zardec

Membro
  • Content count

    152
  • Joined

  • Last visited

Community Reputation

0 Neutral

About zardec

  • Rank
    Membro
  • Birthday 06/29/1962

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Local
    Salvador/Bahia
  1. Melo agora deu pra apareçer uma janela quando ligo ou reinicio o notebook, com essa informação: O Windows não pode encontrar ´2055791.exe´ certifique-se de que o nome foi digitado corretamente e tente novamente
  2. Ok Melo já fiz tudo, e muito obrigado por tudo, e vai desculpando o incomodo. Valeu e obrigado a todos deste importantissimo site o LINHADEFENSIVA.
  3. Segue os logs: Status: Absent (events: 1) 28/08/2011 18:20: Paulo+Sonia Not found adware not-a-virus:AdWare.Win32.Craagle.b G:\TUDO\Programas\Craagler Seriais Chaves\Craagle 4.0.exe Medium Status: Deleted (events: 6) 28/08/2011 17:36: Paulo+Sonia Deleted Trojan program Trojan-Downloader.Win32.Agent.svxd G:\TUDO\Programas\Tradutor Vista Todos\Vistalizator_1.36.rar High 28/08/2011 17:36: Paulo+Sonia Deleted Trojan program Trojan-Downloader.Win32.Agent.svxd G:\TUDO\Programas\Tradutor Vista Todos\Vistalizator_1.36.rar//Vistalizator 1.36/Vistalizator.exe High 28/08/2011 17:33: Paulo+Sonia Deleted Trojan program Trojan-Downloader.Win32.Agent.svxd G:\TUDO\Programas\Tradutor Vista Todos\Vistalizator 1.36\Vistalizator.exe High 28/08/2011 17:36: Paulo+Sonia Deleted Trojan program Trojan-Downloader.Win32.Agent.svxd H:\PAULO\Programas\Tradutor Vista Todos\Vistalizator 1.36\Vistalizator.exe High 28/08/2011 17:36: Paulo+Sonia Deleted Trojan program Trojan-Downloader.Win32.Agent.svxd H:\PAULO\Programas\Tradutor Vista Todos\Vistalizator_1.36.rar High 28/08/2011 17:36: Paulo+Sonia Deleted Trojan program Trojan-Downloader.Win32.Agent.svxd H:\PAULO\Programas\Tradutor Vista Todos\Vistalizator_1.36.rar//Vistalizator 1.36/Vistalizator.exe High Status: Absent (events: 1) 28/08/2011 18:20: Paulo+Sonia Not found adware not-a-virus:AdWare.Win32.Craagle.b G:\TUDO\Programas\Craagler Seriais Chaves\Craagle 4.0.exe Medium Status: Deleted (events: 6) 28/08/2011 17:36: Paulo+Sonia Deleted Trojan program Trojan-Downloader.Win32.Agent.svxd G:\TUDO\Programas\Tradutor Vista Todos\Vistalizator_1.36.rar High 28/08/2011 17:36: Paulo+Sonia Deleted Trojan program Trojan-Downloader.Win32.Agent.svxd G:\TUDO\Programas\Tradutor Vista Todos\Vistalizator_1.36.rar//Vistalizator 1.36/Vistalizator.exe High 28/08/2011 17:33: Paulo+Sonia Deleted Trojan program Trojan-Downloader.Win32.Agent.svxd G:\TUDO\Programas\Tradutor Vista Todos\Vistalizator 1.36\Vistalizator.exe High 28/08/2011 17:36: Paulo+Sonia Deleted Trojan program Trojan-Downloader.Win32.Agent.svxd H:\PAULO\Programas\Tradutor Vista Todos\Vistalizator 1.36\Vistalizator.exe High 28/08/2011 17:36: Paulo+Sonia Deleted Trojan program Trojan-Downloader.Win32.Agent.svxd H:\PAULO\Programas\Tradutor Vista Todos\Vistalizator_1.36.rar High 28/08/2011 17:36: Paulo+Sonia Deleted Trojan program Trojan-Downloader.Win32.Agent.svxd H:\PAULO\Programas\Tradutor Vista Todos\Vistalizator_1.36.rar//Vistalizator 1.36/Vistalizator.exe High Logfile of HijackThis v1.99.1 Scan saved at 18:28: Paulo+Sonia, on 28/08/2011 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Autorun Eater\oldmcdonald.exe C:\Program Files\Freecorder\FLVSrvc.exe C:\Windows\system32\taskhost.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Autorun Eater\billy.exe C:\Program Files\RocketDock\RocketDock.exe C:\Windows\system32\taskeng.exe C:\Users\PAULOeSONIA\Desktop\CHijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O4 - Startup: _uninst_55328846.lnk = C:\Users\PAULOeSONIA\AppData\Local\temp\_uninst_55328846.bat O4 - Startup: _uninst_78235051.lnk = C:\Users\PAULOeSONIA\AppData\Local\temp\_uninst_78235051.bat O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [iNTERNATIONAL] International O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
  4. Ok vou rodar agora, marcar as duas opções Desinfect e Delet, antes ou depois do scan?
  5. Log do Kaspersky: Status: Detected (events: 8) 27/08/2011 20:14: Paulo+Sonia Detected Trojan program Trojan-Banker.Win32.Banker.slfs C:\Documents and Settings\PAULOeSONIA\AppData\mods.exe High 27/08/2011 20:18: Paulo+Sonia Detected Trojan program Trojan-Downloader.Win32.Agent.szro C:\Documents and Settings\PAULOeSONIA\AppData\Local\TempWinDir\svhost.exe//# High 27/08/2011 20:20: Paulo+Sonia Detected Trojan program Trojan-Downloader.Win32.Agent.szro C:\Documents and Settings\PAULOeSONIA\Configurações locais\TempWinDir\svhost.exe//# High 27/08/2011 20:50: Paulo+Sonia Detected Trojan program Trojan-Banker.Win32.Banker.slfs C:\Users\PAULOeSONIA\AppData\mods.exe High 27/08/2011 20:53: Paulo+Sonia Detected Trojan program Trojan-Downloader.Win32.Agent.szro C:\Users\PAULOeSONIA\AppData\Local\TempWinDir\svhost.exe//# High 27/08/2011 20:56: Paulo+Sonia Detected Trojan program Trojan-Downloader.Win32.Agent.szro C:\Users\PAULOeSONIA\Configurações locais\TempWinDir\svhost.exe//# High 27/08/2011 22:47: Paulo+Sonia Detected Trojan program Trojan-Downloader.Win32.Agent.svxd D:\Programas\Tradutor Vista Todos\Vistalizator 1.36\Vistalizator.exe High 27/08/2011 22:47: Paulo+Sonia Detected Trojan program Trojan-Downloader.Win32.Agent.svxd D:\Programas\Tradutor Vista Todos\Vistalizator_1.36.rar//Vistalizator 1.36/Vistalizator.exe High
  6. Melo qual das duas verssões é pra fazer o download tem em ingles e brazilian?
  7. Segue anexo os 2 log's hijackthis e combofix. Logfile of HijackThis v1.99.1 Scan saved at 19:11: Paulo+Sonia, on 25/08/2011 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.exe C:\Users\PAULOeSONIA\Desktop\CHijackThis\HijackThis.exe C:\Windows\system32\SearchProtocolHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [iNTERNATIONAL] International O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing) ComboFix 11-08-25.01 - PAULOeSONIA 25/08/2011 18:54:42.6.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.1790.1133 [GMT -3:00] Executando de: c:\users\PAULOeSONIA\Desktop\ComboFix.exe Comandos utilizados :: c:\users\PAULOeSONIA\Desktop\CFScript.txt;.txt AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Windi C:\windy c:\windy\Funcoes.dll c:\windy\Panda.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Akamai . . (((((((((((((((( Arquivos/Ficheiros criados de 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))) . . 2011-08-25 22:00 . 2011-08-25 22:00 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-08-25 22:00 . 2011-08-25 22:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-23 21:48 . 2011-07-06 22:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-23 21:48 . 2011-08-23 21:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-23 21:48 . 2011-07-06 22:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-23 21:46 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll 2011-08-22 21:40 . 2011-08-25 22:02 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\temp 2011-08-22 21:08 . 2011-08-22 21:08 -------- d-----w- c:\programdata\Malwarebytes 2011-08-19 19:41 . 2011-08-19 19:41 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\TempWinDir 2011-08-14 19:45 . 2011-08-14 19:45 -------- d-----w- c:\program files\Electronic Arts 2011-08-14 18:59 . 2011-08-14 18:59 -------- d-----w- c:\programdata\Electronic Arts 2011-08-12 19:32 . 2011-08-24 00:12 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\Unity 2011-08-11 23:06 . 2011-08-24 00:30 -------- d-----w- c:\users\PAULOeSONIA\.dvdcss 2011-08-11 23:05 . 2011-08-11 23:05 -------- d-----w- c:\program files\DVD Audio Extractor 2011-08-09 23:33 . 2011-08-09 23:33 -------- d-----w- C:\91c60f709506f2bd13b6 2011-08-09 22:47 . 2011-08-09 22:47 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\Diagnostics 2011-08-07 15:12 . 2011-08-07 15:12 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-08-07 15:09 . 2011-08-07 15:09 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\f4f1f56e1cc551301\MeshBetaRemover.exe 2011-07-31 15:52 . 2011-07-31 15:52 -------- d-----w- c:\users\PAULOeSONIA\AppData\Roaming\Need for Speed World 2011-07-30 23:41 . 2011-07-31 00:02 -------- d--h--w- c:\windows\msdownld.tmp . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-09 22:02 . 2011-06-04 23:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-30 01:22 . 2011-05-11 14:23 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-06-11 02:29 . 2011-07-13 22:27 2334208 ----a-w- c:\windows\system32\win32k.sys 2011-06-05 19:08 . 2011-05-06 17:20 409088 ----a-w- c:\windows\system32\systemcpl.dll 2011-06-05 19:08 . 2011-05-06 17:20 13824 ----a-w- c:\windows\system32\slwga.dll 2011-06-25 01:04 . 2011-06-11 18:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2009-05-27 549400] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752] . c:\users\PAULOeSONIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2011-5-5 495616] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKLM\~\startupfolder\C:^Users^PAULOeSONIA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk] path=c:\users\PAULOeSONIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 15:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 07:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 21:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 14:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-07-06 22:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2011-07-06 22:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2010-03-26 13:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 17:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2008-01-21 15:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-01-07 16:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2009-07-10 136496] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272] R3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [2009-09-03 51872] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\DRIVERS\ZTEusbdvbh.sys [2009-03-09 105216] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ TCP: DhcpNameServer = 192.168.1.1 192.168.0.1 FF - ProfilePath - c:\users\PAULOeSONIA\AppData\Roaming\Mozilla\Firefox\Profiles\e7z212ee.default\ FF - prefs.js: browser.search.selectedEngine - Facemoods Search FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties FF - prefs.js: network.proxy.type - 0 . . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_USERS\S-1-5-21-216458521-2070048779-897843473-1000\Software\Ahead\Nero ShowTime\Settings\VideoEnhance] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-216458521-2070048779-897843473-1000\Software\Gabest\Media Player Classic\Settings\PnSPresets] @DACL=(02 0000) "Preset0"="Scale to 16:9 TV,0.500,0.500,1.000,1.333" "Preset1"="Zoom To Widescreen,0.500,0.500,1.333,1.333" "Preset2"="Zoom To Ultra-Widescreen,0.500,0.500,1.763,1.763" . [HKEY_USERS\S-1-5-21-216458521-2070048779-897843473-1000\Software\GNU\ffdshow_audio\default] @DACL=(02 0000) "mixerNormalizeMatrix"=dword:00000000 "volNormalize"=dword:00000000 "ismixer"=dword:00000001 "mixerOut"=dword:00000001 "passthroughAC3"=dword:00000000 "passthroughDTS"=dword:00000000 "decoderDRC"=dword:00000000 "decoderDRCLevel"=dword:00000064 "preferredsfs"=dword:0000000f "dithering"=dword:00000000 "noiseShaping"=dword:00000000 "autoLoadLogic"=dword:00000000 "isDolbyDecoder"=dword:00000000 "showDolbyDecoder"=dword:00000001 "orderDolbyDecoder"=dword:00000000 "dolbyDecoderDelay"=dword:00000014 "isVolume"=dword:00000000 "orderVolume"=dword:00000001 "volume"=dword:00000064 "showVolume"=dword:00000001 "volNormalizeMax"=dword:00000190 "volumeL"=dword:00000064 "volumeC"=dword:00000064 "volumeR"=dword:00000064 "volumeSL"=dword:00000064 "volumeSR"=dword:00000064 "volumeLFE"=dword:00000064 "volumeLmute"=dword:00000000 "volumeCmute"=dword:00000000 "volumeRmute"=dword:00000000 "volumeSLmute"=dword:00000000 "volumeSRmute"=dword:00000000 "volumeLFEmute"=dword:00000000 "volNormalizeResetonseek"=dword:00000000 "volumeAL"=dword:00000064 "volumeAR"=dword:00000064 "volumeALmute"=dword:00000000 "volumeARmute"=dword:00000000 "volNormalizeRegainVolume"=dword:00000000 "isEQ"=dword:00000000 "orderEQ"=dword:00000002 "eq0"=dword:00000064 "eq1"=dword:00000064 "eq2"=dword:00000064 "eq3"=dword:00000064 "eq4"=dword:00000064 "eq5"=dword:00000064 "eq6"=dword:00000064 "eq7"=dword:00000064 "eq8"=dword:00000064 "eq9"=dword:00000064 "eqLowdb"=dword:fffffb50 "eqHighdb"=dword:000004b0 "showEQ"=dword:00000001 "eq0freq"=dword:00000c35 "eq1freq"=dword:0000186a "eq2freq"=dword:000030d4 "eq3freq"=dword:000061a8 "eq4freq"=dword:0000c350 "eq5freq"=dword:000186a0 "eq6freq"=dword:00030d40 "eq7freq"=dword:00061a80 "eq8freq"=dword:000c3500 "eq9freq"=dword:00186a00 "eqSuper"=dword:00000000 "isFIR"=dword:00000000 "showFIR"=dword:00000001 "orderFIR"=dword:00000003 "firTaps"=dword:00000020 "firType"=dword:00000000 "firFreq"=dword:00001770 "firWidth"=dword:000003e8 "firWindow"=dword:00000004 "firKaiserBeta"=dword:000003e8 "isConvolver"=dword:00000000 "showConvolver"=dword:00000001 "orderConvolver"=dword:00000004 "convolverMixingStrength"=dword:00000064 "convolverLevelAdjustDB"=dword:00000000 "convolverLevelAdjustAuto"=dword:00000001 "convolverMappingMode"=dword:00000000 "convolverFile"="" "convolverFileL"="" "convolverFileR"="" "convolverFileC"="" "convolverFileSL"="" "convolverFileSR"="" "convolverFileLFE"="" "isAudioDenoise"=dword:00000000 "showAudioDenoise"=dword:00000001 "orderAudioDenoise"=dword:00000005 "audioDenoiseThreshold"=dword:00000064 "isWinamp2"=dword:00000000 "orderWinamp2"=dword:00000006 "showWinamp2"=dword:00000001 "allowMultichannelOnlyIn"="dsp_dfx.dll" "winamp2flnm"="" "winamp2filtername"="" "isFreeverb"=dword:00000000 "showFreeverb"=dword:00000001 "orderFreeverb"=dword:00000007 "freeverbRoomsize"=dword:000001f4 "freeverbDamp"=dword:000000fa "freeverbWet"=dword:0000014d "freeverbDry"=dword:000002ee "freeverbWidth"=dword:000003e8 "freeverbMode"=dword:00000000 "isCrystality"=dword:00000000 "showCrystality"=dword:00000001 "orderCrystality"=dword:00000008 "bext_level"=dword:0000001c "echo_level"=dword:0000000b "stereo_level"=dword:0000000b "filter_level"=dword:00000003 "feedback_level"=dword:0000001e "harmonics_level"=dword:0000002b "isResample"=dword:00000000 "showResample"=dword:00000001 "orderResample"=dword:00000009 "resampleFreq"=dword:0000ac44 "resampleMode"=dword:00000000 "resampleIf"=dword:00000000 "resampleIfCond"=dword:00000001 "resampleIfFreq"=dword:0000ac44 "isDelay"=dword:00000000 "showDelay"=dword:00000001 "orderDelay"=dword:0000000a "delayL"=dword:00000000 "delayC"=dword:00000000 "delayR"=dword:00000000 "delaySL"=dword:00000000 "delaySR"=dword:00000000 "delayAL"=dword:00000000 "delayLFE"=dword:00000000 "delayAR"=dword:00000000 "delayBC"=dword:00000000 "isLFEcrossover"=dword:00000000 "showLFEcrossover"=dword:00000001 "orderLFEcrossover"=dword:0000000b "LFEcrossoverFreq"=dword:000000b4 "LFEcrossoverGain"=dword:ffffff38 "IDFF_LFEcutLR"=dword:00000000 "isChannelSwap"=dword:00000000 "showChannelSwap"=dword:00000001 "orderChannelSwap"=dword:0000000c "channelSwapL"=dword:00000001 "channelSwapR"=dword:00000002 "channelSwapC"=dword:00000004 "channelSwapSL"=dword:00000010 "channelSwapRear"=dword:00000100 "channelSwapSR"=dword:00000020 "channelSwapLFE"=dword:00000008 "channelSwapAL"=dword:00000200 "channelSwapAR"=dword:00000400 "showMixer"=dword:00000001 "orderMixer"=dword:0000000d "mixerMatrix00"=dword:000186a0 "mixerMatrix02"=dword:00000000 "mixerMatrix01"=dword:00000000 "mixerMatrix05"=dword:00000000 "mixerMatrix03"=dword:00000000 "mixerMatrix04"=dword:00000000 "mixerMatrix20"=dword:00000000 "mixerMatrix22"=dword:000186a0 "mixerMatrix21"=dword:00000000 "mixerMatrix25"=dword:00000000 "mixerMatrix23"=dword:00000000 "mixerMatrix24"=dword:00000000 "mixerMatrix10"=dword:00000000 "mixerMatrix12"=dword:00000000 "mixerMatrix11"=dword:000186a0 "mixerMatrix15"=dword:00000000 "mixerMatrix13"=dword:00000000 "mixerMatrix14"=dword:00000000 "mixerMatrix50"=dword:00000000 "mixerMatrix52"=dword:00000000 "mixerMatrix51"=dword:00000000 "mixerMatrix55"=dword:000186a0 "mixerMatrix53"=dword:00000000 "mixerMatrix54"=dword:00000000 "mixerMatrix30"=dword:00000000 "mixerMatrix32"=dword:00000000 "mixerMatrix31"=dword:00000000 "mixerMatrix35"=dword:00000000 "mixerMatrix33"=dword:000186a0 "mixerMatrix34"=dword:00000000 "mixerMatrix40"=dword:00000000 "mixerMatrix42"=dword:00000000 "mixerMatrix41"=dword:00000000 "mixerMatrix45"=dword:00000000 "mixerMatrix43"=dword:00000000 "mixerMatrix44"=dword:000186a0 "mixerCustomMatrix"=dword:00000000 "mixerExpandStereo2"=dword:00000000 "mixerVoiceControl2"=dword:00000000 "headphone_dim"=dword:0000000a "mixerClev"=dword:00000064 "mixerSlev"=dword:00000064 "mixerLFElev"=dword:00000064 "mixerMatrix60"=dword:00000000 "mixerMatrix62"=dword:00000000 "mixerMatrix61"=dword:00000000 "mixerMatrix65"=dword:00000000 "mixerMatrix63"=dword:00000000 "mixerMatrix64"=dword:00000000 "mixerMatrix66"=dword:000186a0 "mixerMatrix67"=dword:00000000 "mixerMatrix70"=dword:00000000 "mixerMatrix72"=dword:00000000 "mixerMatrix71"=dword:00000000 "mixerMatrix75"=dword:00000000 "mixerMatrix73"=dword:00000000 "mixerMatrix74"=dword:00000000 "mixerMatrix76"=dword:00000000 "mixerMatrix77"=dword:000186a0 "mixerMatrix06"=dword:00000000 "mixerMatrix07"=dword:00000000 "mixerMatrix26"=dword:00000000 "mixerMatrix27"=dword:00000000 "mixerMatrix16"=dword:00000000 "mixerMatrix17"=dword:00000000 "mixerMatrix56"=dword:00000000 "mixerMatrix57"=dword:00000000 "mixerMatrix36"=dword:00000000 "mixerMatrix37"=dword:00000000 "mixerMatrix46"=dword:00000000 "mixerMatrix47"=dword:00000000 "mixerMatrix78"=dword:00000000 "mixerMatrix80"=dword:00000000 "mixerMatrix82"=dword:00000000 "mixerMatrix81"=dword:00000000 "mixerMatrix85"=dword:00000000 "mixerMatrix83"=dword:00000000 "mixerMatrix84"=dword:00000000 "mixerMatrix86"=dword:00000000 "mixerMatrix87"=dword:00000000 "mixerMatrix88"=dword:000186a0 "mixerMatrix08"=dword:00000000 "mixerMatrix28"=dword:00000000 "mixerMatrix18"=dword:00000000 "mixerMatrix58"=dword:00000000 "mixerMatrix38"=dword:00000000 "mixerMatrix48"=dword:00000000 "mixerMatrix68"=dword:00000000 "outsfs"=dword:00000001 "outAC3bitrate"=dword:00000280 "connectTo"=dword:00000000 "connectToOnlySpdif"=dword:00000001 "outAC3EncodeMode"=dword:00000000 "multichannelDevice"="" "multichannelDeviceId"="" "autoloadExtsNeedFix"=dword:00000001 "autoloadFlnm"=dword:00000000 "autoloadExt"=dword:00000000 "autoloadExts"="" "autoloadExe"=dword:00000000 "autoloadExes"="" "autoloadVolumeName"=dword:00000000 "autoloadVolumeNames"="" "autoloadVolumeSerial"=dword:00000000 "autoloadVolumeSerials"="" "autoloadDecoder"=dword:00000000 "autoloadDecoders"="" "autoloadDSfilter"=dword:00000000 "autoloadDSfilters"="" "autoloadNchannel"=dword:00000000 "autoloadNchannels"="" "autoloadFreq"=dword:00000000 "autoloadFreqs"="" . [HKEY_USERS\S-1-5-21-216458521-2070048779-897843473-1000\Software\Microsoft\Installer\Products\EB940C659E972054EB7A79453A6EF0B9\SourceList\Media] @DACL=(02 0000) "1"=";" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'lsass.exe'(524) c:\program files\Scpad\scpLIB.dll c:\program files\Scpad\scpMIB.dll . - - - - - - - > 'Explorer.exe'(2264) c:\program files\Scpad\scpLIB.dll c:\program files\Scpad\scpMIB.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Panda USB Vaccine\USBVaccine.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\windows\system32\taskhost.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Tempo para conclusão: 2011-08-25 19:05:44 - Máquina reiniciou ComboFix-quarantined-files.txt 2011-08-25 22:05 . Pré-execução: 134.532.993.024 bytes disponíveis Pós execução: 134.190.882.816 bytes disponíveis . - - End Of File - - D543547D54BA3E288B7D8EAADA9DFE6A
  8. Segue o log do combofix ComboFix.txt
  9. Melo e este modpro.exe o que é?
  10. Melo fiz um segundo scaneamento com o malware verificação completa, e foi detectado o wina.exe segue abaixo o segundo log: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Versão da Base de Dados: 7548 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 23/08/2011 19:45:34 mbam-log-2011-08-23 (19-45-34).txt Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|) Objetos escaneados: 267269 Tempo decorrido: 35 minuto(s), 21 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 1 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\Users\pauloesonia\AppData\wina.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
  11. Abrir o Ccleaner e fui olhar os programas iniciados com o sistema operacional, e encontrei isso modpro.exe e wina.exe, e o msn continua abrindo. Segue abaixo os logs, sendo que o hijack, abriu antes de scanear duas janelas que parecia ser erro mais segue o log que ele criou. Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Versão da Base de Dados: 7548 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 23/08/2011 18:57:17 mbam-log-2011-08-23 (18-57-17).txt Tipo de Verificação: Verificação Rápida Objetos escaneados: 162147 Tempo decorrido: 3 minuto(s), 50 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) Logfile of HijackThis v1.99.1 Scan saved at 18:59: Paulo+Sonia, on 23/08/2011 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Autorun Eater\oldmcdonald.exe C:\Program Files\Autorun Eater\billy.exe C:\Program Files\Freecorder\FLVSrvc.exe C:\Program Files\RocketDock\RocketDock.exe C:\Users\PAULOeSONIA\AppData\modpro.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Users\PAULOeSONIA\Desktop\CHijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (file missing) O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (file missing) O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [iNTERNATIONAL] International O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
  12. Venho pedir ajuda, pois meu notebook esta infectado, quando ligo ele abre a janela do messenger (MSN) 2010 e eu uso a verssão 2011, sendo que meu mensseger é configurado para abrir so quando é clikado, e não junto com o sistema operacional, e quando abro o internet explorer, ele abre duas paginas do mesmo. Segue abaixo o log do hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 18:52: Paulo+Sonia, on 22/08/2011 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Freecorder\FLVSrvc.exe C:\Program Files\RocketDock\RocketDock.exe C:\Users\PAULOeSONIA\AppData\modpro.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe C:\Users\PAULOeSONIA\Desktop\CHijackThis\HijackThis.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [modpro.exe] C:\Users\PAULOeSONIA\AppData\modpro.exe O4 - HKCU\..\Run: [wina] C:\Users\PAULOeSONIA\AppData\wina.exe O4 - Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [iNTERNATIONAL] International O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
  13. Gostaria de ajuda para tirar minha duvida, estou querendo comprar um Tablet e encontrei estes dois Zenithink E98 e o ZT180, alguém poderia me ajudar dando uma olhada nestas configurações dos dois tablets abaixo? O primeiro é o ZT180: O segundo é o ZT E98: iTablet Android 2.2 WiFi Gps 3G HDMI Office Videos em HD 1080p 10.2'' ZT180 Descrição do produto -Tablet Android ZT-180 -Conexão HDMI -Touchscreen -Formatos de alta definição -720p e 1080p -Tela de 10.2 polegadas -Androind 2.2 -WiFi -3G WCDMA -Gps grátis -Internet WiFi Bandas B / G e N -Pen Drive, você pode levar seus arquivos para onde quiser -2 x Usb 2.0 + Mini Usb (adaptador RJ45) -RJ45 por adaptador, internet por cabo -Conexão mini HDMI -3G WCDMA -WiFi -Função OTG -Gps + Street View -Google Maps -Youtube -Excel -Word -Pdf -Muitos outros softs para Android -Java 2.0 para suporte a outros softwares -Câmera digital -Fotos em 1.3 Megapixels reais -Fotos com resolução de 1280 x 960 -Filmadora -Filma com audio -Mp4, Xvid, Divx, H.263, H.264, Wma, Flash, 3GP, RM -Wma, Mp3, Wav, Flac, Aac, Ogg, -Vídeos em 720p e 1080p -Tela 1024 x 600 -Processador Rockchip 1Ghz -Memória DDR2 512MB -Youtube -Mudança de porta -Microfone -Botão power -Volume +/- -Menu -Home -WiFi On e Off -Reset ESPECIFICAÇÔES TÉCNICAS: -Dimensões 18 x 27,1 x 1,8 cm -Bateria Lion de 2400mAh -Bivolt 110V / 220 V -Peso: 800 gramas ACESSÒRIOS: -Zenithinl ZT180 -Carregador -Bateria -Manual inglês -Caixa Lacrada -1 Cartão de memória 4GB -Fones de ouvido -------------------------------------------------------------------------------- iTablet Android 2.2 3G WiFi GPS HDMI 1080p DDR 512MB Tela 8'' Pol ZT E98 Descrição do produto Tablet Android Zenithink E98 Conexão HDMI Touchscreen Formatos de alta definição Reprodução em 720p e 1080p (Saída para tv: 720p) Tela de 8 polegadas Androind 2.2 Froyo WiFi b/g 3G WCDMA Ram 512MB DDR Processador Cortex A9 1Ghz Gpu Mali 400 Android Market Flash 10.1 suporte a mais de 30,000 softwares eReader PDF, SW, TXT e HTML Display xga 1024 x 768 Idioma em Português Bateria 5600 mAh Touch Multi Point Leitor Office e Pdf Banda 850/900/1800/1900mHz, 3G - 2100mHz Totalmente Desbloqueado 3G WCDMA Bluetooth 2.1 + EDR Internet WiFi Bandas B / G Pen Drive, você pode levar seus arquivos para onde quiser Mini Usb Conexão HDMI Google Maps Youtube Excel Word Pdf Muitos outros softs para Android Java 2.0 para suporte a outros softwares Câmera digital Fotos em 1.3 Mpixels Resolução de saída 1280 x 960 Filma com audio H.264/1080p, Mpeg4 / 2 / 1, DivX, XviD:1080p, Real, Rm e Rmvb:720p, Mp3, Wma, Wav Aac, Aac+ Vídeos em 720p e 1080p Tela 1024 x 768 Processador Freescale Cortex A9 Memória DDR 512MB Youtube DC in Fone de ouvido Memory Card Usb 2.0 OTG Usb 2.0 Host Saída Hdmi Especificações Técnicas:: Dimensões 21,5 x 15 x 1,3 cm Bateria Lion de 5600 mAh Dc output: 3A - 5V Tempo de uso da bateria: 4 horas Bivolt 110V / 220 V Peso: 450 gramas Acessórios: Zenithink E98 Carregador Bateria Manual inglês Caixa Lacrada 1 Cartão de memória 4GB Fones de ouvido
  14. Jose Melo, obrigado pela sua atenção a mim, e por me ajudar a resolver mais este problema .
  15. Jose Melo, a entrada sumiu do ccleaner: Logfile of HijackThis v1.99.1 Scan saved at 19:35: Paulo+Sonia, on 27/06/2011 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Autorun Eater\oldmcdonald.exe C:\Program Files\Freecorder\FLVSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Autorun Eater\billy.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\PAULOeSONIA\Desktop\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [iNTERNATIONAL] International O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing) ComboFix 11-06-27.01 - PAULOeSONIA 27/06/2011 19:20:49.3.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.1790.1179 [GMT -3:00] Executando de: c:\users\PAULOeSONIA\Desktop\ComboFix.exe Comandos utilizados :: c:\users\PAULOeSONIA\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\PAULOeSONIA\AppData\zblowz.exe" . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\PAULOeSONIA\AppData\zblowz.exe . . (((((((((((((((( Arquivos/Ficheiros criados de 2011-05-27 to 2011-06-27 )))))))))))))))))))))))))))) . . 2011-06-27 22:26 . 2011-06-27 22:26 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\temp 2011-06-27 22:26 . 2011-06-27 22:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-26 12:25 . 2011-06-26 12:25 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{C4758661-C4C9-4A3D-8E58-10708B45D767} 2011-06-26 01:12 . 2011-06-26 01:13 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\Nero 2011-06-25 01:04 . 2011-06-25 01:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-25 01:04 . 2011-06-25 01:04 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-24 16:36 . 2011-06-24 16:36 -------- d-----w- c:\users\PAULOeSONIA\AppData\Roaming\Malwarebytes 2011-06-24 16:36 . 2011-06-24 16:36 -------- d-----w- c:\programdata\Malwarebytes 2011-06-24 16:36 . 2011-05-29 12:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-24 16:36 . 2011-05-29 12:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 16:36 . 2011-06-24 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-22 02:07 . 2011-04-29 04:57 189952 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-06-22 02:07 . 2011-04-22 19:10 981504 ----a-w- c:\windows\system32\wininet.dll 2011-06-22 02:07 . 2011-04-22 19:09 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2011-06-22 02:07 . 2011-05-28 02:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-22 00:48 . 2011-06-22 00:48 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{FB569460-BD83-4B0B-81D4-32A686F416C7} 2011-06-22 00:39 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-22 00:39 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-22 00:39 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-22 00:39 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-22 00:39 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-22 00:39 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-22 00:39 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-22 00:39 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-22 00:39 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-22 00:38 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-22 00:38 . 2011-04-29 04:57 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-22 00:26 . 2011-06-22 00:26 -------- d-----w- c:\program files\RMVB Converter 2011-06-21 01:17 . 2011-06-21 01:17 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{C578AA7D-A584-4EA7-9A19-5202DEA1E3D8} 2011-06-20 01:14 . 2011-06-20 01:15 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{FFA6B186-98FB-41D8-955E-1C78CFEC8E02} 2011-06-19 13:14 . 2011-06-19 13:14 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{84CF14C8-104C-45E2-8382-4A8E3C2FFC09} 2011-06-17 22:50 . 2011-06-17 22:50 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{828BC190-400A-4640-863B-E5B91A94FEE9} 2011-06-16 19:31 . 2011-06-16 19:31 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{A7C7F7F2-3F10-4E75-A001-38C81687D44A} 2011-06-15 17:11 . 2011-06-15 17:11 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{682399AB-E353-4180-82A3-7B49E1C0E36D} 2011-06-13 22:16 . 2011-06-13 22:17 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{2B926278-4543-448E-B133-B1B1D25A3A82} 2011-06-12 11:32 . 2011-06-12 11:32 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{5945471F-9C8B-4D1E-B743-F8BCB1BEFD91} 2011-06-11 21:10 . 2011-06-11 21:10 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{5B9D4835-5B7C-4976-B1DC-A0EFA3298262} 2011-06-11 18:23 . 2011-06-25 01:04 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-06-11 18:23 . 2011-06-25 01:04 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-06-11 18:23 . 2011-06-25 01:04 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-06-11 18:23 . 2011-06-25 01:04 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-06-11 18:23 . 2011-06-25 01:04 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-06-11 18:23 . 2011-06-25 01:04 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-06-10 00:17 . 2011-06-10 00:17 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{CAC5013E-A01B-4BB3-B5D3-9219931A00B6} 2011-06-08 15:54 . 2011-06-08 15:54 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{8F7F9A8A-57EE-4513-87C6-E82E59468D60} 2011-06-06 23:29 . 2011-06-06 23:29 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{A76B43E6-1A97-4C3F-8B26-DB681C0548B9} 2011-06-04 23:56 . 2011-06-27 21:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-04 23:28 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A786F19F-33CF-41DF-A159-832950CA6CB9}\mpengine.dll 2011-06-02 13:35 . 2011-06-02 13:36 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{B0BF853C-24A1-4F27-967E-712676A9E72C} 2011-06-01 18:54 . 2011-06-01 18:55 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{871C3587-6C6E-485B-AB36-06BB9229F751} 2011-05-31 16:03 . 2011-05-31 16:04 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{A8B0743A-654B-4765-8317-A6DB7F0B1630} 2011-05-30 20:24 . 2011-05-30 20:24 -------- d-----w- c:\program files\Scpad 2011-05-30 17:12 . 2011-05-30 17:13 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{A7EA3AFE-89A3-4A12-98AB-61DE490CD99D} 2011-05-29 15:16 . 2011-05-29 15:16 -------- d-----w- c:\users\PAULOeSONIA\AppData\Local\{6112C7C4-261C-4D76-9025-DDA8E24FEA87} . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-05 19:08 . 2011-05-06 17:20 409088 ----a-w- c:\windows\system32\systemcpl.dll 2011-06-05 19:08 . 2011-05-06 17:20 13824 ----a-w- c:\windows\system32\slwga.dll 2011-05-11 14:23 . 2011-05-11 14:23 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-05-10 12:10 . 2011-05-06 01:56 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2011-05-06 01:19 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2011-05-06 01:56 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 12:03 . 2011-05-06 01:20 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2011-05-06 01:20 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 11:59 . 2011-05-06 01:20 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2011-05-06 01:19 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-10 11:59 . 2011-05-06 01:20 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-05-06 17:45 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-05-06 14:54 . 2010-06-24 14:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-06 01:16 . 2011-05-06 01:16 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-22 19:14 . 2011-05-25 13:52 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-09 06:02 . 2011-05-10 23:41 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02 . 2011-05-10 23:41 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-10 23:41 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-06-25 01:04 . 2011-06-11 18:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2009-05-27 549400] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] . c:\users\PAULOeSONIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2011-5-5 495616] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKLM\~\startupfolder\C:^Users^PAULOeSONIA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk] path=c:\users\PAULOeSONIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 15:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 07:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 14:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2010-03-26 13:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-01-07 16:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2009-07-10 136496] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984] R3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [2009-09-03 51872] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\DRIVERS\ZTEusbdvbh.sys [2009-03-09 105216] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] . . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ TCP: DhcpNameServer = 192.168.1.1 192.168.0.1 FF - ProfilePath - c:\users\PAULOeSONIA\AppData\Roaming\Mozilla\Firefox\Profiles\e7z212ee.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 . CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo. device: opened successfully user: error reading MBR kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_USERS\S-1-5-21-216458521-2070048779-897843473-1000\Software\GNU\ffdshow_audio\default] @DACL=(02 0000) "mixerNormalizeMatrix"=dword:00000000 "volNormalize"=dword:00000000 "ismixer"=dword:00000001 "mixerOut"=dword:00000001 "passthroughAC3"=dword:00000000 "passthroughDTS"=dword:00000000 "decoderDRC"=dword:00000000 "decoderDRCLevel"=dword:00000064 "preferredsfs"=dword:0000000f "dithering"=dword:00000000 "noiseShaping"=dword:00000000 "autoLoadLogic"=dword:00000000 "isDolbyDecoder"=dword:00000000 "showDolbyDecoder"=dword:00000001 "orderDolbyDecoder"=dword:00000000 "dolbyDecoderDelay"=dword:00000014 "isVolume"=dword:00000000 "orderVolume"=dword:00000001 "volume"=dword:00000064 "showVolume"=dword:00000001 "volNormalizeMax"=dword:00000190 "volumeL"=dword:00000064 "volumeC"=dword:00000064 "volumeR"=dword:00000064 "volumeSL"=dword:00000064 "volumeSR"=dword:00000064 "volumeLFE"=dword:00000064 "volumeLmute"=dword:00000000 "volumeCmute"=dword:00000000 "volumeRmute"=dword:00000000 "volumeSLmute"=dword:00000000 "volumeSRmute"=dword:00000000 "volumeLFEmute"=dword:00000000 "volNormalizeResetonseek"=dword:00000000 "volumeAL"=dword:00000064 "volumeAR"=dword:00000064 "volumeALmute"=dword:00000000 "volumeARmute"=dword:00000000 "volNormalizeRegainVolume"=dword:00000000 "isEQ"=dword:00000000 "orderEQ"=dword:00000002 "eq0"=dword:00000064 "eq1"=dword:00000064 "eq2"=dword:00000064 "eq3"=dword:00000064 "eq4"=dword:00000064 "eq5"=dword:00000064 "eq6"=dword:00000064 "eq7"=dword:00000064 "eq8"=dword:00000064 "eq9"=dword:00000064 "eqLowdb"=dword:fffffb50 "eqHighdb"=dword:000004b0 "showEQ"=dword:00000001 "eq0freq"=dword:00000c35 "eq1freq"=dword:0000186a "eq2freq"=dword:000030d4 "eq3freq"=dword:000061a8 "eq4freq"=dword:0000c350 "eq5freq"=dword:000186a0 "eq6freq"=dword:00030d40 "eq7freq"=dword:00061a80 "eq8freq"=dword:000c3500 "eq9freq"=dword:00186a00 "eqSuper"=dword:00000000 "isFIR"=dword:00000000 "showFIR"=dword:00000001 "orderFIR"=dword:00000003 "firTaps"=dword:00000020 "firType"=dword:00000000 "firFreq"=dword:00001770 "firWidth"=dword:000003e8 "firWindow"=dword:00000004 "firKaiserBeta"=dword:000003e8 "isConvolver"=dword:00000000 "showConvolver"=dword:00000001 "orderConvolver"=dword:00000004 "convolverMixingStrength"=dword:00000064 "convolverLevelAdjustDB"=dword:00000000 "convolverLevelAdjustAuto"=dword:00000001 "convolverMappingMode"=dword:00000000 "convolverFile"="" "convolverFileL"="" "convolverFileR"="" "convolverFileC"="" "convolverFileSL"="" "convolverFileSR"="" "convolverFileLFE"="" "isAudioDenoise"=dword:00000000 "showAudioDenoise"=dword:00000001 "orderAudioDenoise"=dword:00000005 "audioDenoiseThreshold"=dword:00000064 "isWinamp2"=dword:00000000 "orderWinamp2"=dword:00000006 "showWinamp2"=dword:00000001 "allowMultichannelOnlyIn"="dsp_dfx.dll" "winamp2flnm"="" "winamp2filtername"="" "isFreeverb"=dword:00000000 "showFreeverb"=dword:00000001 "orderFreeverb"=dword:00000007 "freeverbRoomsize"=dword:000001f4 "freeverbDamp"=dword:000000fa "freeverbWet"=dword:0000014d "freeverbDry"=dword:000002ee "freeverbWidth"=dword:000003e8 "freeverbMode"=dword:00000000 "isCrystality"=dword:00000000 "showCrystality"=dword:00000001 "orderCrystality"=dword:00000008 "bext_level"=dword:0000001c "echo_level"=dword:0000000b "stereo_level"=dword:0000000b "filter_level"=dword:00000003 "feedback_level"=dword:0000001e "harmonics_level"=dword:0000002b "isResample"=dword:00000000 "showResample"=dword:00000001 "orderResample"=dword:00000009 "resampleFreq"=dword:0000ac44 "resampleMode"=dword:00000000 "resampleIf"=dword:00000000 "resampleIfCond"=dword:00000001 "resampleIfFreq"=dword:0000ac44 "isDelay"=dword:00000000 "showDelay"=dword:00000001 "orderDelay"=dword:0000000a "delayL"=dword:00000000 "delayC"=dword:00000000 "delayR"=dword:00000000 "delaySL"=dword:00000000 "delaySR"=dword:00000000 "delayAL"=dword:00000000 "delayLFE"=dword:00000000 "delayAR"=dword:00000000 "delayBC"=dword:00000000 "isLFEcrossover"=dword:00000000 "showLFEcrossover"=dword:00000001 "orderLFEcrossover"=dword:0000000b "LFEcrossoverFreq"=dword:000000b4 "LFEcrossoverGain"=dword:ffffff38 "IDFF_LFEcutLR"=dword:00000000 "isChannelSwap"=dword:00000000 "showChannelSwap"=dword:00000001 "orderChannelSwap"=dword:0000000c "channelSwapL"=dword:00000001 "channelSwapR"=dword:00000002 "channelSwapC"=dword:00000004 "channelSwapSL"=dword:00000010 "channelSwapRear"=dword:00000100 "channelSwapSR"=dword:00000020 "channelSwapLFE"=dword:00000008 "channelSwapAL"=dword:00000200 "channelSwapAR"=dword:00000400 "showMixer"=dword:00000001 "orderMixer"=dword:0000000d "mixerMatrix00"=dword:000186a0 "mixerMatrix02"=dword:00000000 "mixerMatrix01"=dword:00000000 "mixerMatrix05"=dword:00000000 "mixerMatrix03"=dword:00000000 "mixerMatrix04"=dword:00000000 "mixerMatrix20"=dword:00000000 "mixerMatrix22"=dword:000186a0 "mixerMatrix21"=dword:00000000 "mixerMatrix25"=dword:00000000 "mixerMatrix23"=dword:00000000 "mixerMatrix24"=dword:00000000 "mixerMatrix10"=dword:00000000 "mixerMatrix12"=dword:00000000 "mixerMatrix11"=dword:000186a0 "mixerMatrix15"=dword:00000000 "mixerMatrix13"=dword:00000000 "mixerMatrix14"=dword:00000000 "mixerMatrix50"=dword:00000000 "mixerMatrix52"=dword:00000000 "mixerMatrix51"=dword:00000000 "mixerMatrix55"=dword:000186a0 "mixerMatrix53"=dword:00000000 "mixerMatrix54"=dword:00000000 "mixerMatrix30"=dword:00000000 "mixerMatrix32"=dword:00000000 "mixerMatrix31"=dword:00000000 "mixerMatrix35"=dword:00000000 "mixerMatrix33"=dword:000186a0 "mixerMatrix34"=dword:00000000 "mixerMatrix40"=dword:00000000 "mixerMatrix42"=dword:00000000 "mixerMatrix41"=dword:00000000 "mixerMatrix45"=dword:00000000 "mixerMatrix43"=dword:00000000 "mixerMatrix44"=dword:000186a0 "mixerCustomMatrix"=dword:00000000 "mixerExpandStereo2"=dword:00000000 "mixerVoiceControl2"=dword:00000000 "headphone_dim"=dword:0000000a "mixerClev"=dword:00000064 "mixerSlev"=dword:00000064 "mixerLFElev"=dword:00000064 "mixerMatrix60"=dword:00000000 "mixerMatrix62"=dword:00000000 "mixerMatrix61"=dword:00000000 "mixerMatrix65"=dword:00000000 "mixerMatrix63"=dword:00000000 "mixerMatrix64"=dword:00000000 "mixerMatrix66"=dword:000186a0 "mixerMatrix67"=dword:00000000 "mixerMatrix70"=dword:00000000 "mixerMatrix72"=dword:00000000 "mixerMatrix71"=dword:00000000 "mixerMatrix75"=dword:00000000 "mixerMatrix73"=dword:00000000 "mixerMatrix74"=dword:00000000 "mixerMatrix76"=dword:00000000 "mixerMatrix77"=dword:000186a0 "mixerMatrix06"=dword:00000000 "mixerMatrix07"=dword:00000000 "mixerMatrix26"=dword:00000000 "mixerMatrix27"=dword:00000000 "mixerMatrix16"=dword:00000000 "mixerMatrix17"=dword:00000000 "mixerMatrix56"=dword:00000000 "mixerMatrix57"=dword:00000000 "mixerMatrix36"=dword:00000000 "mixerMatrix37"=dword:00000000 "mixerMatrix46"=dword:00000000 "mixerMatrix47"=dword:00000000 "mixerMatrix78"=dword:00000000 "mixerMatrix80"=dword:00000000 "mixerMatrix82"=dword:00000000 "mixerMatrix81"=dword:00000000 "mixerMatrix85"=dword:00000000 "mixerMatrix83"=dword:00000000 "mixerMatrix84"=dword:00000000 "mixerMatrix86"=dword:00000000 "mixerMatrix87"=dword:00000000 "mixerMatrix88"=dword:000186a0 "mixerMatrix08"=dword:00000000 "mixerMatrix28"=dword:00000000 "mixerMatrix18"=dword:00000000 "mixerMatrix58"=dword:00000000 "mixerMatrix38"=dword:00000000 "mixerMatrix48"=dword:00000000 "mixerMatrix68"=dword:00000000 "outsfs"=dword:00000001 "outAC3bitrate"=dword:00000280 "connectTo"=dword:00000000 "connectToOnlySpdif"=dword:00000001 "outAC3EncodeMode"=dword:00000000 "multichannelDevice"="" "multichannelDeviceId"="" "autoloadExtsNeedFix"=dword:00000001 "autoloadFlnm"=dword:00000000 "autoloadExt"=dword:00000000 "autoloadExts"="" "autoloadExe"=dword:00000000 "autoloadExes"="" "autoloadVolumeName"=dword:00000000 "autoloadVolumeNames"="" "autoloadVolumeSerial"=dword:00000000 "autoloadVolumeSerials"="" "autoloadDecoder"=dword:00000000 "autoloadDecoders"="" "autoloadDSfilter"=dword:00000000 "autoloadDSfilters"="" "autoloadNchannel"=dword:00000000 "autoloadNchannels"="" "autoloadFreq"=dword:00000000 "autoloadFreqs"="" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'lsass.exe'(572) c:\program files\Scpad\scpLIB.dll c:\program files\Scpad\scpMIB.dll . Tempo para conclusão: 2011-06-27 19:29:02 ComboFix-quarantined-files.txt 2011-06-27 22:29 ComboFix2.txt 2011-06-26 13:32 ComboFix3.txt 2011-06-25 20:56 . Pré-execução: 136.873.775.104 bytes disponíveis Pós execução: 136.824.455.168 bytes disponíveis . - - End Of File - - 577CE28F5EDC95D72A7FDD3C6213A85E