sys

2009-05-08 13:25 . 2008-04-13 18:46 17024 -c--a-w c:\windows\system32\dllcache\ccdecode.sys

2009-05-08 13:25 . 2001-09-06 02:15 715210 -c--a-w c:\windows\system32\dllcache\cbmdmkxx.sys

2009-05-08 13:25 . 2001-08-17 23:13 46108 -c--a-w c:\windows\system32\dllcache\cben5.sys

2009-05-08 13:24 . 2001-08-17 23:12 39680 -c--a-w c:\windows\system32\dllcache\cb325.sys

2009-05-08 13:24 . 2001-08-17 23:12 37916 -c--a-w c:\windows\system32\dllcache\cb102.sys

2009-05-08 13:24 . 2001-09-06 02:50 32256 -c--a-w c:\windows\system32\dllcache\diapi2NT.dll

2009-05-08 13:24 . 2001-08-17 23:13 164923 -c--a-w c:\windows\system32\dllcache\diapi2.sys

2009-05-08 13:24 . 2008-04-14 02:20 121856 -c--a-w c:\windows\system32\dllcache\camext30.dll

2009-05-08 13:24 . 2001-09-06 02:50 236032 -c--a-w c:\windows\system32\dllcache\camext20.dll

2009-05-08 13:24 . 2001-09-06 02:50 74240 -c--a-w c:\windows\system32\dllcache\camexo20.dll

2009-05-08 13:23 . 2001-08-18 01:04 171264 -c--a-w c:\windows\system32\dllcache\camdrv30.sys

2009-05-08 13:23 . 2001-08-18 01:04 223232 -c--a-w c:\windows\system32\dllcache\camdrv21.sys

2009-05-08 13:23 . 2001-08-18 01:05 314752 -c--a-w c:\windows\system32\dllcache\camdro21.sys

2009-05-08 13:17 . 2001-09-06 02:12 14080 -c--a-w c:\windows\system32\dllcache\bulltlp3.sys

2009-05-08 13:17 . 2001-08-17 23:11 31529 -c--a-w c:\windows\system32\dllcache\brzwlan.sys

2009-05-08 13:17 . 2001-08-18 00:12 10368 -c--a-w c:\windows\system32\dllcache\brusbscn.sys

2009-05-08 13:17 . 2001-08-18 00:12 11008 -c--a-w c:\windows\system32\dllcache\brusbmdm.sys

2009-05-08 13:17 . 2001-08-18 00:12 60416 -c--a-w c:\windows\system32\dllcache\brserwdm.sys

2009-05-08 13:17 . 2001-09-06 02:50 9728 -c--a-w c:\windows\system32\dllcache\brserif.dll

2009-05-08 13:17 . 2001-09-06 02:50 5120 -c--a-w c:\windows\system32\dllcache\brscnrsm.dll

2009-05-08 13:16 . 2001-09-06 02:12 39680 -c--a-w c:\windows\system32\dllcache\brparwdm.sys

2009-05-08 13:16 . 2001-08-18 00:12 3168 -c--a-w c:\windows\system32\dllcache\brparimg.sys

2009-05-08 13:16 . 2001-09-06 02:50 41472 -c--a-w c:\windows\system32\dllcache\brmfusb.dll

2009-05-08 13:16 . 2001-09-06 02:50 32256 -c--a-w c:\windows\system32\dllcache\brmfrsmg.exe

2009-05-08 13:16 . 2001-09-06 02:50 29696 -c--a-w c:\windows\system32\dllcache\brmflpt.dll

2009-05-08 13:16 . 2001-09-06 02:50 81920 -c--a-w c:\windows\system32\dllcache\brmfcwia.dll

2009-05-08 13:16 . 2001-09-06 02:50 15360 -c--a-w c:\windows\system32\dllcache\brmfbidi.dll

2009-05-08 13:16 . 2001-08-18 00:12 3968 -c--a-w c:\windows\system32\dllcache\brfiltup.sys

2009-05-08 13:16 . 2001-08-18 00:12 12160 -c--a-w c:\windows\system32\dllcache\brfiltlo.sys

2009-05-08 13:16 . 2001-08-18 00:12 2944 -c--a-w c:\windows\system32\dllcache\brfilt.sys

2009-05-08 13:16 . 2001-09-06 02:50 12800 -c--a-w c:\windows\system32\dllcache\brevif.dll

2009-05-08 13:16 . 2001-09-06 02:50 9728 -c--a-w c:\windows\system32\dllcache\brcoinst.dll

2009-05-08 13:15 . 2001-09-06 02:50 19456 -c--a-w c:\windows\system32\dllcache\brbidiif.dll

2009-05-08 13:15 . 2001-09-06 02:50 102912 -c--a-w c:\windows\system32\dllcache\binlsvc.dll

2009-05-08 13:15 . 2008-04-13 18:46 11776 -c--a-w c:\windows\system32\dllcache\bdasup.sys

2009-05-08 13:15 . 2001-08-18 00:28 871388 -c--a-w c:\windows\system32\dllcache\bcmdm.sys

2009-05-08 13:15 . 2001-08-17 23:11 26568 -c--a-w c:\windows\system32\dllcache\bcm4e5.sys

2009-05-08 13:15 . 2001-08-17 23:11 54271 -c--a-w c:\windows\system32\dllcache\bcm42xx5.sys

2009-05-08 13:15 . 2001-08-17 23:11 66557 -c--a-w c:\windows\system32\dllcache\bcm42u.sys

2009-05-08 13:15 . 2008-04-13 18:36 14208 -c--a-w c:\windows\system32\dllcache\battc.sys

2009-05-08 13:14 . 2001-08-17 23:48 36128 -c--a-w c:\windows\system32\dllcache\banshee.sys

2009-05-08 13:14 . 2001-09-06 02:49 342336 -c--a-w c:\windows\system32\dllcache\banshee.dll

2009-05-08 13:14 . 2001-09-06 02:09 97184 -c--a-w c:\windows\system32\dllcache\b57xp32.sys

2009-05-08 13:14 . 2001-08-17 23:13 89952 -c--a-w c:\windows\system32\dllcache\b1cbase.sys

2009-05-08 13:14 . 2001-08-17 23:19 36992 -c--a-w c:\windows\system32\dllcache\aztw2320.sys

2009-05-08 13:14 . 2001-08-17 23:13 37568 -c--a-w c:\windows\system32\dllcache\avmwan.sys

2009-05-08 13:14 . 2001-09-06 02:50 144384 -c--a-w c:\windows\system32\dllcache\avmenum.dll

2009-05-08 13:14 . 2001-09-06 02:50 87552 -c--a-w c:\windows\system32\dllcache\avmcoxp.dll

2009-05-08 13:14 . 2008-04-13 18:46 13696 -c--a-w c:\windows\system32\dllcache\avcstrm.sys

2009-05-08 13:14 . 2001-08-18 01:01 36096 -c--a-w c:\windows\system32\dllcache\avcaudio.sys

2009-05-08 13:14 . 2008-04-13 18:46 38912 -c--a-w c:\windows\system32\dllcache\avc.sys

2009-05-08 13:13 . 2001-08-17 23:49 23552 -c--a-w c:\windows\system32\dllcache\atixbar.sys

2009-05-08 13:13 . 2001-08-17 23:49 26624 -c--a-w c:\windows\system32\dllcache\ativxbar.sys

2009-05-08 13:13 . 2001-08-17 23:49 19456 -c--a-w c:\windows\system32\dllcache\ativttxx.sys

2009-05-08 13:13 . 2001-08-17 23:49 9472 -c--a-w c:\windows\system32\dllcache\ativmdcd.sys

2009-05-08 13:13 . 2001-08-17 23:49 17152 -c--a-w c:\windows\system32\dllcache\atitvsnd.sys

2009-05-08 13:13 . 2001-08-17 23:49 17152 -c--a-w c:\windows\system32\dllcache\atitunep.sys

2009-05-08 13:13 . 2001-08-17 23:49 26880 -c--a-w c:\windows\system32\dllcache\atirtsnd.sys

2009-05-08 13:13 . 2001-08-17 23:49 49920 -c--a-w c:\windows\system32\dllcache\atirtcap.sys

2009-05-08 13:13 . 2001-09-06 02:08 70656 -c--a-w c:\windows\system32\dllcache\atiragem.sys

2009-05-08 13:12 . 2001-08-17 23:49 10240 -c--a-w c:\windows\system32\dllcache\atipcxxx.sys

2009-05-08 13:12 . 2001-09-06 02:08 281600 -c--a-w c:\windows\system32\dllcache\atimtai.sys

2009-05-08 13:12 . 2001-09-06 02:08 75264 -c--a-w c:\windows\system32\dllcache\atimpae.sys

2009-05-08 13:12 . 2001-09-06 02:08 289792 -c--a-w c:\windows\system32\dllcache\atimpab.sys

2009-05-08 13:12 . 2001-09-06 02:50 37376 -c--a-w c:\windows\system32\dllcache\atievxx.exe

2009-05-08 13:12 . 2001-09-06 02:49 268160 -c--a-w c:\windows\system32\dllcache\atidvai.dll

2009-05-08 13:12 . 2001-09-06 02:49 137216 -c--a-w c:\windows\system32\dllcache\atidrae.dll

2009-05-08 13:12 . 2001-09-06 02:49 382592 -c--a-w c:\windows\system32\dllcache\atidrab.dll

2009-05-08 13:12 . 2001-08-17 23:49 46464 -c--a-w c:\windows\system32\dllcache\atibt829.sys

2009-05-08 13:11 . 2001-09-06 02:08 77824 -c--a-w c:\windows\system32\dllcache\ati.sys

2009-05-08 13:11 . 2001-09-06 02:49 96128 -c--a-w c:\windows\system32\dllcache\ati.dll

2009-05-08 13:11 . 2001-08-17 23:12 97354 -c--a-w c:\windows\system32\dllcache\aspndis3.sys

2009-05-08 13:11 . 2001-08-18 00:51 14848 -c--a-w c:\windows\system32\dllcache\asc3550.sys

2009-05-08 13:11 . 2001-08-18 00:52 22400 -c--a-w c:\windows\system32\dllcache\asc3350p.sys

2009-05-08 13:11 . 2001-08-18 00:52 26496 -c--a-w c:\windows\system32\dllcache\asc.sys

2009-05-08 13:11 . 2001-08-18 00:47 6272 -c--a-w c:\windows\system32\dllcache\apmbatt.sys

2009-05-08 13:10 . 2004-08-04 00:31 36224 -c--a-w c:\windows\system32\dllcache\an983.sys

2009-05-08 13:10 . 2001-08-18 00:52 12032 -c--a-w c:\windows\system32\dllcache\amsint.sys

2009-05-08 13:10 . 2001-08-17 23:11 16969 -c--a-w c:\windows\system32\dllcache\amb8002.sys

2009-05-08 13:10 . 2001-08-18 00:51 5248 -c--a-w c:\windows\system32\dllcache\aliide.sys

2009-05-08 13:10 . 2001-08-18 00:49 26624 -c--a-w c:\windows\system32\dllcache\alifir.sys

2009-05-08 13:10 . 2001-08-17 23:11 27678 -c--a-w c:\windows\system32\dllcache\ali5261.sys

2009-05-08 13:10 . 2001-08-18 01:07 56960 -c--a-w c:\windows\system32\dllcache\aic78xx.sys

2009-05-08 13:10 . 2001-08-18 01:07 55168 -c--a-w c:\windows\system32\dllcache\aic78u2.sys

2009-05-08 13:10 . 2001-08-18 00:52 12800 -c--a-w c:\windows\system32\dllcache\aha154x.sys

2009-05-08 13:09 . 2001-08-18 01:07 101888 -c--a-w c:\windows\system32\dllcache\adpu160m.sys

2009-05-08 13:09 . 2001-08-17 23:11 46112 -c--a-w c:\windows\system32\dllcache\adptsf50.sys

2009-05-08 13:09 . 2004-08-04 00:32 10880 -c--a-w c:\windows\system32\dllcache\admjoy.sys

2009-05-08 13:07 . 2008-04-13 18:40 12288 -c--a-w c:\windows\system32\dllcache\4mmdat.sys

2009-05-08 13:07 . 2001-08-17 23:48 148352 -c--a-w c:\windows\system32\dllcache\3dfxvsm.sys

2009-05-08 13:07 . 2001-09-06 02:49 689216 -c--a-w c:\windows\system32\dllcache\3dfxvs.dll

2009-05-08 13:07 . 2001-08-18 00:28 762780 -c--a-w c:\windows\system32\dllcache\3cwmcru.sys

2009-05-08 13:07 . 2001-08-18 01:06 11264 -c--a-w c:\windows\system32\dllcache\1394vdbg.sys

2009-05-08 13:07 . 2008-04-13 18:46 53376 -c--a-w c:\windows\system32\dllcache\1394bus.sys

2009-05-08 13:05 . 2001-09-06 02:49 66048 -c--a-w c:\windows\system32\dllcache\s3legacy.dll

2009-05-08 10:00 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\61664031.sys

2009-05-06 13:11 . 2001-09-06 02:27 6912 -c--a-w c:\windows\system32\dllcache\serscan.sys

2009-05-06 13:11 . 2001-09-06 02:27 6912 ----a-w c:\windows\system32\drivers\serscan.sys

2009-05-06 13:11 . 2001-09-06 02:50 37376 -c--a-w c:\windows\system32\dllcache\kousd.dll

2009-05-06 13:11 . 2001-09-06 02:50 37376 ----a-w c:\windows\system32\kousd.dll

2009-05-06 13:11 . 2001-09-06 02:50 71680 -c--a-w c:\windows\system32\dllcache\fnfilter.dll

2009-05-06 13:11 . 2001-09-06 02:50 71680 ----a-w c:\windows\system32\fnfilter.dll

2009-05-06 09:01 . 2009-05-06 09:01 -------- d-----w c:\arquivos de programas\HD Tune

2009-05-06 07:19 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\82533934.sys

2009-05-05 05:25 . 2009-05-12 11:24 62404640 --sha-w c:\windows\system32\drivers\fidbox.dat

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-11 20:27 . 2009-05-05 05:25 578984 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-05-11 17:05 . 2006-09-03 01:24 -------- d-----w c:\arquivos de programas\HP

2009-05-08 01:51 . 2008-09-09 22:04 -------- d-----w c:\arquivos de programas\McAfee

2009-05-07 21:12 . 2007-03-18 01:36 -------- d-----w c:\arquivos de programas\Google

2009-05-02 12:02 . 2007-01-03 13:19 -------- d-----w c:\arquivos de programas\Windows Media Connect 2

2009-04-25 16:25 . 2008-10-31 19:09 -------- d-----w c:\arquivos de programas\DreaMule

2009-04-25 10:52 . 2006-09-02 13:15 -------- d-----w c:\arquivos de programas\Arquivos comuns\Symantec Shared

2009-04-19 13:04 . 2001-10-28 18:07 39076 ----a-w c:\windows\system32\perfc016.dat

2009-04-19 13:04 . 2001-10-28 18:07 152918 ----a-w c:\windows\system32\perfh016.dat

2009-03-08 07:34 . 2004-08-04 00:45 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 07:34 . 2004-08-04 00:45 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 07:33 . 2004-08-04 00:45 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 07:33 . 2004-08-04 00:45 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 07:32 . 2004-08-04 00:45 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 07:32 . 2004-08-04 00:45 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 07:31 . 2004-08-04 00:45 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 07:31 . 2004-08-04 00:44 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 07:31 . 2004-08-04 00:45 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 07:22 . 2001-10-28 15:07 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 14:20 . 2004-08-04 00:45 286208 ----a-w c:\windows\system32\pdh.dll

2008-03-11 00:22 . 2008-03-11 00:16 4265560 ----a-w c:\arquivos de programas\FLV PlayerRCATSetup.exe

2008-03-10 23:15 . 2008-03-10 23:14 411248 ----a-w c:\arquivos de programas\FLV PlayerRCSetup.exe

2002-04-05 18:29 . 2008-03-15 15:09 1208320 ------w c:\arquivos de programas\SothinkHtmlEditor.exe

2001-04-26 15:00 . 2008-03-15 15:09 4723 ------w c:\arquivos de programas\license.txt

2001-04-26 15:00 . 2008-03-15 15:09 561152 ------w c:\arquivos de programas\SiteManager.exe

2001-04-26 15:00 . 2008-03-15 15:09 176128 ------w c:\arquivos de programas\TagDefine.exe

2001-04-26 15:00 . 2008-03-15 15:09 17034 ------w c:\arquivos de programas\HTMLKeyword.txt

2001-04-26 15:00 . 2008-03-15 15:09 1340187 ------w c:\arquivos de programas\SothinkHTMLEditor.chm

.

------- Sigcheck -------

[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys

[7] 2004-08-03 23:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys

[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys

[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-16 148888]

"AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 540672]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-08-03 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32

"wave1"= serwvdrv.dll

"wave3"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Image Zone.lnk]

backup=c:\windows\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização Rápida do Microsoft Office OneNote 2003.lnk]

backup=c:\windows\pss\Inicialização Rápida do Microsoft Office OneNote 2003.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^VIA RAID TOOL.lnk]

backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^JR Silva.MICRO^Menu Iniciar^Programas^Inicializar^is-U92T7.lnk]

backup=c:\windows\pss\is-U92T7.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JR Silva.MICRO^Menu Iniciar^Programas^Inicializar^Microsoft Office OneNote 2003 Quick Launch.lnk]

backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MICRO1^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/5/2009 18:48 114768]

R1 is-G7D0Sdrv;is-G7D0Sdrv;c:\windows\system32\drivers\82533934.sys [6/5/2009 04:19 148496]

R1 is-U92T7drv;is-U92T7drv;c:\windows\system32\drivers\08750997.sys [5/5/2009 02:24 148496]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [8/5/2009 18:50 108289]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/5/2009 18:48 20560]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [9/9/2008 19:05 210216]

S1 SASDIFSV;SASDIFSV;\??\c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS --> c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys --> c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys [?]

S2 0204301241738319mcinstcleanup;McAfee Application Installer Cleanup (0204301241738319);c:\docume~1\JRSILV~1.MIC\CONFIG~1\Temp\020430~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\JRSILV~1.MIC\CONFIG~1\Temp\020430~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 gupdate1c985ddf42d753a;Google Update Service (gupdate1c985ddf42d753a);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [3/2/2009 06:01 133104]

S3 SASENUM;SASENUM;\??\c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS --> c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-05-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-03 09:00]

2009-05-12 c:\windows\Tasks\User_Feed_Synchronization-{437FF51F-8055-478F-AF75-34D986490EF9}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\JR Silva.MICRO\Dados de aplicativos\Mozilla\Firefox\Profiles\d7y5ujmh.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - component: c:\arquivos de programas\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-12 08:24

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(4568)

c:\arquivos de programas\McAfee\SiteAdvisor\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-05-12 8:26

ComboFix-quarantined-files.txt 2009-05-12 11:26

Pré-execução: 28 pasta(s) 19.846.754.304 bytes disponíveis

Pós execução: 27 pasta(s) 19.918.077.952 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

294

Compartilhar este post


Link para o post
Compartilhar em outros sites

Temporariamente desative antivirus de seu computador!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Clique em accept.
  • Surgirá uma janela, clique em Run.
  • O programa será instalado e depois começará a fazer as atualizações (updates). Aguarde...
  • Quando completar as atualizações (100%), clique no botão 3507611311_825f7c7183_o.jpg
  • Verifique, no painel à direita, se estão marcados as seguintes caixas:
  • Em: Detect malicious programs of the following categories:
    • Viruses, Worms, Trojan Horses, Rootkits (por default já vem selecionada)
    • Spyware, Adware, Dialers, and other potentially dangerous programs

    [*]Em: Scan compound files (doesn't apply to the File scan area):

    • Archives
    • Mail databases
  • Clique em My Computer para começar o scan. Aguarde...
  • Ao fim do scan clique no link View scan report.
  • Clique no botão 3508421676_e090b1e383_o.jpg
  • Na janela que abrir em Files of type escolha a extensão Text file (.txt), escolha um local e dê um nome para o arquivo.
  • Pode fechar a página do Kaspersky.
  • Abra o arquivo em que salvou o relatório, selecione todo o conteúdo (ctr + a), copie (ctrl + c) e cole (ctrl + v) em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia,

Segue log kaspersky: Obrigado!

KASPERSKY ONLINE SCANNER 7.0 REPORT

Wednesday, May 13, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Wednesday, May 13, 2009 07:05:20

Records in database: 2171373

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

Scan statistics:

Files scanned: 112820

Threat name: 0

Infected objects: 0

Suspicious objects: 0

Duration of the scan: 02:44:06

No malware has been detected. The scan area is clean.

The selected area was scanned.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seu problema não tem relação com malwares, veja se o seguinte link pode lhe ajudar:

http://kb.bitdefender.com/KB333-en--How-to-uninstall-BitDefender.html

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×