|
| |||||||
 |
 |
| | Thread Tools |
|
#1
16 out 2008, 09:51
| |||
| |||
| Seja qual eu não posso me livrar de TROJAN.VUNDO.H Tenho tentado muitas vezes com o Malwarebytes para eliminar o vírus VUNDO.H. Ela pede para reiniciar e eu corro Malwarebytes novamente só para encontrá-lo ainda está no sistema. Tenho também desligado antes de iniciar estes sistemas restaurar. Obrigado por sua ajuda! |
|
#2
16 out 2008, 11:27
| |||
| |||
| Seja qual eu não posso me livrar de TROJAN.VUNDO.H Abrir HijackThis e escolha Faça um sistema de verificação só. Coloque uma marca de verificação ao lado dos seguintes entradas: (se houver)
Sair HijackThis. ---------- Baixar OTMoveIt2 por OldTimer e guardá-la para o seu Desktop. Nota: Se você estiver executando em Vista, clique com o botão direito sobre OTMoveIt2.exe e escolha Executar como administrador. 1. Dê um clique duplo OTMoveIt2.exe para executá-lo. 2. Copie as linhas no codebox abaixo. Código: [matar explorer] C: \ WINDOWS \ SYSTEM32 \ digestp.dll EmptyTemp [start explorer] 4. Clique no vermelho Moveit! botão. 5. Copie tudo na janela de resultados (sob a barra verde) e colá-lo na sua próxima resposta. 6. Fechar OTMoveIt2 Nota: Se um arquivo ou pasta não podem ser transferidas imediatamente você poderá ser solicitado a reiniciar o computador, a fim de finalizar a jogada processo. Se você for solicitado para reiniciar, escolha Sim. Se não, reinicie anyway.
__________________  |
|
#3
16 out 2008, 12:39
| |||
| |||
| Seja qual eu não posso me livrar de TROJAN.VUNDO.H Bem Corri tudo o que você postou. O Hijack correu bem e os 2 arquivos são apagados. O programa OTMOVEIT2 - Copiei o 4 linhas [matar explorer] C: \ WINDOWS \ SYSTEM32 \ digestp.dll EmptyTemp [start explorer sob a barra amarela e selecionados MOVEIT. No âmbito da "caixa verde" disse explorar matou os programas com êxito no entanto eu tenho uma caixa de diálogo de erro. Said OTMOVEIT2 OTMOVEIT2.EXE - Bad imagem A aplicação ou DLL C: \ Windows \ rakxhfy.dll não é uma imagem válida do Windows. Verifique esta contra sua installtion disco. Eu tive que reiniciar e OTMOVEIT apareceu novamente e eu vim com o mesmo erro do diálogo acima. Como posso me livrar deste OTMOVEIT2 quando se reinicia. Existe alguma coisa que precisa ser feito? |
|
#4
16 out 2008, 12:45
| |||
| |||
| Seja qual eu não posso me livrar de TROJAN.VUNDO.H Sim, há mais a fazer. Não se preocupe com a mensagem de erro ... Baixar aleatório do sistema de informação ferramenta (RSIT) por acaso / aleatório e de guardá-lo para o seu desktop.
__________________ |
|
#5
16 out 2008, 13:26
| |||
| |||
| Seja qual eu não posso me livrar de TROJAN.VUNDO.H log.txt: Seu arquivo de 28,7 KB bytes excede o limite do fórum de 19,5 KB para este tipo de arquivo. Eu tive que winzip o arquivo de log para obtê-lo para você fazer para cdonstraints de COMPUTADOR SUMOS penhora de arquivos. |
|
#6
16 out 2008, 13:34
| |||
| |||
| Seja qual eu não posso me livrar de TROJAN.VUNDO.H Arquivo Logfile aleatório do sistema de informação ferramenta 1,04 (escrito por acaso / aleatório) Executar pelo Proprietário em 2008/10/16 15:56:08 Microsoft Windows XP Home Edition Service Pack 3 Sistema de unidade C: tem 136 GB (92%), isenta de 149 GB Total RAM: 382 MB (30% livre) Logfile da Trend Micro HijackThis v2.0.2 Scan guardado em 3:56:33, em 10/16/2008 Plataforma: Windows XP SP3 (WinNT 5/01/2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Executando processos: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ Explorer.EXE C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe C: \ Program Files \ Common Files \ New Boundary \ PrismXL \ PRISMXL.SYS C: \ Program Files \ QuickTime \ qttask.exe C: \ Arquivos de Programas \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe C: \ Program Files \ Messenger \ msmsgs.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe C: \ Documents and Settings \ Proprietário \ Configurações locais \ Temporary Internet Files \ Content.IE5 \ 6QBVSP54 \ RSIT [1]. Exe C: \ Program Files \ Common Files \ Symantec Shared \ Coh \ coh32.exe C: \ Program Files \ Trend Micro \ HijackThis \ Owner.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.emachines.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: RealPlayer Download e Record Plugin para o Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll O2 - BHO: NCO 2,0 IE BHO - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - (6D53EC84-6AAE-4787-AEEE-F4628F01010C) - C: \ PROGRA ~ 1 \ common ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - c: \ windows \ system32 \ digestp.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll O3 - Toolbar: Show Norton Toolbar - (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ CoIEPlg.dll O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Arquivos de Programas \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe" O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" O4 - HKLM \ .. \ Run: [osCheck] "C: \ Program Files \ Norton 360 \ osCheck.exe" O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - Global Startup: Device Detector 3.lnk = C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe O4 - Global Startup: Google Updater.lnk = C: \ Arquivos de Programas \ Google \ Google Updater \ GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C: \ Arquivos de Programas \ Microsoft Office \ Office \ OSA9.exe O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000 O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: (2D8ED06D-3C30-438B-96AE-4D110FDC1FB8) (2,0 ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1211623928390 O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1211630845500 O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O20 - Winlogon Notify: paubftzz - C: \ WINDOWS \ SYSTEM32 \ digestp.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C: \ Program Files \ Common Files \ New Boundary \ PrismXL \ PRISMXL.SYS O23 - Service: Symantec Core LC - Unknown owner - C: \ PROGRA ~ 1 \ common ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe -- Fim do processo - 7993 bytes ====== Pasta Tarefas agendadas ====== C: \ WINDOWS \ Tasks \ Automático Completo Backup.job C: \ WINDOWS \ Tasks \ Daily Mudado Files.job C: \ WINDOWS \ Tasks \ PEACTREE SEMANAL ANTERIOR UP.job ====== Registry dump ====== [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3)] Adobe PDF Reader Link Helper - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (3049C3E9-B461-4BC5-8870-4C09146192CA)] Download RealPlayer e Record Plugin para o Internet Explorer - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll [2008-04-19 308856] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408)] C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ coIEPlg.dll [2008-06-30 349552] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (6D53EC84-6AAE-4787-AEEE-F4628F01010C)] Symantec Intrusion Prevention - C: \ PROGRA ~ 1 \ common ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll [2008-10-16 116088] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AA58ED58-01DD-4d91-8333-CF10577473F7)] Google Toolbar Helper - c: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll [2007/06/04 2554944] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AF69DE43-7D58-4638-B6FA-CE66B5AD205D)] Google Toolbar Notifier BHO - C: \ Arquivos de Programas \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll [2008-09-26 737776] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] c: \ windows \ system32 \ digestp.dll [2004/08/04 105984] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar] (EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Toolbar - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll [2005-08-04 343112] (2318C2B1-4965-11D4-9B18-009027A5CD4F) - & Google - C: \ Program Files \ Google \ GoogleToolbar1.dll [2007/06/04 2554944] ID (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - Show Norton Toolbar - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ CoIEPlg.dll [2008-06-30 349552] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Run] "QuickTime Task" = C: \ Program Files \ QuickTime \ qttask.exe [2005-01-28 98304] "Adobe Photo Downloader" = C: \ Arquivos de Programas \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe [2005-06-06 57344] "Adobe Reader Speed Launcher" = C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe [2008-01-11 39792] "TkBellExe" = C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe [2008-04-19 185896] "ccApp" = C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe [2008-02-18 51048] "osCheck" = C: \ Program Files \ Norton 360 \ osCheck.exe [2008-02-26 988512] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntVersion \ Run] "MSMSGS" = C: \ Program Files \ Messenger \ msmsgs.exe [2008/04/13 1695232] "ctfmon.exe" = C: \ WINDOWS \ system32 \ ctfmon.exe [2008-04-13 15360] "SUPERAntiSpyware" = C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe [2008-05-28 1506544] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe [2004/11/12 344064] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ccApp] C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe [2008-02-18 51048] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CHotkey] C: \ WINDOWS \ zHotkey.exe [2004-05-17 543232] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ InCD] C: \ Program Files \ Ahead \ InCD \ InCD.exe [2003/09/01 1200178] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ MSMSGS] C: \ Program Files \ Messenger \ msmsgs.exe [2008/04/13 1695232] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NeroCheck] C: \ WINDOWS \ system32 \ \ NeroCheck.exe [2001/07/09 155648] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe [2001/07/09 155648] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE [2002-09-13 212992] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RemoteControl] C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe [2003-10-31 32768] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ShowWnd] C: \ WINDOWS \ ShowWnd.exe [2003-09-19 36864] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ engenheiro de gravação de som] C: \ WINDOWS \ SOUNDMAN.EXE [2004-11-15 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SunKistEM] C: \ Program Files \ Digital Media Reader \ shwiconem.exe [2004-11-15 135168] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ UpdateManager] C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe [2003-08-19 110592] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Iniciar ^ Programas ^ Arranque ^ BigFix.lnk] C: \ PROGRA ~ 1 \ BigFix \ BigFix.exe [2002-07-31 1742384] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Iniciar ^ Programas ^ Inicializar ^ Microsoft Office.lnk] C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office \ OSA9.exe [2000-01-21 65588] C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Arranque Dispositivo Detector 3.lnk - C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe Google Updater.lnk - C: \ Arquivos de Programas \ Google \ Google Updater \ GoogleUpdater.exe Microsoft Office.lnk - C: \ Arquivos de Programas \ Microsoft Office \ Office \ OSA9.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [2007/04/19 294912] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ AtiExtEvent] C: \ WINDOWS \ system32 \ Ati2evxx.dll [2006-02-21 61440] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz] C: \ WINDOWS \ system32 \ digestp.dll [2004/08/04 105984] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ ShellServiceObjectDelayLoad] UPnPMonitor - (e57ce738-33e8-4c51-8354-bb4de9d215d1) - C: \ WINDOWS \ system32 \ upnpui.dll [2008-04-13 239616] WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Policies \ System] "dontdisplaylastusername" = 0 "legalnoticecaption" = "legalnoticetext" = "shutdownwithoutlogon" = 1 "undockwithoutlogon" = 1 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntVersion \ Policies \ Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ serviços es \ SharedAccess \ Parameters \ firewallpolicy \ standard profile \ authorizedapplications \ list] "% windir% \ system32 \ Sessmgr.exe" = "% windir% \ system32 \ Sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019" "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL" "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL" "C: \ Program Files \ America Online 9.0 \ waol.exe" = "C: \ Program Files \ America Online 9.0 \ waol.exe: *: Enabled: America Online 9.0" "% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20000" "C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe" = "C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe: *: Disabled: Internet Explorer" "C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe" = "C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe: *: Enabled: LogMeIn Rescue" [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ serviços es \ SharedAccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list] "% windir% \ system32 \ Sessmgr.exe" = "% windir% \ system32 \ Sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019" "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL" "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL" "C: \ Program Files \ America Online 9.0 \ waol.exe" = "C: \ Program Files \ America Online 9.0 \ waol.exe: *: Enabled: America Online 9.0" "% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20000" [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ explorer \ mountpoints2 \ (4f63278d-8557-11d9-be24-806d6172696f)] shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ explorer \ mountpoints2 \ (e1ec6b61-710a-11d9-B301-806d6172696f)] shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480 ====== Lista dos arquivos / pastas criadas no passado 1 mês ====== 2008-10-16 15:56:08 ---- D ---- C: \ rsit 2008-10-16 15:19:05 ---- D ---- C: \ _OTMoveIt 2008-10-16 14:07:16 ---- D ---- C: \ Program Files \ Panda Security 2008-10-16 13:48:04 ---- A ---- C: \ WINDOWS \ system32 \ CF23987.exe 2008-10-16 13:47:57 ---- A ---- C: \ Bug.txt 2008-10-16 13:20:06 ---- D ---- C: \ VundoFix Backups 2008-10-16 13:20:06 ---- A ---- C: \ VundoFix.txt 2008-10-16 12:26:25 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2008-10-16 12:25:40 ---- D ---- C: \ Program Files \ SUPERAntiSpyware 2008-10-16 12:25:39 ---- D ---- C: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com 2008-10-16 12:25:12 ---- D ---- C: \ Program Files \ Common Files \ Wise Installation Wizard 2008-10-16 11:20:45 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956803 $ 2008-10-16 11:20:36 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956391 $ 2008-10-16 11:20:27 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB957095 $ 2008-10-16 11:17:11 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB954211 $ 2008-10-16 11:16:54 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956841 $ 2008-10-16 11:08:22 ---- D ---- C: \ WINDOWS \ system32 \ N360_BACKUP 2008-10-16 10:48:03 DC ---- ---- C: \ WINDOWS \ system32 \ DRVSTORE 2008-10-16 10:47:42 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6) 2008-10-16 10:24:37 ---- D ---- C: \ Program Files \ Windows Sidebar 2008-10-16 10:24:06 ---- D ---- C: \ Program Files \ Norton 360 2008-10-16 10:22:49 ---- A ---- C: \ WINDOWS \ system32 \ S32EVNT1.DLL 2008-10-15 17:26:20 ---- D ---- C: \ Program Files \ NoNAV 2008-10-15 16:41:28 ---- D ---- C: \ SymNoNav 2008-10-15 16:22:38 ---- D ---- C: \ WINDOWS \ LMI42.tmp 2008-10-15 15:10:33 ---- D ---- C: \ Program Files \ Trend Micro 2008-10-11 12:25:41 ---- D ---- C: \ WINDOWS \ domingo 2008-10-11 12:25:41 ---- D ---- C: \ Documents and Settings \ Owner \ Application Data \ domingo 2008-10-11 12:00:57 ---- D ---- C: \ Program Files \ CCleaner 2008-10-11 11:38:42 ---- D ---- C: \ Documents and Settings \ Proprietário \ Dados de aplicativos \ Malwarebytes 2008-10-11 11:38:37 ---- D ---- C: \ Program Files \ Malwarebytes' Anti-Malware 2008-10-11 11:38:37 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes ====== Lista dos arquivos / pastas modificadas nos últimos 1 mês ====== 2008-10-16 15:44:12 ---- D ---- C: \ Program Files \ Common Files \ Symantec Shared 2008-10-16 15:43:38 ---- D ---- C: \ WINDOWS \ Temp 2008-10-16 15:27:24 ---- D ---- C: \ WINDOWS \ system32 \ CatRoot2 2008-10-16 15:25:42 ---- A ---- C: \ WINDOWS \ SchedLgU.Txt 2008-10-16 15:12:27 ---- A ---- C: \ WINDOWS \ hpbafd.ini 2008-10-16 15:12:19 ---- A ---- C: \ WINDOWS \ system32 \ NTS5CSET.INI 2008-10-16 15:05:13 ---- D ---- C: \ WINDOWS 2008-10-16 14:13:35 ---- D ---- C: \ WINDOWS \ system32 \ drivers 2008-10-16 14:07:16 ---- RD ---- C: \ Program Files 2008-10-16 14:07:16 ---- HD ---- C: \ WINDOWS \ inf 2008-10-16 14:06:35 ---- SD ---- C: \ WINDOWS \ Downloaded Program Files 2008-10-16 13:49:56 ---- D ---- C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Google Updater 2008-10-16 13:48:11 ---- D ---- C: \ WINDOWS \ system32 2008-10-16 12:26:10 ---- SHD ---- C: \ WINDOWS \ Installer 2008-10-16 12:25:12 ---- D ---- C: \ Arquivos de Programas \ Arquivos Comuns 2008-10-16 11:50:16 ---- D ---- C: \ WINDOWS \ Minidump 2008-10-16 11:50:16 ---- D ---- C: \ WINDOWS \ Debug 2008-10-16 11:20:47 ---- ---- RSHDC C: \ WINDOWS \ system32 \ dllcache 2008-10-16 11:20:43 ---- HD ---- C: \ WINDOWS \ $ hf_mig $ 2008-10-16 11:20:07 ---- D ---- C: \ Arquivos de Programas \ Internet Explorer 2008-10-16 11:19:54 ---- D ---- C: \ WINDOWS \ ie7updates 2008-10-16 11:19:07 ---- A ---- C: \ WINDOWS \ win.ini 2008-10-16 11:08:11 ---- D ---- C: \ Documents and Settings \ Owner \ Application Data \ Symantec 2008-10-16 11:04:17 ---- D ---- C: \ Program Files \ Symantec 2008-10-16 11:01:12 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Symantec 2008-10-16 10:46:55 ---- D ---- C: \ WINDOWS \ prefetch 2008-10-15 17:42:01 ---- D ---- C: \ Documents and Settings 2008-10-15 15:38:45 ---- D ---- C: \ WINDOWS \ winSxS 2008-10-15 15:38:45 ---- D ---- C: \ Program Files \ Common Files \ Microsoft Shared 2008-10-15 14:55:27 ---- D ---- C: \ WINDOWS \ system32 \ Restore 2008-10-15 13:23:32 ---- A ---- C: \ WINDOWS \ PCW120.ini 2008-10-15 13:23:22 ---- D ---- C: \ SHAREDAT 2008-10-14 14:58:10 ---- D ---- C: \ Shardata 2008-10-11 11:30:23 ---- SHD ---- C: \ System Volume Information 2008-10-07 15:19:40 ---- A ---- C: \ WINDOWS \ system32 \ o Mrt.exe 2008-10-03 13:41:15 ---- A ---- C: \ WINDOWS \ system32 \ Ieframe.dll 2008-09-24 08:36:56 ---- D ---- C: \ Program Files \ Common Files \ Pêssego ====== Lista dos maquinistas (R = Running, S = Stopped, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )====== R1 AmdPPM; Processador AMD HwPState Driver; C: \ WINDOWS \ system32 \ DRIVERS \ AmdPPM.sys [2007-04-16 33792] R1 eeCtrl; Symantec Eraser Control condutor; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ EENGINE \ eeCtrl.sys [] R1 InCDPass; InCDPass; C: \ WINDOWS \ System32 \ DRIVERS \ InCDPass.sys [2003-09-01 28528] R1 incdrm; InCD EasyWrite Reader; C: \ WINDOWS \ system32 \ drivers \ incdrm.sys [2003-08-21 25520] R1 SASDIFSV; SASDIFSV; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [] R1 SASKUTIL; SASKUTIL; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.sys [] R1 SPBBCDrv; SPBBCDrv; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCDrv.sys [] R1 SRTSPX; SRTSPX; C: \ WINDOWS \ System32 \ Drivers \ SRTSPX.SYS [2008-01-31 43696] R1 SYMTDI; SYMTDI; C: \ WINDOWS \ System32 \ Drivers \ SYMTDI.SYS [2008-06-13 184240] R2 CO_Mon; CO_Mon; \? \ C: \ WINDOWS \ system32 \ drivers \ CO_Mon.sys [] R2 mdmxsdk; mdmxsdk; C: \ WINDOWS \ system32 \ DRIVERS \ mdmxsdk.sys [2004-03-17 13059] R2 tmcomm; tmcomm; \? \ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys [] R3 ALCXWDM; Serviço para Realtek AC97 Audio (WDM); C: \ WINDOWS \ system32 \ drivers \ ALCXWDM.SYS [2004-11-18 2297664] R3 Arp1394; 1394 ARP Protocolo Cliente; C: \ WINDOWS \ system32 \ DRIVERS \ Arp1394.sys [2008-04-13 60800] R3 ati2mtag; ati2mtag; C: \ WINDOWS \ system32 \ DRIVERS \ ati2mtag.sys [2006-02-21 1505792] R3 COH_Mon; COH_Mon; \? \ C: \ WINDOWS \ system32 \ Drivers \ COH_Mon.sys [] R3 EraserUtilRebootDrv; EraserUtilRebootDrv; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ EENGINE \ EraserUtilRebootDrv.sys [] R3 GEARAspiWDM; ARTES ASPI Driver Filter; C: \ WINDOWS \ System32 \ Drivers \ GEARAspiWDM.sys [2008-04-17 15464] R3 HSF_DP; HSF_DP; C: \ WINDOWS \ system32 \ DRIVERS \ HSF_DP.sys [2004-06-17 1041536] R3 HSFHWBS2; HSFHWBS2; C: \ WINDOWS \ system32 \ DRIVERS \ HSFHWBS2.sys [2004-06-17 220032] R3 NAVENG; NAVENG; \? \ C: \ PROGRA ~ 1 \ common ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2008101 6,004 \ NAVENG.SYS [] R3 NAVEX15; NAVEX15; \? \ C: \ PROGRA ~ 1 \ common ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2008101 6,004 \ NAVEX15.SYS [] R3 NIC1394; 1394 Driver Net, C: \ WINDOWS \ system32 \ DRIVERS \ nic1394.sys [2008-04-13 61824] R3 rtl8139; Realtek RTL8139 (A / B / C)-based PCI Fast Ethernet Adapter NT Driver; C: \ WINDOWS \ system32 \ DRIVERS \ RTL8139.SYS [2004-08-04 20992] R3 SASENUM; SASENUM; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [] R3 SRTSP; SRTSP; C: \ WINDOWS \ System32 \ Drivers \ SRTSP.SYS [2008-01-31 279088] R3 SunkFilt; Alcor Micro Corp Reader; \? \ C: \ WINDOWS \ System32 \ Drivers \ sunkfilt.sys [] R3 SYMDNS; SYMDNS; C: \ WINDOWS \ System32 \ Drivers \ SYMDNS.SYS [2008-06-13 13616] R3 SYMEvent; SYMEvent; \? \ C: \ WINDOWS \ system32 \ Drivers \ Symevent.sys [] R3 SYMFW; SYMFW; C: \ WINDOWS \ System32 \ Drivers \ SYMFW.SYS [2008-06-13 96432] R3 SYMIDS; SYMIDS; C: \ WINDOWS \ System32 \ Drivers \ SYMIDS.SYS [2008-06-13 38576] R3 SYMIDSCO; SYMIDSCO; \? \ C: \ PROGRA ~ 1 \ common ~ 1 \ SYMANT ~ 1 \ SymcData \ ipsdefs \ 20081014.001 \ SymIDSCo.sys [] R3 SymIMMP; SymIMMP; C: \ WINDOWS \ system32 \ DRIVERS \ SymIM.sys [2008-06-13 31280] R3 SYMNDIS; SYMNDIS; C: \ WINDOWS \ System32 \ Drivers \ SYMNDIS.SYS [2008-06-13 37424] R3 SYMREDRV; SYMREDRV; C: \ WINDOWS \ System32 \ Drivers \ SYMREDRV.SYS [2008-06-13 22320] R3 usbehci; Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C: \ WINDOWS \ system32 \ DRIVERS \ Usbehci.sys [2008-04-13 30208] R3 usbhub; USB2 Enabled Hub, C: \ WINDOWS \ system32 \ DRIVERS \ usbhub.sys [2008-04-13 59520] R3 usbohci; Microsoft USB Open Host Controller Miniport Driver; C: \ WINDOWS \ system32 \ DRIVERS \ Usbohci.sys [2008-04-13 17152] R3 USBSTOR; USB Mass Storage Driver; C: \ WINDOWS \ system32 \ DRIVERS \ USBSTOR.SYS [2008-04-13 26368] R3 winachsf; winachsf; C: \ WINDOWS \ system32 \ DRIVERS \ HSF_CNXT.sys [2004-06-17 685056] R4 InCDfs; InCD File System; C: \ WINDOWS \ system32 \ drivers \ InCDfs.sys [2003-09-01 88800] S1 P3; Intel PentiumIII Processor Driver; C: \ WINDOWS \ system32 \ DRIVERS \ P3.sys [2008-04-13 42752] S3 Bridge; MAC Bridge; C: \ WINDOWS \ system32 \ DRIVERS \ bridge.sys [2008-04-13 71552] S3 BridgeMP; MAC Bridge Miniport; C: \ WINDOWS \ system32 \ DRIVERS \ bridge.sys [2008-04-13 71552] S3 mxnic; Macronix MX987xx Família Fast Ethernet NT Driver; C: \ WINDOWS \ system32 \ DRIVERS \ mxnic.sys [2001-08-17 19968] S3 nv; nv, C: \ WINDOWS \ system32 \ DRIVERS \ nv4_mini.sys [2004/08/04 1897408] S3 SRTSPL; SRTSPL; C: \ WINDOWS \ System32 \ Drivers \ SRTSPL.SYS [2008-01-31 317616] S3 SymIM; Symantec Network Security Intermediate Filter Service; C: \ WINDOWS \ system32 \ DRIVERS \ SymIM.sys [2008-06-13 31280] S3 usbuhci; Microsoft USB Universal Host Controller Miniport Driver; C: \ WINDOWS \ system32 \ DRIVERS \ Usbuhci.sys [2008-04-13 20608] S3 VNUSB; VN Série Dispositivo; C: \ WINDOWS \ system32 \ DRIVERS \ VNUSB.sys [2003-12-15 38448] S3 wanatw; WAN Miniport (ATW); C: \ WINDOWS \ system32 \ DRIVERS \ wanatw4.sys [] S3 WudfPf; Windows Driver Foundation - User-mode Driver Framework Platform Driver; C: \ WINDOWS \ system32 \ DRIVERS \ Wudfpf.sys [2006-09-28 77568] S3 WudfRd; Windows Driver Foundation - User-mode Driver Framework Reflector; C: \ WINDOWS \ system32 \ DRIVERS \ wudfrd.sys [2006-09-28 82944] S4 sr; System Restore Driver Filter; C: \ WINDOWS \ system32 \ DRIVERS \ sr.sys [2008-04-13 73472] ====== Lista de serviços (R = Running, S = Stopped, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )====== R2 Ati HotKey Poller; Ati HotKey Poller; C: \ WINDOWS \ system32 \ Ati2evxx.exe [2006-02-21 405504] R2 Automatic LiveUpdate Scheduler; Automatic LiveUpdate Scheduler; C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe [2008-02-21 238968] R2 ccEvtMgr; Symantec Event Manager; C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 ccSetMgr; Symantec Settings Manager; C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 CLTNetCnService; Symantec Lic NetConnect serviço; C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 gusvc; Google Updater Service, C: \ Arquivos de Programas \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe [2007/06/04 138680] R2 InCDsrv; InCD File System Service; C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe [2003/09/01 798772] R2 LiveUpdate Notice; LiveUpdate Notice; C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 MDM; Machine Debug Manager; C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe [2003-06-19 322120] R2 PrismXL; PrismXL; C: \ Program Files \ Common Files \ New Boundary \ PrismXL \ PRISMXL.SYS [2005-01-28 172032] S3 aspnet_state; ASP.NET Serviço de Estado; C: \ WINDOWS \ Microsoft.NET \ Framework \ v1.1.4322 \ aspne t_state.exe [2004-07-15 32768] S3 comHost, COM anfitriã; C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe [2007-08-22 55640] S3 LiveUpdate; LiveUpdate, C: \ Program Files \ Symantec \ LiveUpdate \ LuComServer_3_4.EXE [2008/09/05 3220856] S3 ose; Office Source Engine; C: \ Program Files \ Common Files \ Microsoft Shared \ Source Engine \ Ose.exe [2003-07-28 89136] S3 Symantec Core LC; Symantec Core LC; C: \ PROGRA ~ 1 \ common ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe [2008-10-16 1245064] S3 WMPNetworkSvc; Windows Media Player Network Sharing Service, C: \ Arquivos de Programas \ Windows Media Player \ WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc; Windows Driver Foundation - User-mode Driver Framework, C: \ WINDOWS \ system32 \ svchost.exe [2008-04-13 14336] ----------------- ----------------- EOF |
|
#7
16 out 2008, 13:50
| |||
| |||
| Seja qual eu não posso me livrar de TROJAN.VUNDO.H O digestp.dll ainda não está desaparecido. Primeiro: Baixar Desativar ou remover o Windows Messenger para o Desktop para remover Windows Messenger. Não confunda Windows Messenger com MSN Messenger porque eles não são os mesmos. Windows Messenger é uma causa freqüente de pop-ups. Descompacte o arquivo no desktop. Abra o MessengerDisable.exe e escolher o fundo caixa -- Desinstalar o Windows Messenger e clique em Aplicar. Sair fora de MessengerDisable em seguida, elimine os dois arquivos que foram colocados no desktop. ---------- Nota: as instruções abaixo foram criados especificamente para este usuário. Se você não é esse usuário, NÃO siga estas instruções, uma vez que poderia danificar o funcionamento de seu sistema Ir para Iniciar> Executar e tipo notepad.exe clique em OK Copie e cole a seguir no Bloco de notas e salve como fixme.reg a sua Desktop Código: REGEDIT4 [-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] [-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ MSMSGS] [-- HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz] Certifique-se de que você me diga se você receber uma mensagem de êxito sobre como adicionar o acima para o registro. Se você não receber uma mensagem de êxito, não funcionou. Excluir a fixme.reg a partir do desktop. ---------- O seu Java está desatualizado. As versões mais antigas têm vulnerabilidades que sites maliciosos podem usar para infectar seu sistema. Primeiro instale a nova Sun Java Runtime Environment Certifique-se de fechar todas as janelas do navegador antes de iniciar a instalação. Remover a versão antiga (s) Baixar JavaRa
Ficheiros suspeitos para digitalizar Por favor, vá para VirSCAN.org LIVRE digitalizar serviço on-line (Se mais de um arquivo digitalizado necessidades que deve ser feito separadamente e registra destacados para cada uma) 1. Copie e cole o seguinte caminho para o arquivo Ficheiros suspeitos para digitalizar caixa na parte superior da página. Código: C: \ WINDOWS \ system32 \ CF23987.exe 3. Imprensa Ctrl + V no teclado (ambos ao mesmo tempo) para colar o caminho do arquivo para a janela. 4. Clique sobre a Enviar botão. Isto irá realizar uma varredura em vários vírus diferentes motores. Seu arquivo será possivelmente entrou em uma fila que normalmente demora menos de um minuto para limpar. Importante: Espere para todos os motores a varredura completa. 5. Assim que a varredura é terminada role para baixo e clique no botão Copiar para a Área de Transferência botão. Isso irá copiar o link do relatório para a prancheta. 6. Cole o conteúdo do Clipboard na sua próxima resposta. ---------- Após a postagem VirSCAN.org resultados. Baixar ATF Cleaner por Atribune para o seu desktop. Suplente link para download Nota: Vista os usuários devem usar Executar como administrador
Importante: Reinicie o computador antes de continuar.
__________________ |
|
#8
16 out 2008, 14:39
| |||
| |||
| Seja qual eu não posso me livrar de TROJAN.VUNDO.H 1. Sucesso na Fixme.reg 2. Então aqui estão os 2 ficheiros que queria que eu mandar A. JavaRa 1/11 Remoção Log. Relatório segue após a linha. ------------------------------------ A remoção JavaRa processo foi iniciado em Qui 16 out 17:23:09 2008 Encontrado e removido: C: \ Windows \ System32 \ jpicpl32.cpl Encontrado e removido: C: \ Windows \ Installer \ (7148F0A8-6813-11D6-A77B-00B0D0142000) Encontrado e removido: SOFTWARE \ JavaSoft \ Java Runtime Environment \ 1/4 Encontrado e removido: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ uninstal l \ (7148F0A8-6813-11D6-A77B-00B0D0142000) Encontrado e removido: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA) Encontrado e removido: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB) Encontrado e removido: SOFTWARE \ Classes \ Installer \ Products \ 8A0F841731866D 117AB7000B0D410200 Encontrado e removido: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installe r \ UserData \ S-1-5-18 \ Products \ 8A0F841731866D117AB7000B0D410200 Encontrado e removido: SOFTWARE \ Classes \ JavaPlugin.142 Encontrado e removido: SOFTWARE \ JavaSoft \ Java Plug-in \ 1.4.2 Encontrado e removido: SOFTWARE \ JavaSoft \ Java Runtime Environment \ 1.4.2 Encontrado e removido: SOFTWARE \ JavaSoft \ Java Web Start \ 1.4.2 Encontrado e removido: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1 Encontrado e removido: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1_02 Encontrado e removido: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1_03 Encontrado e removido: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1_04 Encontrado e removido: SOFTWARE \ JavaSoft \ Java Web Start \ 1/2 Encontrado e removido: SOFTWARE \ JavaSoft \ Java Web Start \ 1.2.0_01 ------------------------------------ Terminados relata. JavaRa 11/1 Remoção Log. Relatório segue após a linha. ------------------------------------ A remoção JavaRa processo foi iniciado em Qui 16 out 17:23:18 2008 ------------------------------------ Terminados relata. B. VirSCAN. Org digitalizada Relatório: Verificados tempo: 2008/10/16 17:27:59 (EDT) Scanner resultados: Todos os scanners relataram não encontrar malware! Nome do Arquivo: CF23987.exe Tamanho: 389120 bytes Tipo de Arquivo: PE32 executável para o MS Windows (consola) Intel 80386 32-bit MD5: b65faf059812f22a1058ecfcb520e47b SHA1: 8148c039b0f0a166bc1a1801fe6d14716bdcec1f Online relatório: http://virscan.org/report/36cd3be0f2...66947033e.html Scanner Motor Ver Ver Sig Sig Data Hora Scan resultado a-squared 4.0.0.16 2008.10.15 2008-10-15 1,54 -- AhnLab V3 ... .. - 0,18 -- AntiVir 7.9.0.5 7.0.7.51 2008-10-16 0,08 -- Antiy 2.0.18 20081016,1488960 2008/10/16 0.12 -- Arcavir 1.0.5 200810161244 2008/10/16 1,23 -- Authentium 5.1.1 200810150216 2008/10/15 1.17 -- Avast! 3.0.1 081015-0 2008/10/15 0,72 -- AVG 7.5.52.442 270.8.1/1728 2008-10-16 1,68 -- BitDefender 7.60825.1875439 7,21294 2008-10-17 3,13 -- CA (VET) 9.0.0.143 31.6.6151 2008-10-16 5,37 -- ClamAV 0,94 8435 2008 -10-17 0,13 -- Comodo 2,11 2.0.0.678 2008-10-16 0,44 -- CP Secure 1.1.0.715 2008.10.17 2008-10-17 6,26 -- Dr.Web 4.44.0.9170 2008.10.16 2008-10-16 3,41 -- ewido 4.0.0.2 2008/10/16 2008/10/16 2,90 -- F-Prot 4.4.4.56 20081016 2008-10-16 1,19 -- F-Secure 5.51.6100 2008 .10.16.09 2008-10-16 3,55 -- Fortinet 2,81-3,113 9,647 2008/10/15 0.23 -- GData 19.1058/19.65 20081016 2008-10-16 2,65 -- ViRobot 20081016 2008/10/16 2008/10/16 0.40 -- Ikarus T3.1.01.34 2008.10.16.71662 2008-10-16 3,99 -- JiangMin 11.0.706 2008.10.16 2008-10-16 1,26 -- Kaspersky 5.5.10 2008/10/16 2008/10/16 0.04 -- KingSoft 2008.9.8.18 2008.10.16.17 2008-10-16 0,66 -- McAfee 5.3.00 5406 2008-10-15 2,13 -- Microsoft 1,4005 2008/10/16 2008/10/16 3,93 -- mks_vir 2,01 2008/10/16 2008/10/16 2,75 -- Norman 5.93.01 5.93.00 2008-10-16 5,21 -- Panda 9.05.01 2008.10.16 2008-10-16 2,28 -- Trend Micro 8.700-1004 5.604.11 2008-10-16 0,03 -- Quick Heal 9,50 2008/10/16 2008/10/16 1,99 -- Rising 20,0 20.66.32.00 2008-10-16 0,77 -- Sophos 2.79.0 4,34 2008-10-17 1,86 -- Sunbelt 3.1.1728.1 2317 2008-10-16 0,48 -- Symantec 1.3.0.24 20081016,004 2008-10-16 0,05 -- nProtect 2008-10-16.00 2247055 2008-10-16 4,22 -- O Hacker 6.3.1.0 v00116 2008/10/16 0.45 -- VBA32 3.12.8.7 20081016,1009 2008-10-16 1,43 -- VirusBuster 4.5.11.10 10.90.4/651643 2008-10-16 0,99 -- |
|
#9
16 out 2008, 14:41
| |||
| |||
| Seja qual eu não posso me livrar de TROJAN.VUNDO.H Download ComboFix por subcategorias de um dos links abaixo. Certifique-se de guardá-lo para o topo Desktop. Link # 1 Link # 2 ** Nota: É importante que ele é guardado directamente para o seu desktop Feche todos os browsers abertos. (Firefox, Internet Explorer, etc) antes de iniciar ComboFix. Temporariamente desabilitar seu antivírus, E qualquer antispyware proteção em tempo real antes realizar uma varredura. Clique este link para ver uma lista de programas de segurança que devem ser desativados e como desativá-los. Dê um clique duplo combofix.exe e siga as instruções. Quando terminar ComboFix irá produzir um log para você. Publicar a Log ComboFix na sua próxima resposta. Importante: Não mouseclick ComboFix da janela enquanto ele está sendo executado. Isso pode fazer com que a barraca. Lembre-se de reativar a sua protecção antivírus e antispyware ComboFix quando estiver completa.
__________________ |
|
#10
16 out 2008, 15:11
| |||
| |||
| Seja qual eu não posso me livrar de TROJAN.VUNDO.H ComboFix 08-10-16.01 - Proprietário 2008-10-16 17:52:25.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.95 [GMT -4:00] Executando de: C: \ Documents and Settings \ Proprietário \ Desktop \ ComboFix.exe * Criado um novo ponto restaurar . ((((((((((((((((((((((((((((((((((((((( Outros Supressões ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ WINDOWS \ jestertb.dll D: \ Autorun.inf . ((((((((((((((((((((((((( Arquivos criados a partir de 2008/09/16 a 2008/10/16 ))))))))))) )))))))))))))))))))) . 2008/10/16 16:16. 2008/10/16 16:17 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ WinZip 2008/10/16 15:56. 2008/10/16 16:23 <dir> d -------- C: \ rsit 2008/10/16 15:19. 2008/10/16 15:19 <dir> d -------- C: \ _OTMoveIt 2008/10/16 14:07. 2008/10/16 14:07 <dir> d -------- C: \ Program Files \ Panda Security 2008/10/16 14:07. 2008/06/19 17:24 28,544 - a ------ C: \ WINDOWS \ system32 \ drivers \ pavboot.sys 2008/10/16 13:20. 2008/10/16 13:20 <dir> d -------- C: \ VundoFix Backups 2008/10/16 12:26. 2008/10/16 12:26 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2008/10/16 12:25. 2008/10/16 13:40 <dir> d -------- C: \ Program Files \ SUPERAntiSpyware 2008/10/16 12:25. 2008/10/16 12:25 <dir> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard 2008/10/16 12:25. 2008/10/16 12:25 <dir> d -------- C: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com 2008/10/16 11:08. 2008/10/16 11:08 <dir> d -------- C: \ WINDOWS \ system32 \ N360_BACKUP 2008/10/16 10:48. 2008/10/16 10:48 <dir> d ---- c --- C: \ WINDOWS \ system32 \ DRVSTORE 2008/10/16 10:47. 2008/10/16 10:47 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6) 2008/10/16 10:24. 2008/10/16 10:24 <dir> d -------- C: \ Program Files \ Windows Sidebar 2008/10/16 10:24. 2008/10/16 11:44 <dir> d -------- C: \ Program Files \ Norton 360 2008/10/16 10:22. 2008/10/16 11:04 123,952 - a ------ C: \ WINDOWS \ system32 \ drivers \ Symevent.sys 2008/10/16 10:22. 2008/10/16 11:04 60,800 - a ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL 2008/10/16 10:22. 2008/10/16 11:04 10,671 - a ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.CAT 2008/10/16 10:22. 2008-10-16 11:04 805 - a ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.INF 2008/10/16 10:16. 2008/09/08 06:41 333,824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Srv.sys 2008/10/16 10:15. 2008/08/14 06:11 2189184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe 2008/10/16 10:15. 2008/08/14 06:09 2145280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlmp.exe 2008/10/16 10:15. 2008/08/14 05:33 2066048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe 2008/10/16 10:15. 2008/08/14 05:33 2023936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrpamp.exe 2008/10/16 10:15. 2008/09/15 08:12 1846400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ win32k.sys 2008/10/16 10:09. 2008/10/16 10:10 <dir> d -------- C: \ Documents and Settings \ Administrador \. Housecall6.6 2008/10/15 17:42. 2004/08/27 05:54 <dir> d -------- C: \ Documents and Settings \ Administrador \ WINDOWS 2008/10/15 17:42. 2005/01/28 05:22 <dir> d -------- C: \ Documents and Settings \ Administrador \ Application Data \ SampleView 2008/10/15 17:42. 2005/01/28 05:26 <dir> d -------- C: \ Documents and Settings \ Administrador \ Application Data \ McAfee 2008/10/15 17:42. 2008/10/15 17:42 <dir> d -------- C: \ Documents and Settings \ Administrador \ Application Data \ Malwarebytes 2008/10/15 17:42. 2008/10/16 10:09 <dir> d -------- C: \ Documents and Settings \ Administrador 2008/10/15 17:26. 2008/10/15 17:26 <dir> d -------- C: \ Program Files \ NoNAV 2008/10/15 16:41. 2008/10/15 17:26 <dir> d -------- C: \ SymNoNav 2008/10/15 16:22. 2008/10/15 17:27 <dir> d -------- C: \ WINDOWS \ LMI42.tmp 2008/10/15 15:10. 2008/10/15 15:10 <dir> d -------- C: \ Program Files \ Trend Micro 2008/10/11 13:05. 2008/10/11 12:33 102,664 - a ------ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys 2008/10/11 12:33. 2008/10/15 15:21 <dir> d -------- C: \ Documents and Settings \ Proprietário \. Housecall6.6 2008/10/11 12:25. 2008/10/11 12:25 <dir> d -------- C: \ WINDOWS \ domingo 2008/10/11 12:00. 2008/10/11 12:01 <dir> d -------- C: \ Program Files \ CCleaner 2008/10/11 11:38. 2008/10/11 11:38 <dir> d -------- C: \ Program Files \ Malwarebytes' Anti-Malware 2008/10/11 11:38. 2008/10/11 11:38 <dir> d -------- C: \ Documents and Settings \ Proprietário \ Dados de aplicativos \ Malwarebytes 2008/10/11 11:38. 2008/10/11 11:38 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008/10/11 11:38. 2008/09/10 00:04 38,528 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008/10/11 11:38. 2008/09/10 00:03 17,200 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008/09/23 13:17. 2008-09-23 13:17 133 - a ------ C: \ Documents and Settings \ All Users \ Application Data \ ustore.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008/10/16 21:53 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared 2008/10/16 17:49 --------- d ----- w C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Google Updater 2008/10/16 15:08 --------- d ----- w C: \ Documents and Settings \ Owner \ Application Data \ Symantec 2008/10/16 15:04 --------- d ----- w C: \ Program Files \ Symantec 2008/10/16 15:01 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec 2008/09/24 12:36 --------- d ----- w C: \ Program Files \ Common Files \ Pêssego 2008/09/08 10:41 333,824 ---- aw C: \ WINDOWS \ system32 \ drivers \ Srv.sys 2008/08/19 10:32 --------- d ----- w C: \ Program Files \ Microsoft Silverlight 2005-10-20 18:06 76-c ---- w C: \ Documents and Settings \ Owner \ Application Data \ wklnhst.dat 2005-05-27 00:43 0-csha-w C: \ WINDOWS \ SMINST \ HPCD.sys 2008/05/24 13:39 32,768-csha-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Configurações locais \ Histórico \ History.IE5 \ MSHist012008052420080 525 \ index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Nota * entradas vazias & legit entradas padrão não são mostrados REGEDIT4 [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] 2004/08/04 15:00 105,984 - a ------ C: \ Windows \ system32 \ digestp.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ explorer \ shelliconoverlayidentifiers \ Ov erlayExcluded] @ = "(4433A54A-1AC8-432F-90FC-85F045CF383C)" [HKEY_CLASSES_ROOT \ CLSID \ (4433A54A-1AC8-432F-90FC-85F045CF383C)] 2008-02-26 04:34 576352 - a ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ explorer \ shelliconoverlayidentifiers \ Ov erlayPending] @ = "(F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)" [HKEY_CLASSES_ROOT \ CLSID \ (F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)] 2008-02-26 04:34 576352 - a ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ explorer \ shelliconoverlayidentifiers \ Ov erlayProtected] @ = "(476D0EA3-80F9-48B5-B70B-05E677C9C148)" [HKEY_CLASSES_ROOT \ CLSID \ (476D0EA3-80F9-48B5-B70B-05E677C9C148)] 2008-02-26 04:34 576352 - a ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run] "ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2008-04-13 15360] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2008-05-28 1506544] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2005-01-28 98304] "Adobe Photo Downloader" = "C: \ Arquivos de Programas \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe" [2005-06-06 57344] "Adobe Reader Speed Launcher" = "C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792] "TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-04-19 185896] "ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2008-02-18 51048] "osCheck" = "C: \ Program Files \ Norton 360 \ osCheck.exe" [2008-02-26 988512] C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Startup \ Dispositivo Detector 3.lnk - C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe [2007-06-27 114688] Google Updater.lnk - C: \ Arquivos de Programas \ Google \ Google Updater \ GoogleUpdater.exe [2007-06-04 125624] Microsoft Office.lnk - C: \ Arquivos de Programas \ Microsoft Office \ Office \ OSA9.exe [2000-01-21 65588] WinZip Quick Pick.lnk - C: \ Program Files \ WinZip \ WZQKPICK.EXE [2008-09-11 525664] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \! SASWinLogon] 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \ paubftzz] 2004/08/04 15:00 105984 C: \ WINDOWS \ system32 \ digestp.dll [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Iniciar ^ Programas ^ Arranque ^ BigFix.lnk] path = C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Inicializar \ BigFix.lnk backup = C: \ WINDOWS \ pss \ Inicialização BigFix.lnkCommon [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Iniciar ^ Programas ^ Inicializar ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Inicializar \ Microsoft Office.lnk backup = C: \ WINDOWS \ pss \ Microsoft Office.lnkCommon Inicialização [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ATIPTA] - a - c --- 2004-11-12 01:10 344064 C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ccApp] - a ------ 2008-02-18 15:37 51048 C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ctfmon.exe] - a ------ 2008-04-13 20:12 15360 C: \ WINDOWS \ system32 \ ctfmon.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ InCD] - a ------ 2003-09-01 09:32 1200178 C: \ Program Files \ Ahead \ InCD \ InCD.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NeroCheck] - a ------ 2001-07-09 15:50 155648 C: \ WINDOWS \ system32 \ NeroCheck.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NeroFilterCheck] - a ------ 2001-07-09 15:50 155648 C: \ WINDOWS \ system32 \ NeroCheck.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Recguard] - a - c --- 2002-09-13 16:42 212992 C: \ WINDOWS \ SMINST \ Recguard.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RemoteControl] - a - c --- 2003-10-31 23:42 32768 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SunKistEM] - a - c --- 2004-11-15 19:04 135168 C: \ Program Files \ Digital Media Reader \ shwiconEM.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ UpdateManager] - a - c --- 2003-08-19 01:01 110592 C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CHotkey] - a - c --- 2004-05-17 22:30 543232 C: \ WINDOWS \ zHotkey.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ShowWnd] - a - c --- 2003-09-19 13:09 36864 C: \ WINDOWS \ ShowWnd.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ engenheiro de gravação de som] - a - c --- 2004-11-15 23:20 77824 C: \ WINDOWS \ SOUNDMAN.EXE [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ Sessmgr.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = R0 pavboot; pavboot; C: \ WINDOWS \ system32 \ drivers \ pavboo t.sys [2008-06-19 28544] R0 shsizubv; shsizubv; C: \ WINDOWS \ system32 \ drivers \ shsi zubv.sys [2004-08-04 23424] S3 COH_Mon; COH_Mon; C: \ WINDOWS \ system32 \ Drivers \ COH_Mo n.sys [2008-07-30 23888] S3 VNUSB; VN Série Dispositivo; C: \ WINDOWS \ system32 \ DRIVERS \ VNUSB.sys [2003-12-15 38448] HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs qfbydciq [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ explorer \ mountpoints2 \ (4f63278d-8557-11d9-be24-806d6172696f)] \ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ explorer \ mountpoints2 \ (e1ec6b61-710a-11d9-B301-806d6172696f)] \ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480 * Serviço recém-criado * - COMHOST * Serviço recém-criado * - PROCEXP90 . Conteúdo da 'Tarefas agendadas' pasta 2008/10/12 C: \ WINDOWS \ Tasks \ Automático Completo Backup.job - C: \ Program Files \ vibrar \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10] 2008/10/15 C: \ WINDOWS \ Tasks \ Daily Mudado Files.job - C: \ Program Files \ vibrar \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10] 2008/10/11 C: \ WINDOWS \ Tasks \ PEACTREE SEMANAL ANTERIOR UP.job - C: \ Program Files \ vibrar \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10] . - - - - ÓRFÃOS REMOVIDO - - - -- Barra-ID - (no arquivo) . Scan Suplementar ------- ------- . R0 -: HKCU-Main, Start Page = hxxp: / / www.emachines.com/ R0 -: HKCU-Main, SearchMigratedDefaultURL = hxxp: / / www.google.com/search?q = () & searchTerms sourceid = ie7 & SPI = com.micros oft: pt-BR & ie = utf8 & oe = utf8 R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s O8 -: E & xportar para o Microsoft Excel - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000 . ************************************************** ************************ CatchMe 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net Rootkit scan 2008-10-16 17:54:24 5/1/2600 Windows Service Pack 3 NTFS digitalizar processos escondidos ... escaneamento automático entradas escondidas ... digitalizar os arquivos ocultos ... varredura foi concluída com êxito ficheiros ocultos: 0 ************************************************** ************************ . Conclusão time: 2008-10-16 17:56:31 ComboFix-quarantined-files.txt 2008-10-16 21:56:27 Pré-Run: 142.914.838.528 bytes free Post-Run: 142.911.078.400 bytes free WindowsXP-KB310994-SP2-Home-Bootdisk-PTG.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S [sistemas operacionais] C: \ cmdcons \ bootsect.dat = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Home Edition" / noexecute = OptIn / fastdetect 208 --- EOF --- 2008-10-16 15:20:49 |
|
| |
| Marcadores |
Similar Threads | ||||
| Fio | Thread Starter | Fórum | Respostas | Última postagem |
| Trojan Vundo.H não vai Away. | jbrac25 | Vírus, spyware e Segurança | 6 | 15. De maio de 2009 13:12 |
| Precisa de ajuda ... Não pode se livrar de TROJAN.VUNDO.H. | sukun | Vírus, spyware e Segurança | 1 | 2. De maio de 2009 16:27 |
| Eu não posso me livrar de TROJAN.VUNDO.H do meu PC | theprodigycmb | Vírus, spyware e Segurança | 13 | 16. De março de 2009 16:40 |
| Precisa de Ajuda w / Trojan.Vundo H! | Nicholas02 | Vírus, spyware e Segurança | 22 | 22. De dezembro de 2008 17:59 |
| Trojan.vundo.h, trojan.agent, adware.mirar + Mais! : ( | sillyarfer | Vírus, spyware e Segurança | 1 | 14. De dezembro de 2008 09:59 |
| Thread Tools | |
| |
