Boa noite,
meu pc está infectado por trojans, passo o antivírus todos os dias, e todos os dias ele deleta o mesmo arquivo.
segue cópia da mensagem dos detectador:
excluído: Programa de cavalo de Tróia Trojan-Spy.Win32.Delf.ays Arquivo: I:\msnmsgr_plus.exe
excluído: vírus Virus.VBS.AutoRun.d Arquivo: I:\killVBS.vbs
não encontrado: Programa de cavalo de Tróia Trojan-Downloader.WMA.Wimad.n Arquivo: C:\Users\Keitty Umburanas\Documents\LimeWire\Incomplete\T-3545425-livres para adorar.mp3
não encontrado: Programa de cavalo de Tróia Trojan-Downloader.WMA.Wimad.l Arquivo: C:\Users\Keitty Umburanas\Documents\LimeWire\Incomplete\T-3045692-01 Track 1.wma
excluído: Programa de cavalo de Tróia Trojan-Downloader.WMA.Wimad.l Arquivo: C:\Users\Keitty Umburanas\Documents\LimeWire\Incomplete\T-3098403-02 Track 2.wma
não encontrado: Programa de cavalo de Tróia Trojan-Downloader.WMA.Wimad.n Arquivo: C:\Users\Keitty Umburanas\Documents\LimeWire\Incomplete\T-3545425-martin smith majesty2.mp3
excluído: Programa de cavalo de Tróia Trojan-Downloader.WMA.Wimad.n Arquivo: C:\Users\Keitty Umburanas\Documents\LimeWire\Incomplete\CORRUPT-0-martin smith majesty2.mp3
detectado: Programa de cavalo de Tróia Trojan-Spy.Win32.Banker.mfn URL: http://upgrades.fileave.com/brd/emotion-83...372.exe//ASPack
não encontrado: Programa de cavalo de Tróia Trojan-Downloader.WMA.Wimad.n Arquivo: C:\Users\Keitty Umburanas\Documents\LimeWire\Incomplete\T-3545425-surfando karmas e dna.mp3
excluído: Programa de cavalo de Tróia Trojan-Downloader.WMA.Wimad.n Arquivo: C:\Users\Keitty Umburanas\Documents\LimeWire\Incomplete\CORRUPT-0-surfando karmas e dna.mp3
excluído: Programa de cavalo de Tróia Trojan.Win32.AutoHK.bc Arquivo: I:\autorun.inf
não encontrado: Programa de cavalo de Tróia Trojan-Downloader.WMA.Wimad.n Arquivo: C:\Users\Keitty Umburanas\Documents\LimeWire\Incomplete\T-5745425-caetano veloso mae.mp3
excluído: Programa de cavalo de Tróia Trojan-Downloader.WMA.Wimad.n Arquivo: C:\Users\Keitty Umburanas\Documents\LimeWire\Incomplete\CORRUPT-0-caetano veloso mae.mp3
excluído: Programa de cavalo de Tróia Trojan-Downloader.WMA.Wimad.n Arquivo: C:\Users\Keitty Umburanas\Documents\LimeWire\Incomplete\T-3545425-voices mae.mp3
detectado: riskware Trojan.generic Processo em execução: C:\USERS\KEITTY UMBURANAS\APPDATA\LOCAL\TEMP\GUM5A68.TMP\GOOGLEUPDATE.EXE
excluído: Programa de cavalo de Tróia Trojan-Downloader.WMA.Wimad.n Arquivo: C:\Users\Keitty Umburanas\Documents\LimeWire\Incomplete\T-5745425-diario babado novo.mp3
excluído: Programa de cavalo de Tróia Trojan-Downloader.WMA.GetCodec.d Arquivo: C:\Users\Keitty Umburanas\Documents\LimeWire\Incomplete\T-3599662-Babado Novo - O Diário.mp3
Alguém poderia me ajudar??
Desde já agradeço.
Full Version: Trojans
Baixe o combofix e coloque o resultado do log aqui, para podermos analisá-lo.
Boa noite,
segue:
ComboFix 08-07-21.1 - Keitty Umburanas 2008-07-21 23:30:32.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1046.18.317 [GMT -3:00]
Executando de: C:\Users\Keitty Umburanas\Documents\ComboFix.exe
* Criado um novo ponto de restauro
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\x64
.
((((((((((((((((((((((( Ficheiros criados de 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))))
.
2008-07-13 00:09 . 2006-11-22 10:27 212,992 --a------ C:\Windows\System32\AKCPanel.cpl
2008-07-13 00:08 . 2008-07-13 00:08 <DIR> d-------- C:\Program Files\Anark
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 02:28 34,528,288 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-07-21 23:39 --------- d-----w C:\Users\Keitty Umburanas\AppData\Roaming\BrOffice.org2
2008-07-21 23:39 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-07-21 02:40 462,188 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-07-20 23:52 --------- d-----w C:\Program Files\Google
2008-07-20 23:40 --------- d-----w C:\Users\Keitty Umburanas\AppData\Roaming\LimeWire
2008-07-09 19:49 174 --sha-w C:\Program Files\desktop.ini
2008-07-09 19:40 --------- d-----w C:\Program Files\Windows Mail
2008-06-15 21:34 --------- d-----w C:\Users\Keitty Umburanas\AppData\Roaming\Snapfish
2008-06-15 05:56 --------- d-----w C:\Users\Keitty Umburanas\AppData\Roaming\Simple Star
2008-06-15 05:56 --------- d-----w C:\Users\Keitty Umburanas\AppData\Roaming\Ahead
2008-06-15 05:54 --------- d-----w C:\Program Files\Ahead
2008-06-15 05:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-15 05:44 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-15 05:41 --------- d-----w C:\ProgramData\Ahead
2008-06-15 05:41 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-29 17:35 88,774 ----a-w C:\Windows\system32\drivers\klick.dat
2008-05-29 02:51 96,966 ----a-w C:\Windows\system32\drivers\klin.dat
2008-05-22 00:20 --------- d-----w C:\Program Files\MegauploadToolbar
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-14 17:02 1232896]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2006-11-02 09:34 191488]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-25 21:28 212992]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 09:34 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 09:34 2159104 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 17:22 638976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]
C:\Users\Keitty Umburanas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BrOffice.org 2.0.lnk - C:\Program Files\BrOffice.org 2.0\program\quickstart.exe [2006-10-15 22:03:30 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PCTV Quick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-02-23 04:55:04 598016]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Program Files\GbPlugin\gbiehcef.dll" [2008-03-05 11:29 341576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D56AB936-12F7-4F69-A08D-027920BFE24C}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"TCP Query User{20AF2D70-9D59-4A8E-883C-D207ADA6AB88}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{FB8EAADB-D2BD-4FC5-A371-871D54E06D04}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{171150BA-6BCC-412D-8FD0-AC81AAA71340}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{A9558B5E-BD6F-455F-82B5-D7FE5177A6F2}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{6650D20F-249F-4D41-BCA3-BD6DEB834BB2}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{9A47954E-C059-4EE3-AA13-B21B2FD2B608}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{B4E332DA-D7A6-4E6B-BACA-5F5DCFF9B69D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-01-25 19:33]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;C:\Windows\system32\DRIVERS\AVerBDA3x.sys [2006-12-14 00:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-07-21 23:51:28 C:\Windows\Tasks\User_Feed_Synchronization-{8E77C823-7C90-409B-B949-B4757ECA6611}.job"
- C:\Windows\system32\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
HKLM-Run-vivoads - vivoads.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.orkut.com/
O16 -: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab
C:\Windows\Downloaded Program Files\InstallClient.inf
O16 -: {09E4754D-01C9-47D0-A4ED-A06C0EE4BDF4} - hxxp://aurelioparavoce.educacional.com.br/controlePC/Autenticacao.CAB
C:\Windows\Downloaded Program Files\Autenticacao.INF
C:\Windows\System32\msvbvm60.dll
C:\Windows\System32\oleaut32.dll
C:\Windows\System32\olepro32.dll
C:\Windows\System32\asycfilt.dll
C:\Windows\System32\stdole2.tlb
C:\Windows\System32\comcat.dll
C:\Windows\Downloaded Program Files\Autenticacao.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 23:38:55
Windows 6.0.6000 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros ocultos ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> ?:\Windows\system32\iertutil.dll
.
Tempo para conclusão: 2008-07-21 23:42:30
ComboFix-quarantined-files.txt 2008-07-22 02:41:22
Pre-Run: 120,146,071,552 bytes disponíveis
Post-Run: 120,350,601,216 bytes disponíveis
133 --- E O F --- 2008-07-16 00:36:35
segue:
ComboFix 08-07-21.1 - Keitty Umburanas 2008-07-21 23:30:32.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1046.18.317 [GMT -3:00]
Executando de: C:\Users\Keitty Umburanas\Documents\ComboFix.exe
* Criado um novo ponto de restauro
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\x64
.
((((((((((((((((((((((( Ficheiros criados de 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))))
.
2008-07-13 00:09 . 2006-11-22 10:27 212,992 --a------ C:\Windows\System32\AKCPanel.cpl
2008-07-13 00:08 . 2008-07-13 00:08 <DIR> d-------- C:\Program Files\Anark
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 02:28 34,528,288 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-07-21 23:39 --------- d-----w C:\Users\Keitty Umburanas\AppData\Roaming\BrOffice.org2
2008-07-21 23:39 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-07-21 02:40 462,188 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-07-20 23:52 --------- d-----w C:\Program Files\Google
2008-07-20 23:40 --------- d-----w C:\Users\Keitty Umburanas\AppData\Roaming\LimeWire
2008-07-09 19:49 174 --sha-w C:\Program Files\desktop.ini
2008-07-09 19:40 --------- d-----w C:\Program Files\Windows Mail
2008-06-15 21:34 --------- d-----w C:\Users\Keitty Umburanas\AppData\Roaming\Snapfish
2008-06-15 05:56 --------- d-----w C:\Users\Keitty Umburanas\AppData\Roaming\Simple Star
2008-06-15 05:56 --------- d-----w C:\Users\Keitty Umburanas\AppData\Roaming\Ahead
2008-06-15 05:54 --------- d-----w C:\Program Files\Ahead
2008-06-15 05:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-15 05:44 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-15 05:41 --------- d-----w C:\ProgramData\Ahead
2008-06-15 05:41 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-29 17:35 88,774 ----a-w C:\Windows\system32\drivers\klick.dat
2008-05-29 02:51 96,966 ----a-w C:\Windows\system32\drivers\klin.dat
2008-05-22 00:20 --------- d-----w C:\Program Files\MegauploadToolbar
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-14 17:02 1232896]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2006-11-02 09:34 191488]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-25 21:28 212992]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 09:34 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 09:34 2159104 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 17:22 638976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]
C:\Users\Keitty Umburanas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BrOffice.org 2.0.lnk - C:\Program Files\BrOffice.org 2.0\program\quickstart.exe [2006-10-15 22:03:30 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PCTV Quick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-02-23 04:55:04 598016]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Program Files\GbPlugin\gbiehcef.dll" [2008-03-05 11:29 341576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D56AB936-12F7-4F69-A08D-027920BFE24C}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"TCP Query User{20AF2D70-9D59-4A8E-883C-D207ADA6AB88}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{FB8EAADB-D2BD-4FC5-A371-871D54E06D04}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{171150BA-6BCC-412D-8FD0-AC81AAA71340}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{A9558B5E-BD6F-455F-82B5-D7FE5177A6F2}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{6650D20F-249F-4D41-BCA3-BD6DEB834BB2}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{9A47954E-C059-4EE3-AA13-B21B2FD2B608}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{B4E332DA-D7A6-4E6B-BACA-5F5DCFF9B69D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-01-25 19:33]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;C:\Windows\system32\DRIVERS\AVerBDA3x.sys [2006-12-14 00:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-07-21 23:51:28 C:\Windows\Tasks\User_Feed_Synchronization-{8E77C823-7C90-409B-B949-B4757ECA6611}.job"
- C:\Windows\system32\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
HKLM-Run-vivoads - vivoads.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.orkut.com/
O16 -: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab
C:\Windows\Downloaded Program Files\InstallClient.inf
O16 -: {09E4754D-01C9-47D0-A4ED-A06C0EE4BDF4} - hxxp://aurelioparavoce.educacional.com.br/controlePC/Autenticacao.CAB
C:\Windows\Downloaded Program Files\Autenticacao.INF
C:\Windows\System32\msvbvm60.dll
C:\Windows\System32\oleaut32.dll
C:\Windows\System32\olepro32.dll
C:\Windows\System32\asycfilt.dll
C:\Windows\System32\stdole2.tlb
C:\Windows\System32\comcat.dll
C:\Windows\Downloaded Program Files\Autenticacao.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 23:38:55
Windows 6.0.6000 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros ocultos ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> ?:\Windows\system32\iertutil.dll
.
Tempo para conclusão: 2008-07-21 23:42:30
ComboFix-quarantined-files.txt 2008-07-22 02:41:22
Pre-Run: 120,146,071,552 bytes disponíveis
Post-Run: 120,350,601,216 bytes disponíveis
133 --- E O F --- 2008-07-16 00:36:35
Again, thanks a lot Lucian, for your help. 
Karol, o seu log não tem nada de errado.
Provavelmente é um erro da versão do limewire que você está usando.
Desinstale essa versão, e instale a versão 4.18.
Karol, o seu log não tem nada de errado.
Provavelmente é um erro da versão do limewire que você está usando.
Desinstale essa versão, e instale a versão 4.18.
Obrigada!
já atualizei minha versão do Lime!
Tenha uma boa noite!
já atualizei minha versão do Lime!
Tenha uma boa noite!
olá...Se a sua versão do Kav estiver dando, este mesmo erro pode ser por causa da sua configuração do limeWire, tende usar o Shareaza 2.3, e o libere no firewall do kav, serve para outros apricativos p2p tambem.
Se encotra em, baixaki , superdownloads, ou até mesmo em uma busca rapida no google.
Se encotra em, baixaki , superdownloads, ou até mesmo em uma busca rapida no google.
QUOTE(++ISTIVI-JAS @ 28.07.2008 01:24) 
olá...Se a sua versão do Kav estiver dando, este mesmo erro pode ser por causa da sua configuração do limeWire, tende usar o Shareaza 2.3, e o libere no firewall do kav, serve para outros apricativos p2p tambem.
Se encotra em, baixaki , superdownloads, ou até mesmo em uma busca rapida no google.
Se encotra em, baixaki , superdownloads, ou até mesmo em uma busca rapida no google.
++ISTIVI-JAS, KAV não possui firewall. somente o KIS.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.