Ir ao conteúdo
  • Cadastre-se

pericles

Membros Plenos
  • Total de itens

    22
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Informações gerais

  • Cidade e Estado
    Vacaria
  1. Fiz todos os últimos procedimentos. Não percebi mais nenhum problema em meu PC, me parece que realmente está limpo. Agradeço sua disponibilidade e tempo em me ajudar. À vontade para encerrar o tópico. Mais uma vez, muito obrigado.
  2. Segue log do RogueKiller solicitado: RogueKiller V12.13.1.0 (x64) [Sep 17 2018] (Free) por Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Site : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows 10 (10.0.17134) 64 bits version Iniciou : Modo normal Usuário : Pericles [Administrador] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Modo : Deletar -- Data : 09/20/2018 00:11:33 (Duration : 00:22:55) ¤¤¤ Processos : 0 ¤¤¤ ¤¤¤ Registro : 5 ¤¤¤ [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-523730700-2053578577-2077948901-1002\Software\Win -> Deletado [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-523730700-2053578577-2077948901-1002\Software\Win -> Deletado [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMSEmulator ("C:\ProgramData\KMSAutoS\bin\KMSSS.exe" -Port 1688 -PWin RandomKMSPID -PO14 RandomKMSPID -PO15 RandomKMSPID -PO16 RandomKMSPID -AI 43200 -RI 43200 -Log -IP) -> Deletado [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][]) -> Substituído () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{baec092a-87c2-4809-a216-4819764a8fd0} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][]) -> Substituído () ¤¤¤ Tarefas : 2 ¤¤¤ [Suspicious.Path] \Rerun Warsaw's CoreFixer -- C:\WINDOWS\TEMP\is-1FCOP.tmp\corefixer.exe (/norerun) -> Deletado [Hj.Shortcut] \cFos\Registration Tasks\Open Browser -- c:\program files (x86)\google\chrome\application\chrome.exe ("http://www.cfos.de/pt-br/traffic-shaping/calibration.htm?reg-10.10.2238-asrock&tsa=") -> Deletado ¤¤¤ Arquivos : 5 ¤¤¤ [PUP.uTorrentAds][Arquivo] C:\Users\Pericles\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Deletado [PUP.uTorrentAds][Arquivo] C:\Users\Pericles\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Deletado [PUP.uTorrentAds][Arquivo] C:\Users\Pericles\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Deletado [PUP.uTorrentAds][Arquivo] C:\Users\Pericles\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe -> Deletado [PUP.uTorrentAds][Arquivo] C:\Users\Pericles\AppData\Roaming\uTorrent\updates\3.5.4_44520\utorrentie.exe -> Deletado ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤ ¤¤¤ Navegadores : 0 ¤¤¤ ¤¤¤ Verificação da MBR : ¤¤¤ +++++ PhysicalDrive0: Corsair Neutron GTX SSD +++++ --- User --- [MBR] 6b83f81e0abb87ad01e16a099d645629 [BSP] e66892309d204b39f13fb632cedb7b7d : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 113493 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 233461760 | Size: 476 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: ST1000DM005 HD103SJ +++++ --- User --- [MBR] 691e29f1620ff6b20e96f97f4e1f1921 [BSP] b0efd94aab2656942dc564ae7cd627f5 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: ST3000DM001-1ER166 +++++ --- User --- [MBR] 0086f36f0b7bc8b257f89fc226376c3d [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code Partition table: 0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB 1 - Basic data partition | Offset (sectors): 264192 | Size: 2861459 MB User = LL1 ... OK User = LL2 ... OK
  3. Segue relatório solicitado do RogueKiller. Não executei nenhuma ação com os itens detectados, pois não foi solicitado em seu post anterior. RogueKiller V12.13.1.0 (x64) [Sep 17 2018] (Free) por Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Site : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows 10 (10.0.17134) 64 bits version Iniciou : Modo normal Usuário : Pericles [Administrador] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Modo : Escanear -- Data : 09/18/2018 00:22:29 (Duration : 00:23:00) ¤¤¤ Processos : 0 ¤¤¤ ¤¤¤ Registro : 5 ¤¤¤ [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-523730700-2053578577-2077948901-1002\Software\Win -> Encontrado [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-523730700-2053578577-2077948901-1002\Software\Win -> Encontrado [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMSEmulator ("C:\ProgramData\KMSAutoS\bin\KMSSS.exe" -Port 1688 -PWin RandomKMSPID -PO14 RandomKMSPID -PO15 RandomKMSPID -PO16 RandomKMSPID -AI 43200 -RI 43200 -Log -IP) -> Encontrado [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][]) -> Encontrado [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{baec092a-87c2-4809-a216-4819764a8fd0} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][]) -> Encontrado ¤¤¤ Tarefas : 2 ¤¤¤ [Suspicious.Path] \Rerun Warsaw's CoreFixer -- C:\WINDOWS\TEMP\is-1FCOP.tmp\corefixer.exe (/norerun) -> Encontrado [Hj.Shortcut] \cFos\Registration Tasks\Open Browser -- c:\program files (x86)\google\chrome\application\chrome.exe ("http://www.cfos.de/pt-br/traffic-shaping/calibration.htm?reg-10.10.2238-asrock&tsa=") -> Encontrado ¤¤¤ Arquivos : 5 ¤¤¤ [PUP.uTorrentAds][Arquivo] C:\Users\Pericles\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\Pericles\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\Pericles\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\Pericles\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\Pericles\AppData\Roaming\uTorrent\updates\3.5.4_44520\utorrentie.exe -> Encontrado ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤ ¤¤¤ Navegadores : 0 ¤¤¤ ¤¤¤ Verificação da MBR : ¤¤¤ +++++ PhysicalDrive0: Corsair Neutron GTX SSD +++++ --- User --- [MBR] 6b83f81e0abb87ad01e16a099d645629 [BSP] e66892309d204b39f13fb632cedb7b7d : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 113493 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 233461760 | Size: 476 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: ST1000DM005 HD103SJ +++++ --- User --- [MBR] 691e29f1620ff6b20e96f97f4e1f1921 [BSP] b0efd94aab2656942dc564ae7cd627f5 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: ST3000DM001-1ER166 +++++ --- User --- [MBR] 0086f36f0b7bc8b257f89fc226376c3d [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code Partition table: 0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB 1 - Basic data partition | Offset (sectors): 264192 | Size: 2861459 MB User = LL1 ... OK User = LL2 ... OK
  4. Obrigado pela atenção. Seguem logs solicitados abaixo: MBAM Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 10/09/2018 Hora da análise: 21:18 Arquivo de registro: 374c6182-b558-11e8-82e3-bc5ff4cb8143.json -Informação do software- Versão: 3.5.1.2522 Versão de componentes: 1.0.441 Versão do pacote de definições: 1.0.6757 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 10 (Build 17134.228) CPU: x64 Sistema de arquivos: NTFS Usuário: PERICLES\Pericles -Resumo da análise- Tipo de análise: Análise Customizada Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 341776 Ameaças detectadas: 0 (Nenhum item malicioso detectado) Ameaças em quarentena: 0 (Nenhum item malicioso detectado) Tempo decorrido: 55 min, 8 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 0 (Nenhum item malicioso detectado) Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- ADWCLEANER # ------------------------------- # Malwarebytes AdwCleaner 7.2.3.0 # ------------------------------- # Build: 08-30-2018 # Database: 2018-09-10.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-10-2018 # Duration: 00:00:00 # OS: Windows 10 Pro # Cleaned: 2 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\win ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted Ask Brasil ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1271 octets] - [10/09/2018 22:20:44] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- ZHPCLEANER ~ ZHPCleaner v2018.9.3.169 by Nicolas Coolman (2018/09/03) ~ Run by Pericles (Administrator) (10/09/2018 22:36:46) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\Pericles\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Pericles\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 17134) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) REPLACED Google Chrome Preferences: "https://dpmhrplvfkwad.cloudfront.net/" =>.SUP.CloudfrontNet ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (4) MOVED file: C:\Users\Pericles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk [Bad : C:\Users\Pericles\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\ProgramData\KMSAutoS\bin\KMSSS.exe [MSFree Inc. - KMS emulator by Ratiborus, thanks to Hotbir] =>HackTool.WinActivator MOVED folder: C:\ProgramData\KMSAutoS =>HackTool.WinActivator MOVED folder: C:\Users\Pericles\AppData\Local\MSfree Inc =>HackTool.WinActivator ---\\ Registry ( Key, Value, Data) (1) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P) ---\\ Summary of the elements found (3) https://nicolascoolman.eu/2017/02/02/superfluous-cloudfrontnet/ =>.SUP.CloudfrontNet https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator ---\\ Other deletions. (5) ~ Registry Keys Tracing deleted (5) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 941 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 0/7 ~ Space saving (bytes) : 0 ~ End of clean in 00h00mn09s ---\\ Reports (2) ZHPCleaner--10092018-22_35_38.txt ZHPCleaner-[R]-10092018-22_36_55.txt
  5. Boa noite. Gostaria a gentileza de que analisem o log em anexo, pois suspeito de infecção por malware em minha máquina. A todo instante ficam aparecendo avisos e propagandas do site www.onlinevideoconverter.com automaticamente. Agradeço a atenção desde já. Obrigado. ZA-Scan.txt
  6. Apesar de não receber nenhuma ideia/sugestão, acabei descobrindo a solução. O problema era a bateria da mobo mesmo. Troquei ela e o PC voltou a funcionar normalmente, ligando certinho e mantendo as configurações de horário e data. Fica aí uma solução para quem tiver problema semelhante. Moderadores, podem fechar este tópico que o problema foi resolvido. Obrigado.
  7. Pessoal, o meu problema é o seguinte: para ligar um PC, o procedimento normal é o de ligar o cabo do estabilizador na tomada, ligar o estabilizador e por fim, ligar o PC no botão. Porém, no meu caso, no ato de ligar o estabilizador, o PC já liga junto sozinho (sem apertar no botão do PC). Ele ligado, no momento de bootar, ele vai para tela da bios, onde pede para teclar F1 para ajustar valores na bios, ou F2 para valores default. Escolhendo qualquer uma das opções (F1 ou F2) ele boota normalmente, carrega o windows e passa a funcionar normalmente. O único detalhe é que quando acontece isso, as configurações de horário e data são perdidas, aparecendo como 01/01/2002 e 0:00 hrs. Qual seria o motivo de estar ocorrendo isto? Poderia ser a bateria da placa mãe que está fraca, tendo que trocá-la? Pode ter algum componente em curto, para ele estar ligando sozinho? Peço a colaboração dos colegas de fórum se já passaram por situação semelhante ou se tem alguma ideia de como solucionar este problema. Desculpem a extensão do post e aguardo comentários/sugestões. Obrigado. PS.: a configuração do PC é a seguinte: ASUS P4P800 HD 80 Samsung VGA 6800 Xtreme 256/256 AGP LG 17" Plano CRT Seventeam 450 w Modulo Estabilizador Microsol
  8. Eu acho que acabei resolvendo este problema meio sem querer. Quando me pediste para instalar o Silent, o link que me indicaste não queria abrir de jeito nenhum, acusando o mesmo problema de não abrir páginas, dando a mensagem que o endereço estava incorreto. Então, resetei meu modem 502G, desligando ele inclusive da tomada de força, aguardei alguns instantes, e voltei a ligá-lo. Demorou uns 5 minutos para ele se conectar, mas depois disso, está abrindo todas as páginas normalmente. Não sei se foi coincidência, mas acredito que o problema estivesse no modem. Ele é novo, mas eu li alguns relatos que este modelo de modem é bem manhoso. Quanto a atualização ou instalação de software, não foi o caso. De qualquer forma, agradeço muito a sua ajuda, pois serviu para saber que meu PC está limpo, livre de infecções. Mais uma vez, agradeço a sua atenção e disponibilidade em tentar resolver este problema. Se não tiveres mas nenhum comentário/sugestão, pode ficar a vontade para fechar o tópico. Um grande abraço. Obs.: quantos aos programas e logs que me pediste para instalar/enviar, posso deletá-los sem problemas, ok?
  9. Log do StartupList log: StartupList report, 17/9/2006, 23:38:32 StartupList version: 1.52.2 Started from : C:\HIJACK\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\AGRSMMSG.exe C:\Arquivos de programas\DAP\DAP.EXE C:\Arquivos de programas\DAEMON Tools\daemon.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\HIJACK\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Perin\Menu Iniciar\Programas\Inicializar] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run avast! = C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe SoundMAXPnP = C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe SoundMAX = "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray AGRSMMSG = AGRSMMSG.exe QuickTime Task = "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime DownloadAccelerator = "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP DAEMON Tools = "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033 NeroFilterCheck = C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe TkBellExe = "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RunDLL32.exe NvMCTray.dll,NvTaskbarInit -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SpybotSD TeaTimer = C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" Skype = "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Editor do Registro' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} -------------------------------------------------- Enumerating Task Scheduler jobs: *No jobs found* -------------------------------------------------- Enumerating Download Program Files: [symantec AntiVirus scanner] InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab [symantec RuFSI Utility Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system) aeaudio: system32\drivers\aeaudio.sys (manual start) Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start) AFD: \SystemRoot\System32\drivers\afd.sys (system) Agere Systems Soft Modem: system32\DRIVERS\AGRSM.sys (manual start) Filtro de barramento Intel AGP: system32\DRIVERS\agp440.sys (system) Alerta: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Serviço 'Gateway de camada de aplicativo': %SystemRoot%\System32\alg.exe (manual start) Gerenciamento de aplicativo: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) avast! iAVS4 Control Service: "C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe" (autostart) Driver de mídia assíncrona RAS: system32\DRIVERS\asyncmac.sys (manual start) Controlador de disco rígido padrão IDE/ESDI: system32\DRIVERS\atapi.sys (system) Protocolo de cliente ATM ARP: system32\DRIVERS\atmarpc.sys (manual start) Áudio do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Driver de fragmento de código de áudio: system32\DRIVERS\audstub.sys (manual start) avast! Antivirus: "C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe" (autostart) avast! Mail Scanner: "C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start) avast! Web Scanner: "C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (manual start) Serviço de transferência inteligente de plano de fundo: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Localizador de computadores: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Driver de CD-ROM: system32\DRIVERS\cdrom.sys (system) Serviço de indexação: %SystemRoot%\system32\cisvc.exe (manual start) Área de armazenamento: %SystemRoot%\system32\clipsrv.exe (disabled) Aplicativo de sistema COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) CO_Mon: \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys (manual start) Serviços de criptografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Inicializador de Processo de Servidor DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Cliente DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Driver de disco: system32\DRIVERS\disk.sys (system) Serviço administrativo do gerenciador de disco lógico: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Logical Disk Manager Driver: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Gerenciador de discos lógicos: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start) Cliente DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start) dtscsi: \SystemRoot\System32\Drivers\dtscsi.sys (manual start) 3Com 3C2000x EtherLink XL Adapter: system32\DRIVERS\EL2K_XP.sys (manual start) Erro ao informar o serviço: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Log de eventos: %SystemRoot%\system32\services.exe (autostart) Sistema de eventos COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) Compatibilidade com 'Troca rápida de usuário': %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Driver de controlador de disquete: system32\DRIVERS\fdc.sys (manual start) Driver de disquete: system32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\DRIVERS\fltMgr.sys (system) Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system) Classificador genérico de pacotes: system32\DRIVERS\msgpc.sys (manual start) Ajuda e suporte: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Acesso a dispositivo de interface humana: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Driver de classe HID da Microsoft: system32\DRIVERS\hidusb.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system) Driver de filtro de criação de CDs: system32\DRIVERS\imapi.sys (system) IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start) IntelIde: system32\DRIVERS\intelide.sys (system) Driver de Processador Intel: system32\DRIVERS\intelppm.sys (system) Driver de IPv6 do Firewall do Windows: system32\DRIVERS\Ip6Fw.sys (manual start) Driver de filtro de tráfego IP: system32\DRIVERS\ipfltdrv.sys (manual start) Driver de encapsulamento IP em IP: system32\DRIVERS\ipinip.sys (manual start) Conversor de endereços de rede IP: system32\DRIVERS\ipnat.sys (manual start) Driver IPSEC: system32\DRIVERS\ipsec.sys (system) Serviço enumerador IR: system32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system) Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system) Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start) Servidor: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Estação de trabalho: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Auxiliar NetBIOS TCP/IP: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Machine Debug Manager: "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart) Mensageiro: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) MidiSyn: system32\drivers\MidiSyn.sys (manual start) Compartilhamento remoto da área de trabalho do NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start) Mouse Class Driver: system32\DRIVERS\mouclass.sys (system) Redirecionador do cliente WebDav: system32\DRIVERS\mrxdav.sys (manual start) MRXSMB: system32\DRIVERS\mrxsmb.sys (system) Coordenador de transações distribuídas: C:\WINDOWS\system32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Proxy de serviço de fluxo contínuo Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy do relógio de fluxo contínuo Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gerenciador de qualidade de fluxo contínuo Microsoft: system32\drivers\MSPQM.sys (manual start) Driver de BIOS de Gerenciamento de Sistema Microsoft: system32\DRIVERS\mssmbios.sys (manual start) NBService: C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (manual start) Driver TAPI NDIS de acesso remoto: system32\DRIVERS\ndistapi.sys (manual start) Protocolo de modo de usuário E/S em dispositivos NDIS: system32\DRIVERS\ndisuio.sys (manual start) Driver de rede remota NDIS de acesso remoto: system32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: system32\DRIVERS\netbios.sys (system) NetBios em Tcpip: system32\DRIVERS\netbt.sys (system) DDE de rede: %SystemRoot%\system32\netdde.exe (disabled) DSDM de DDE de rede: %SystemRoot%\system32\netdde.exe (disabled) Logon de rede: %SystemRoot%\system32\lsass.exe (manual start) Conexões de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Reconhecimento de local da rede (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Fornecedor de suporte de segurança NT LM: %SystemRoot%\system32\lsass.exe (manual start) Armazenamento removível: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: system32\DRIVERS\nv4_mini.sys (manual start) NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart) Driver de filtro de tráfego IPX: system32\DRIVERS\nwlnkflt.sys (manual start) Driver encaminhador de tráfego IPX: system32\DRIVERS\nwlnkfwd.sys (manual start) Office Source Engine: "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE" (manual start) Parallel port driver: system32\DRIVERS\parport.sys (manual start) PCI Bus Driver: system32\DRIVERS\pci.sys (system) PciCon: \??\E:\PciCon.sys (manual start) Plug and Play: %SystemRoot%\system32\services.exe (autostart) Serviços IPSEC: %SystemRoot%\system32\lsass.exe (autostart) Miniporta de rede remota (PPTP): system32\DRIVERS\raspptp.sys (manual start) Armazenamento protegido: %SystemRoot%\system32\lsass.exe (autostart) Agendador de pacotes QoS: system32\DRIVERS\psched.sys (manual start) PsSdk30: \??\C:\WINDOWS\system32\Drivers\PsSdk30.drv (manual start) Driver de link paralelo direto: system32\DRIVERS\ptilink.sys (manual start) Driver de conexão automática de acesso remoto: system32\DRIVERS\rasacd.sys (system) Gerenciador de conexão de acesso remoto automático: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Miniporta de rede remota (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) Gerenciador de conexão de acesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Driver PPPOE de acesso remoto: system32\DRIVERS\raspppoe.sys (manual start) Paralelo direto: system32\DRIVERS\raspti.sys (manual start) Rdbss: system32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Driver redirecionador de dispositivos doTerminal Server: system32\DRIVERS\rdpdr.sys (manual start) Gerenciador de sessão de ajuda de área de trabalho remota: C:\WINDOWS\system32\sessmgr.exe (manual start) Driver de filtro de reprodução de áudio digital de CD: system32\DRIVERS\redbook.sys (system) Roteamento e acesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Registro remoto: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Alocador Remote Procedure Call (RPC): %SystemRoot%\system32\locator.exe (manual start) Chamada de procedimento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start) Gerenciador de contas de segurança: %SystemRoot%\system32\lsass.exe (autostart) Cartão inteligente: %SystemRoot%\System32\SCardSvr.exe (manual start) Agendador de tarefas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: system32\DRIVERS\secdrv.sys (autostart) Logon secundário: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notificação de eventos de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start) Serial port driver: system32\DRIVERS\serial.sys (system) Serial Mouse Driver: system32\DRIVERS\sermouse.sys (manual start) Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Detecção do hardware do shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) smwdm: system32\drivers\smwdm.sys (manual start) SoundMAX Agent Service: C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe (autostart) Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start) Spooler de impressão: %SystemRoot%\system32\spoolsv.exe (autostart) sptd: System32\Drivers\sptd.sys (system) Driver de filtro de restauração do sistema: system32\DRIVERS\sr.sys (system) Serviço de restauração do sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Srv: system32\DRIVERS\srv.sys (manual start) Serviço de descoberta SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Assistente de aquisição de imagens do Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start) Software Bus Driver: system32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{92A69088-0DD8-4797-A9E0-9FDB6EDD3800} (manual start) Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start) Logs e alertas de desempenho: %SystemRoot%\system32\smlogsvc.exe (manual start) Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Driver de protocolo TCP/IP: system32\DRIVERS\tcpip.sys (system) Driver de dispositivo de terminal: system32\DRIVERS\termdd.sys (system) Serviços de terminal: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Temas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled) Cliente de rastreamento de link distribuído: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Microcode Update Driver: system32\DRIVERS\update.sys (manual start) Host de dispositivo Plug and Play universal: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Sistema de alimentação ininterrupta: %SystemRoot%\System32\ups.exe (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start) USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start) USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start) Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start) Serviço Messenger Sharing USN Journal Reader: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Cópia de volume em memória: %SystemRoot%\System32\vssvc.exe (manual start) Horário do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Driver ARP IP de acesso remoto: system32\DRIVERS\wanarp.sys (manual start) Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start) Cliente da Web: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Testador de instrumentação de gerenciam. do Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Serviço de Número de Série de Mídia Portátil: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Extensões de driver de instrum. gerenc. do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Adaptador de desempenho WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start) Central de Segurança: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Atualizações Automáticas: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuração zero sem fio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Serviço de Configuração de Rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 32.778 bytes Report generated in 0,140 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Log do Silent: "Silent Runners.vbs", revision 48, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SpybotSD TeaTimer" = "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"] "Skype" = ""C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "avast!" = "C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [null data] "SoundMAXPnP" = "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" ["Analog Devices, Inc."] "SoundMAX" = ""C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray" ["Analog Devices, Inc."] "AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"] "QuickTime Task" = ""C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "DownloadAccelerator" = ""C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP" ["Speedbit Ltd."] "DAEMON Tools" = ""C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] "NeroFilterCheck" = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "TkBellExe" = ""C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\ARQUIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo" -> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook" \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll" [MS] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento" \InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.0.0812.00.dll" [MS] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] DAP_Menu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}" -> {HKLM...CLSID} = "DAPMenuShellExt Class" \InProcServer32\(Default) = "C:\ARQUIV~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\Firefox Wallpaper.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Pesquisar" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Arquivos de programas\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp" [strings]: SAFESITE_VALUE="search.msn.com.br" Missing lines (compared with English-language version): [strings]: 2 lines Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ""C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] Machine Debug Manager, MDM, ""C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 32 seconds, including 10 seconds for message boxes)
  10. Fiz o scan online do Panda. Segue abaixo o log: Incident Status Location Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Perin\Cookies\perin@ad.yieldmanager[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Perin\Cookies\perin@google.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Perin\Cookies\perin@ig.com[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Perin\Cookies\perin@statcounter[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Perin\Cookies\perin@tribalfusion[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Perin\Dados de aplicativos\Mozilla\Firefox\Profiles\6sqmckou.default\cookies.txt[.google.com.br/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Perin\Dados de aplicativos\Mozilla\Firefox\Profiles\6sqmckou.default\cookies.txt[.ig.com.br/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Perin\Dados de aplicativos\Mozilla\Firefox\Profiles\6sqmckou.default\cookies.txt[.terra.com.br/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Perin\Dados de aplicativos\Mozilla\Firefox\Profiles\6sqmckou.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Perin\Dados de aplicativos\Mozilla\Firefox\Profiles\6sqmckou.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Perin\Dados de aplicativos\Mozilla\Firefox\Profiles\6sqmckou.default\cookies.txt[.2o7.net/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Perin\Dados de aplicativos\Mozilla\Firefox\Profiles\6sqmckou.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Perin\Dados de aplicativos\Mozilla\Firefox\Profiles\6sqmckou.default\cookies.txt[.uol.com.br/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Perin\Dados de aplicativos\Mozilla\Firefox\Profiles\6sqmckou.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Perin\Dados de aplicativos\Mozilla\Firefox\Profiles\6sqmckou.default\cookies.txt[adserver.filefront.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Perin\Dados de aplicativos\Mozilla\Firefox\Profiles\6sqmckou.default\cookies.txt[de.uol.com.br/] Como notei que os spywares detectados eram todos cookies, limpei os cookies dos navegadores (Firefox e IE) e refiz o scan. Desta vez, não apresentou nenhuma infecção, portanto, não gerou nenhum log para salvar. O por que será que ele considerou estes cookies como spywares?
  11. Antes de mais nada, gostaria de agradecer sua ajuda, Mr. Coruj@. Uma fato que me esqueci de mencionar é que eu utilizo o spybot a muito tempo, e nunca havia ocorrido este problema. Começou a ocorrer de uns tempos para cá, e não é todos os dias. Agora, por exemplo, no momento em que estou lhe respondendo, está abrindo normalmente os sites que antes não abriam, sem eu desabilitar o spybot. São sites com conteudo confiável, tal como o site da Nvidia, site do SC Internacional, site do Panda online, entre outros. De qualquer forma, queria saber se meu log está limpo mesmo assim. Se tiveres alguma outra sugestão, fico grato. Obrigado.
  12. Estou com dificuldades para abrir certas paginas da net. Paginas que não consigo abrir em meu Pc, no do meu vizinho abrem normalmente. Segue o log do Hijackthis para análise. Agradeço a ajuda. Logfile of HijackThis v1.99.1 Scan saved at 23:20:36, on 16/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\AGRSMMSG.exe C:\Arquivos de programas\DAP\DAP.EXE C:\Arquivos de programas\DAEMON Tools\daemon.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\HIJACK\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{44024827-54A6-425B-B0B1-48F4481B44E3}: NameServer = 200.221.11.100,200.221.11.101 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
  13. Ok. Vou fazer isto. Acredito que está tudo ok . Mais uma vez, muito obrigado pela presteza e paciência que dispensou para com este meu problema :palmas: . Estou alertando a moderação para dizer que meu problema está resolvido. Obrigado.
  14. Reinstalei o Norton e o problema do Windows Installer foi resolvido. Devia ser no Norton o problema mesmo. Então posso deletar todos os backups e quarentena do Hijackthis e Ewido, inclusive os do ibest, não é?
  15. O Norton, até a infecção , estava carregando e funcionando normalmente. Esta mensagem de instalação começou a surgir logo após a contaminação. Que eu me lembre, não fiz nada de anormal para que ele esteja assim. Pelo sim, pelo não, vou desinstalar e reinstalar o Norton. Quanto aos backups do Hijackthis e quarentena do ewido, restaurando os do Ibest, posso deletar o restante? Eu lembro que antes, de vez em quando abria uma popup do ibest com propaganda do site, mesmo tendo bloqueador de popups. Isto não vai retornar, se eu retaurar todos as entradas do Ibest?

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×