Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14838 usuários registradosO último membro registrado é Lanterna Verde com Disco
Os nossos membros postaram um total de 36058 mensagens em 3689 assuntos
Quem está conectado?
Há 108 usuários online :: 0 registrados, 0 invisíveis e 108 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
virus riskware como remover?
2 participantes
Página 1 de 1
virus riskware como remover?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:33:50, on 10/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\BrOffice.org 2.0\program\soffice.exe
C:\Program Files\BrOffice.org 2.0\program\soffice.BIN
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Users\morena26\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDB20KNI\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [easyMuleAutoStart] C:\Program Files\easyMule2\easyMule.exe -AutoStart
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - Startup: BrOffice.org 2.0.lnk = C:\Program Files\BrOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: PCTV Quick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: Baixar com o Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download by easyMule - C:\Program Files\easyMule2\IE2EM.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Free Download Manager\dlselected.htm
O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{91C9F125-77BE-4CE9-B516-BAF9EC25891F}: NameServer = 200.222.0.34 200.202.193.75
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8281 bytes
Scan saved at 20:33:50, on 10/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\BrOffice.org 2.0\program\soffice.exe
C:\Program Files\BrOffice.org 2.0\program\soffice.BIN
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Users\morena26\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDB20KNI\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [easyMuleAutoStart] C:\Program Files\easyMule2\easyMule.exe -AutoStart
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - Startup: BrOffice.org 2.0.lnk = C:\Program Files\BrOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: PCTV Quick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: Baixar com o Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download by easyMule - C:\Program Files\easyMule2\IE2EM.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Free Download Manager\dlselected.htm
O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{91C9F125-77BE-4CE9-B516-BAF9EC25891F}: NameServer = 200.222.0.34 200.202.193.75
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8281 bytes
morena26- Iniciante
- Mensagens : 4
Reputação : 0
Data de inscrição : 10/06/2010
Re: virus riskware como remover?
Olá!
Por favor, extraia o HijackThis para uma pasta própria, como C:\HijackThis, pois se executá-lo do jeito que você executou seu computador pode ser danificado.
Por favor, siga as instruções abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Sugiro que imprima as instruções abaixo pois não poderá lê-las enquanto utiliza a ferramenta.
Abraços
Por favor, extraia o HijackThis para uma pasta própria, como C:\HijackThis, pois se executá-lo do jeito que você executou seu computador pode ser danificado.
Por favor, siga as instruções abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Sugiro que imprima as instruções abaixo pois não poderá lê-las enquanto utiliza a ferramenta.
- Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve no seu desktop (área de trabalho).
- Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
- Feche todas as janelas, incluindo esta.
- Duplo clique no ícone [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] que está em seu desktop.
- Uma janela vai abrir falando do local correto para baixar a ferramenta. Pressione o botão OK.
- Aceite as condições, digitando 1 e Enter.
- O ComboFix criará um ponto de restauração. Aguarde.
- Computadores com Windows XP deverão instalar o Console de Recuperação:
- Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
- Clique em "OK" ao [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
- Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.
- O ComboFix será executado. Seja paciente e aguarde.
- Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
- Poderá surgir o aviso que é necessário reiniciar o computador.
NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente. - Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.
NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
- Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
- De forma alguma saia do ComboFix usando o "X" do programa. Caso queira sair, tecle "N".
- Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
- Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.
Abraços
LordEvil- Membro
- Mensagens : 132
Reputação : 0
Data de inscrição : 13/10/2009
virus riskware
ComboFix 10-06-11.01 - morena26 12/06/2010 11:47:18.1.2 - x86
Microsoft Windows Vista Starter 6.0.6002.2.1252.55.1046.18.1015.397 [GMT -3:00]
Executando de: c:\users\morena26\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Search Settings
c:\program files\Search Settings\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\users\morena26\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload.tmp
c:\users\morena26\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload[1].tmp
c:\users\morena26\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload[2].tmp
c:\users\morena26\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload[3].tmp
c:\users\morena26\AppData\Roaming\Desktopicon
c:\users\morena26\AppData\Roaming\Desktopicon\eBay.ico
c:\users\morena26\AppData\Roaming\Desktopicon\uninst.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\vbzlib1.dll
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-12 to 2010-06-12 ))))))))))))))))))))))))))))
.
2010-06-09 15:21 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 15:21 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 15:21 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 15:17 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 00:51 . 2010-06-09 00:51 -------- d-----w- c:\users\morena26\AppData\Roaming\Malwarebytes
2010-06-09 00:51 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 00:51 . 2010-06-09 00:51 -------- d-----w- c:\programdata\Malwarebytes
2010-06-09 00:51 . 2010-06-09 00:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 00:51 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-08 01:02 . 2010-06-08 01:02 311312 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\6.0\klif.sys
2010-06-05 14:18 . 2010-06-05 14:18 -------- d-----w- c:\windows\system32\ca-ES
2010-06-05 14:18 . 2010-06-05 14:18 -------- d-----w- c:\windows\system32\eu-ES
2010-06-05 14:18 . 2010-06-05 14:18 -------- d-----w- c:\windows\system32\vi-VN
2010-06-02 19:38 . 2010-06-02 19:38 -------- d-----w- c:\program files\WinPcap
2010-06-02 19:37 . 2010-06-02 19:37 -------- d-----w- c:\program files\DsNET Corp
2010-05-30 12:58 . 2010-05-30 12:58 -------- d-----w- c:\program files\Alcohol Soft
2010-05-30 12:55 . 2010-05-30 12:55 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-28 20:29 . 2010-05-28 20:29 -------- d-----w- c:\program files\Common Files\PCSuite
2010-05-28 20:29 . 2010-05-28 20:29 -------- d-----w- c:\program files\Common Files\Nokia
2010-05-27 18:59 . 2010-05-27 18:59 -------- d-----w- c:\users\morena26\AppData\Local\vdownloader
2010-05-26 23:05 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 19:27 . 2010-05-25 19:27 -------- d-----w- c:\users\morena26\AppData\Local\Ares
2010-05-25 19:27 . 2010-05-25 19:27 -------- d-----w- c:\program files\Ares
2010-05-25 13:52 . 2010-05-25 13:52 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-05-25 13:52 . 2010-05-25 13:52 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-25 13:51 . 2010-05-25 13:51 311312 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\6.0\klif.sys
2010-05-25 01:55 . 2010-05-25 13:52 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-25 01:55 . 2010-05-25 13:52 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-25 01:51 . 2010-05-25 01:51 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-05-24 18:30 . 2010-06-02 19:37 -------- d-----w- C:\Downloads
2010-05-24 18:24 . 2010-06-12 13:54 -------- d-----w- c:\users\morena26\AppData\Roaming\Software Informer
2010-05-24 18:24 . 2010-05-24 18:24 -------- d-----w- c:\program files\Software Informer
2010-05-24 18:24 . 2010-06-12 14:40 -------- d-----w- c:\users\morena26\AppData\Roaming\Free Download Manager
2010-05-24 18:24 . 2010-05-24 18:24 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2010-05-24 18:24 . 2010-05-24 18:24 -------- d-----w- c:\program files\Free Download Manager
2010-05-21 19:59 . 2010-05-21 19:59 -------- d-----w- c:\program files\Ask.com
2010-05-21 19:58 . 2010-02-10 14:18 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2010-05-21 19:58 . 2010-05-27 18:59 -------- d-----w- c:\program files\VDownloader
2010-05-15 14:17 . 2010-06-12 14:40 -------- d-----w- c:\users\morena26\AppData\Roaming\BrOffice.org2
2010-05-14 01:32 . 2010-05-14 01:32 -------- d-----w- c:\program files\Application Updater
2010-05-13 23:00 . 2005-02-24 15:51 348160 ----a-w- c:\windows\system32\WMAFile.dll
2010-05-13 23:00 . 2005-03-11 21:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2010-05-13 23:00 . 2005-02-24 16:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll
2010-05-13 23:00 . 2003-01-26 15:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-05-13 23:00 . 1998-07-13 01:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-05-13 23:00 . 2000-10-01 21:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-05-13 23:00 . 1999-03-25 21:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-05-13 23:00 . 1998-07-13 01:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-05-13 23:00 . 1998-07-12 21:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-05-13 23:00 . 2003-04-18 18:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-05-13 18:38 . 2010-05-20 22:33 -------- d-----w- c:\users\morena26\AppData\Local\Microsoft Games
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 13:53 . 2010-04-10 16:19 -------- d-----w- c:\programdata\Kaspersky Lab
2010-06-06 14:43 . 2008-01-21 05:51 632786 ----a-w- c:\windows\system32\prfh0416.dat
2010-06-06 14:43 . 2008-01-21 05:51 121294 ----a-w- c:\windows\system32\prfc0416.dat
2010-06-05 14:18 . 2006-11-02 12:33 -------- d-----w- c:\program files\Windows Calendar
2010-06-05 14:18 . 2006-11-02 12:33 -------- d-----w- c:\program files\Windows Sidebar
2010-06-05 14:18 . 2006-11-02 12:33 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-05 14:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-05 14:18 . 2006-11-02 12:33 -------- d-----w- c:\program files\Windows Defender
2010-06-05 14:17 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-31 15:50 . 2010-04-11 12:39 -------- d-----w- c:\users\morena26\AppData\Roaming\PC Suite
2010-05-30 21:34 . 2010-04-11 12:39 -------- d-----w- c:\users\morena26\AppData\Roaming\Nokia
2010-05-28 20:29 . 2010-04-11 12:36 -------- d-----w- c:\program files\Nokia
2010-05-28 20:25 . 2010-05-28 20:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-05-25 01:54 . 2010-04-10 16:19 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-13 22:36 . 2010-05-08 22:29 -------- d-----w- c:\program files\Ahead
2010-05-13 22:36 . 2010-04-16 18:00 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-13 22:16 . 2010-05-13 13:27 -------- d-----w- c:\program files\Ashampoo
2010-05-13 19:10 . 2010-05-11 23:16 -------- d-----w- c:\users\morena26\AppData\Roaming\Ashampoo
2010-05-12 14:21 . 2010-04-14 02:20 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-11 23:15 . 2010-05-11 23:15 -------- d-----w- c:\program files\MyAshampoo
2010-05-11 23:15 . 2010-05-11 23:15 -------- d-----w- c:\program files\Conduit
2010-05-11 23:14 . 2010-05-11 23:14 -------- d-----w- c:\programdata\ashampoo
2010-05-11 21:11 . 2010-05-11 21:06 -------- d-----w- c:\program files\E.M. DVD Copy
2010-05-11 20:28 . 2010-05-11 20:28 -------- d-----w- c:\program files\Complex
2010-05-11 19:58 . 2010-05-11 19:54 -------- d-----w- c:\program files\Burning Mill Advanced
2010-05-11 19:54 . 2010-05-11 19:54 -------- d-----w- c:\users\morena26\AppData\Roaming\InfraRecorder
2010-05-11 18:45 . 2010-05-11 18:28 -------- d-----w- c:\program files\Elaborate Bytes
2010-05-11 17:58 . 2010-04-16 18:12 -------- d-----w- c:\program files\Common Files\Nero
2010-05-11 17:58 . 2010-04-16 18:12 -------- d-----w- c:\programdata\Nero
2010-05-11 17:58 . 2010-04-16 18:12 -------- d-----w- c:\program files\Nero
2010-05-11 17:57 . 2010-05-11 17:57 6128936 ----a-w- c:\users\morena26\SETUPX.EXE
2010-05-08 22:34 . 2010-05-08 22:34 -------- d-----w- c:\programdata\Ahead
2010-05-04 05:59 . 2010-06-09 15:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 15:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-09 15:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-09 15:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-28 23:37 . 2010-04-28 23:09 -------- d-----w- c:\program files\Ares Music
2010-04-27 00:29 . 2010-04-21 14:19 -------- d-----w- c:\programdata\Messenger Plus!
2010-04-25 00:01 . 2010-04-20 16:14 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-04-24 23:34 . 2010-04-24 23:18 -------- d-----w- c:\program files\easyMule2
2010-04-18 01:55 . 2010-04-18 01:55 -------- d-----w- c:\program files\MSXML 4.0
2010-04-18 01:32 . 2008-09-26 08:01 -------- d-----w- c:\programdata\Discador
2010-04-18 01:32 . 2010-04-15 16:15 -------- d-----w- c:\program files\Canon
2010-04-18 01:05 . 2008-09-26 08:01 -------- d-----w- c:\program files\Positivo Informática
2010-04-16 18:39 . 2010-04-16 18:38 -------- d-----w- c:\users\morena26\AppData\Roaming\Nero
2010-04-16 02:16 . 2010-04-15 16:13 -------- d-----w- c:\program files\Common Files\PAC7302
2010-04-16 02:11 . 2010-04-16 02:11 -------- d-----w- c:\programdata\CanonIJPLM
2010-04-15 16:18 . 2010-04-15 16:18 -------- d--h--w- c:\programdata\CanonBJ
2010-04-15 16:16 . 2010-04-15 16:16 -------- d--h--w- c:\program files\CanonBJ
2010-04-15 16:13 . 2010-04-15 16:13 -------- d-----w- c:\program files\ANC
2010-04-15 16:13 . 2008-09-26 08:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-15 00:04 . 2010-04-15 00:04 -------- d-----w- c:\program files\Microsoft
2010-04-15 00:04 . 2010-04-15 00:03 -------- d-----w- c:\program files\Windows Live
2010-04-15 00:04 . 2010-04-15 00:04 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-14 19:43 . 2010-04-14 19:43 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-11 12:35 . 2010-04-11 12:35 8192 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-11 12:35 . 2010-04-11 12:35 61440 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-11 12:35 . 2010-04-11 12:35 10240 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-10 16:24 . 2010-04-10 16:24 51736 ----a-w- c:\users\morena26\AppData\Local\GDIPFONTCACHEV1.DAT
2008-06-23 11:47 . 2008-06-23 11:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2009-12-31 14:53 2349080 ----a-w- c:\program files\MyAshampoo\tbMyAs.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 19:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-29 3727411]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2010-04-23 2285637]
"ares"="c:\program files\Ares\Ares.exe" [2010-02-08 1015808]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-12 4702208]
"Skytel"="Skytel.exe" [2007-10-12 1826816]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\users\morena26\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BrOffice.org 2.0.lnk - c:\program files\BrOffice.org 2.0\program\quickstart.exe [2006-10-15 393216]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2008-9-26 163840]
PCTV Quick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-9-26 598016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):13,04,e8,f2,ba,04,cb,01
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-30 691696]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S0 Shield;Shield; [x]
S1 cloverm;cloverm; [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-04-14 348160]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-04-11 393216]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2007-11-15 28672]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x.sys [2007-05-21 1180672]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE: Baixar com o Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] files\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] files\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] files\Free Download Manager\dlfvideo.htm
IE: Download by easyMule - c:\program files\easyMule2\IE2EM.htm
IE: Download selecionado pelo Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] files\Free Download Manager\dlselected.htm
Trusted Zone: com.br\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
.
- - - - ORFÃOS REMOVIDOS - - - -
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
HKCU-Run-easyMuleAutoStart - c:\program files\easyMule2\easyMule.exe
HKCU-Run-fsm - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
AddRemove-eBay Icon - c:\users\morena26\AppData\Roaming\Desktopicon\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2010-06-12 11:57
Windows 6.0.6002 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Tempo para conclusão: 2010-06-12 12:00:40
ComboFix-quarantined-files.txt 2010-06-12 15:00
Pré-execução: 120.161.112.064 bytes disponíveis
Pós execução: 128.150.794.240 bytes disponíveis
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 961BC796BAE0BBC7A7769EC8ED13202E
Microsoft Windows Vista Starter 6.0.6002.2.1252.55.1046.18.1015.397 [GMT -3:00]
Executando de: c:\users\morena26\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Search Settings
c:\program files\Search Settings\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\users\morena26\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload.tmp
c:\users\morena26\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload[1].tmp
c:\users\morena26\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload[2].tmp
c:\users\morena26\AppData\Local\Microsoft\Windows\Temporary Internet Files\udDownload[3].tmp
c:\users\morena26\AppData\Roaming\Desktopicon
c:\users\morena26\AppData\Roaming\Desktopicon\eBay.ico
c:\users\morena26\AppData\Roaming\Desktopicon\uninst.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\vbzlib1.dll
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-12 to 2010-06-12 ))))))))))))))))))))))))))))
.
2010-06-09 15:21 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 15:21 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 15:21 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 15:17 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 00:51 . 2010-06-09 00:51 -------- d-----w- c:\users\morena26\AppData\Roaming\Malwarebytes
2010-06-09 00:51 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 00:51 . 2010-06-09 00:51 -------- d-----w- c:\programdata\Malwarebytes
2010-06-09 00:51 . 2010-06-09 00:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 00:51 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-08 01:02 . 2010-06-08 01:02 311312 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\6.0\klif.sys
2010-06-05 14:18 . 2010-06-05 14:18 -------- d-----w- c:\windows\system32\ca-ES
2010-06-05 14:18 . 2010-06-05 14:18 -------- d-----w- c:\windows\system32\eu-ES
2010-06-05 14:18 . 2010-06-05 14:18 -------- d-----w- c:\windows\system32\vi-VN
2010-06-02 19:38 . 2010-06-02 19:38 -------- d-----w- c:\program files\WinPcap
2010-06-02 19:37 . 2010-06-02 19:37 -------- d-----w- c:\program files\DsNET Corp
2010-05-30 12:58 . 2010-05-30 12:58 -------- d-----w- c:\program files\Alcohol Soft
2010-05-30 12:55 . 2010-05-30 12:55 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-28 20:29 . 2010-05-28 20:29 -------- d-----w- c:\program files\Common Files\PCSuite
2010-05-28 20:29 . 2010-05-28 20:29 -------- d-----w- c:\program files\Common Files\Nokia
2010-05-27 18:59 . 2010-05-27 18:59 -------- d-----w- c:\users\morena26\AppData\Local\vdownloader
2010-05-26 23:05 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 19:27 . 2010-05-25 19:27 -------- d-----w- c:\users\morena26\AppData\Local\Ares
2010-05-25 19:27 . 2010-05-25 19:27 -------- d-----w- c:\program files\Ares
2010-05-25 13:52 . 2010-05-25 13:52 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-05-25 13:52 . 2010-05-25 13:52 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-25 13:51 . 2010-05-25 13:51 311312 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\6.0\klif.sys
2010-05-25 01:55 . 2010-05-25 13:52 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-25 01:55 . 2010-05-25 13:52 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-25 01:51 . 2010-05-25 01:51 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-05-24 18:30 . 2010-06-02 19:37 -------- d-----w- C:\Downloads
2010-05-24 18:24 . 2010-06-12 13:54 -------- d-----w- c:\users\morena26\AppData\Roaming\Software Informer
2010-05-24 18:24 . 2010-05-24 18:24 -------- d-----w- c:\program files\Software Informer
2010-05-24 18:24 . 2010-06-12 14:40 -------- d-----w- c:\users\morena26\AppData\Roaming\Free Download Manager
2010-05-24 18:24 . 2010-05-24 18:24 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2010-05-24 18:24 . 2010-05-24 18:24 -------- d-----w- c:\program files\Free Download Manager
2010-05-21 19:59 . 2010-05-21 19:59 -------- d-----w- c:\program files\Ask.com
2010-05-21 19:58 . 2010-02-10 14:18 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2010-05-21 19:58 . 2010-05-27 18:59 -------- d-----w- c:\program files\VDownloader
2010-05-15 14:17 . 2010-06-12 14:40 -------- d-----w- c:\users\morena26\AppData\Roaming\BrOffice.org2
2010-05-14 01:32 . 2010-05-14 01:32 -------- d-----w- c:\program files\Application Updater
2010-05-13 23:00 . 2005-02-24 15:51 348160 ----a-w- c:\windows\system32\WMAFile.dll
2010-05-13 23:00 . 2005-03-11 21:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2010-05-13 23:00 . 2005-02-24 16:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll
2010-05-13 23:00 . 2003-01-26 15:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-05-13 23:00 . 1998-07-13 01:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-05-13 23:00 . 2000-10-01 21:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-05-13 23:00 . 1999-03-25 21:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-05-13 23:00 . 1998-07-13 01:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-05-13 23:00 . 1998-07-12 21:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-05-13 23:00 . 2003-04-18 18:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-05-13 18:38 . 2010-05-20 22:33 -------- d-----w- c:\users\morena26\AppData\Local\Microsoft Games
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 13:53 . 2010-04-10 16:19 -------- d-----w- c:\programdata\Kaspersky Lab
2010-06-06 14:43 . 2008-01-21 05:51 632786 ----a-w- c:\windows\system32\prfh0416.dat
2010-06-06 14:43 . 2008-01-21 05:51 121294 ----a-w- c:\windows\system32\prfc0416.dat
2010-06-05 14:18 . 2006-11-02 12:33 -------- d-----w- c:\program files\Windows Calendar
2010-06-05 14:18 . 2006-11-02 12:33 -------- d-----w- c:\program files\Windows Sidebar
2010-06-05 14:18 . 2006-11-02 12:33 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-05 14:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-05 14:18 . 2006-11-02 12:33 -------- d-----w- c:\program files\Windows Defender
2010-06-05 14:17 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-31 15:50 . 2010-04-11 12:39 -------- d-----w- c:\users\morena26\AppData\Roaming\PC Suite
2010-05-30 21:34 . 2010-04-11 12:39 -------- d-----w- c:\users\morena26\AppData\Roaming\Nokia
2010-05-28 20:29 . 2010-04-11 12:36 -------- d-----w- c:\program files\Nokia
2010-05-28 20:25 . 2010-05-28 20:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-05-25 01:54 . 2010-04-10 16:19 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-13 22:36 . 2010-05-08 22:29 -------- d-----w- c:\program files\Ahead
2010-05-13 22:36 . 2010-04-16 18:00 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-13 22:16 . 2010-05-13 13:27 -------- d-----w- c:\program files\Ashampoo
2010-05-13 19:10 . 2010-05-11 23:16 -------- d-----w- c:\users\morena26\AppData\Roaming\Ashampoo
2010-05-12 14:21 . 2010-04-14 02:20 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-11 23:15 . 2010-05-11 23:15 -------- d-----w- c:\program files\MyAshampoo
2010-05-11 23:15 . 2010-05-11 23:15 -------- d-----w- c:\program files\Conduit
2010-05-11 23:14 . 2010-05-11 23:14 -------- d-----w- c:\programdata\ashampoo
2010-05-11 21:11 . 2010-05-11 21:06 -------- d-----w- c:\program files\E.M. DVD Copy
2010-05-11 20:28 . 2010-05-11 20:28 -------- d-----w- c:\program files\Complex
2010-05-11 19:58 . 2010-05-11 19:54 -------- d-----w- c:\program files\Burning Mill Advanced
2010-05-11 19:54 . 2010-05-11 19:54 -------- d-----w- c:\users\morena26\AppData\Roaming\InfraRecorder
2010-05-11 18:45 . 2010-05-11 18:28 -------- d-----w- c:\program files\Elaborate Bytes
2010-05-11 17:58 . 2010-04-16 18:12 -------- d-----w- c:\program files\Common Files\Nero
2010-05-11 17:58 . 2010-04-16 18:12 -------- d-----w- c:\programdata\Nero
2010-05-11 17:58 . 2010-04-16 18:12 -------- d-----w- c:\program files\Nero
2010-05-11 17:57 . 2010-05-11 17:57 6128936 ----a-w- c:\users\morena26\SETUPX.EXE
2010-05-08 22:34 . 2010-05-08 22:34 -------- d-----w- c:\programdata\Ahead
2010-05-04 05:59 . 2010-06-09 15:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 15:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-09 15:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-09 15:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-28 23:37 . 2010-04-28 23:09 -------- d-----w- c:\program files\Ares Music
2010-04-27 00:29 . 2010-04-21 14:19 -------- d-----w- c:\programdata\Messenger Plus!
2010-04-25 00:01 . 2010-04-20 16:14 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-04-24 23:34 . 2010-04-24 23:18 -------- d-----w- c:\program files\easyMule2
2010-04-18 01:55 . 2010-04-18 01:55 -------- d-----w- c:\program files\MSXML 4.0
2010-04-18 01:32 . 2008-09-26 08:01 -------- d-----w- c:\programdata\Discador
2010-04-18 01:32 . 2010-04-15 16:15 -------- d-----w- c:\program files\Canon
2010-04-18 01:05 . 2008-09-26 08:01 -------- d-----w- c:\program files\Positivo Informática
2010-04-16 18:39 . 2010-04-16 18:38 -------- d-----w- c:\users\morena26\AppData\Roaming\Nero
2010-04-16 02:16 . 2010-04-15 16:13 -------- d-----w- c:\program files\Common Files\PAC7302
2010-04-16 02:11 . 2010-04-16 02:11 -------- d-----w- c:\programdata\CanonIJPLM
2010-04-15 16:18 . 2010-04-15 16:18 -------- d--h--w- c:\programdata\CanonBJ
2010-04-15 16:16 . 2010-04-15 16:16 -------- d--h--w- c:\program files\CanonBJ
2010-04-15 16:13 . 2010-04-15 16:13 -------- d-----w- c:\program files\ANC
2010-04-15 16:13 . 2008-09-26 08:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-15 00:04 . 2010-04-15 00:04 -------- d-----w- c:\program files\Microsoft
2010-04-15 00:04 . 2010-04-15 00:03 -------- d-----w- c:\program files\Windows Live
2010-04-15 00:04 . 2010-04-15 00:04 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-14 19:43 . 2010-04-14 19:43 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-11 12:35 . 2010-04-11 12:35 8192 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-11 12:35 . 2010-04-11 12:35 61440 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-11 12:35 . 2010-04-11 12:35 10240 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-10 16:24 . 2010-04-10 16:24 51736 ----a-w- c:\users\morena26\AppData\Local\GDIPFONTCACHEV1.DAT
2008-06-23 11:47 . 2008-06-23 11:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2009-12-31 14:53 2349080 ----a-w- c:\program files\MyAshampoo\tbMyAs.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 19:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-29 3727411]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2010-04-23 2285637]
"ares"="c:\program files\Ares\Ares.exe" [2010-02-08 1015808]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-12 4702208]
"Skytel"="Skytel.exe" [2007-10-12 1826816]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\users\morena26\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BrOffice.org 2.0.lnk - c:\program files\BrOffice.org 2.0\program\quickstart.exe [2006-10-15 393216]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2008-9-26 163840]
PCTV Quick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-9-26 598016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):13,04,e8,f2,ba,04,cb,01
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-30 691696]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S0 Shield;Shield; [x]
S1 cloverm;cloverm; [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-04-14 348160]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-04-11 393216]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2007-11-15 28672]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x.sys [2007-05-21 1180672]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE: Baixar com o Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] files\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] files\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] files\Free Download Manager\dlfvideo.htm
IE: Download by easyMule - c:\program files\easyMule2\IE2EM.htm
IE: Download selecionado pelo Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] files\Free Download Manager\dlselected.htm
Trusted Zone: com.br\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
.
- - - - ORFÃOS REMOVIDOS - - - -
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
HKCU-Run-easyMuleAutoStart - c:\program files\easyMule2\easyMule.exe
HKCU-Run-fsm - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
AddRemove-eBay Icon - c:\users\morena26\AppData\Roaming\Desktopicon\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2010-06-12 11:57
Windows 6.0.6002 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Tempo para conclusão: 2010-06-12 12:00:40
ComboFix-quarantined-files.txt 2010-06-12 15:00
Pré-execução: 120.161.112.064 bytes disponíveis
Pós execução: 128.150.794.240 bytes disponíveis
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 961BC796BAE0BBC7A7769EC8ED13202E
morena26- Iniciante
- Mensagens : 4
Reputação : 0
Data de inscrição : 10/06/2010
Re: virus riskware como remover?
Olá!
Por favor, adicione a pasta C:\Qoobox a um arquivo .zip ou .rar, hospede-o em um site como o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ou [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e me disponibilize o link para download.
Abraços
Por favor, adicione a pasta C:\Qoobox a um arquivo .zip ou .rar, hospede-o em um site como o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ou [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e me disponibilize o link para download.
Abraços
LordEvil- Membro
- Mensagens : 132
Reputação : 0
Data de inscrição : 13/10/2009
riskware
sim sr lordEvil eu acho q resolveu ñ entendo muito. eu so ñ entendir sobre como proceder em releçao ao fim do uso do combofix e sobre a resposta q me enviaste o mais tudo bem. meu anti virus continua achando esse arquivo riskware eu acho q deve ter alguma fonte q vem esse arquivo.pergunto posso ignorar,ele tem algum perigo para o pc? abraços
morena26- Iniciante
- Mensagens : 4
Reputação : 0
Data de inscrição : 10/06/2010
Re: virus riskware como remover?
Olá!
Seu computador ainda está infectado.
Faça o seguinte:
Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve no seu desktop.
Abraços
Seu computador ainda está infectado.
Faça o seguinte:
Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve no seu desktop.
- Instale o WinRAR.
- Vá ao Disco local C (C:\), clique com o botão direito na pasta "Qoobox" e selecione "Adicionar para Qoobox.rar". O WinRAR abrirá e criará um arquivo chamado Qoobox.rar - possui um ícone de vários livros amontoados.
- Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] , clique no botão "Inserir", em preto, selecione o arquivo Qoobox.rar que o winrar acabou de criar e clique em "Abrir". Após isso, digite uma descrição do arquivo e depois clique em "Enviar".
- Quando o MegaUpload terminar de fazer o upload do arquivo qoobox.rar, ele lhe dará um link. Simplesmente disponibilize esse link para mim em uma resposta.
Abraços
LordEvil- Membro
- Mensagens : 132
Reputação : 0
Data de inscrição : 13/10/2009
Re: virus riskware como remover?
Tópico arquivado.
Como o autor não respondeu ao tópico por mais de 20 dias, o mesmo foi arquivado.
Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um membro da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] com um link para este tópico e justifique porque você precisa dele reaberto.
Como o autor não respondeu ao tópico por mais de 20 dias, o mesmo foi arquivado.
Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um membro da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] com um link para este tópico e justifique porque você precisa dele reaberto.
LordEvil- Membro
- Mensagens : 132
Reputação : 0
Data de inscrição : 13/10/2009
Tópicos semelhantes
» Como remover o vírus ADWARE do meu pc?
» Virus de Hardware como remover.....?
» Como remover o vírus Viewpassword
» Como Remover o vírus Rambler do PC?
» como remover o vírus fotos slides movie.vbe
» Virus de Hardware como remover.....?
» Como remover o vírus Viewpassword
» Como Remover o vírus Rambler do PC?
» como remover o vírus fotos slides movie.vbe
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos