Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

ViniPage

[Resolvido!]  Vírus no messenger 2009

Recommended Posts

Olá pessoal!

 

Eu instalei o messenger 2009 a um tempo atrás, mas dae um dia começou a dar erro quando eu entro.

Ele fica aparecendo uma janela para "salvar contatos de mensagens instantaneas".Eu tento fechar e cancelar, mas continua aparecendo.

Por favor me ajudem

 

esse é o log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:12:57, on 24/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\PixArt\PAC207\Monitor.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\BitTorrent_DNA\dna.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\Webshots\webshots.scr

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\TurboADSL\TurboADSL 0.98\discador.exe

C:\DOCUME~1\Vitor\CONFIG~1\Temp\Rar$EX00.454\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NSLauncher] C:\Arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [MSNGS] Rundll32.exe C:\WINDOWS\msmsgs.txt,ini

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\BitTorrent_DNA\dna.exe"

O4 - Startup: Webshots.lnk = C:\Arquivos de programas\Webshots\Launcher.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1226428950140

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...ows-i586-jc.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E281E771-5E4C-11D5-B3E8-0040C7A63343} (StopX Control) - http://www.centraldejogos.com.br/StopWeb/StopWeb.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vilanova.local

O17 - HKLM\Software\..\Telephony: DomainName = vilanova.local

O17 - HKLM\System\CCS\Services\Tcpip\..\{44B97DF7-679B-4472-A6DA-01B793E45A92}: NameServer = 200.175.5.139 200.175.182.139

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vilanova.local

O17 - HKLM\System\CS1\Services\Tcpip\..\{44B97DF7-679B-4472-A6DA-01B793E45A92}: NameServer = 200.175.5.139 200.175.182.139

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 7745 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa ViniPage,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

opa

 

aqui está o log no ComboFix:

 

ComboFix 09-05-25.05 - Vitor 25/05/2009 21:51.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.256.99 [GMT -3:00]

Executando de: c:\documents and settings\Vitor\Meus documentos\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-26 to 2009-05-26 ))))))))))))))))))))))))))))

.

 

2009-05-24 22:10 . 2009-05-24 22:11 -------- d-----w C:\LinhaDefensiva

2009-05-23 22:40 . 2009-05-23 22:40 -------- d-----w c:\arquivos de programas\CCleaner

2009-05-23 20:52 . 2009-05-23 21:02 -------- d-----w c:\arquivos de programas\Windows Live Safety Center

2009-05-19 01:32 . 2008-04-23 17:05 47616 ----a-w c:\windows\system32\Remove.exe

2009-05-19 01:32 . 2007-10-25 21:31 616064 ----a-w c:\windows\system32\drivers\PFC027.SYS

2009-05-19 01:32 . 2009-05-19 01:32 -------- d-----w c:\arquivos de programas\Arquivos comuns\PAC207

2009-05-15 15:05 . 2009-05-15 15:05 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache

2009-05-15 01:39 . 2009-05-15 01:39 -------- d-sh--w c:\documents and settings\Vitor\IECompatCache

2009-05-15 01:38 . 2009-05-15 01:38 -------- d-sh--w c:\documents and settings\Vitor\PrivacIE

2009-05-15 01:35 . 2009-05-15 01:35 -------- d-sh--w c:\documents and settings\Vitor\IETldCache

2009-05-15 01:33 . 2009-05-15 01:33 -------- d-----w c:\windows\ie8updates

2009-05-15 01:28 . 2009-05-15 01:31 -------- dc-h--w c:\windows\ie8

2009-05-15 01:26 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll

2009-05-13 18:58 . 2009-05-13 18:58 -------- d-----w c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-05-13 18:56 . 2009-05-13 18:56 -------- d-----w c:\arquivos de programas\Windows Live SkyDrive

2009-05-13 18:20 . 2009-05-17 00:36 -------- d-----w c:\arquivos de programas\Windows Live

2009-05-01 15:37 . 2009-05-01 15:37 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2009-05-01 15:37 . 2009-05-02 18:04 -------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\HPAppData

2009-05-01 15:34 . 2009-05-01 15:34 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2009-05-01 15:04 . 2009-05-21 20:06 150745 ----a-w c:\windows\hpoins15.dat

2009-05-01 15:04 . 2007-09-20 20:05 1039 ------w c:\windows\hpomdl15.dat

2009-04-27 15:52 . 2009-04-27 15:53 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\PC Suite

2009-04-27 15:52 . 2009-04-27 15:52 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Nokia

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-26 00:54 . 2009-01-16 18:42 -------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\BitTorrent DNA

2009-05-19 01:32 . 2009-02-25 00:34 -------- d-----w c:\arquivos de programas\KYE

2009-05-19 00:06 . 2008-11-08 23:26 -------- d-----w c:\arquivos de programas\Webshots

2009-05-17 01:04 . 2008-11-10 21:27 -------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2009-05-17 01:04 . 2008-11-10 21:27 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-05-13 21:47 . 2001-10-28 18:07 79022 ----a-w c:\windows\system32\perfc016.dat

2009-05-13 21:47 . 2001-10-28 18:07 468108 ----a-w c:\windows\system32\perfh016.dat

2009-05-13 18:57 . 2008-11-11 00:45 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WindowsLiveInstaller

2009-05-13 18:28 . 2008-11-11 00:45 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-05-01 15:37 . 2009-02-26 18:56 -------- d-----w c:\arquivos de programas\HP

2009-05-01 15:34 . 2009-02-26 19:01 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\HP

2009-04-26 02:57 . 2009-01-16 18:43 -------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\BitTorrent

2009-03-08 07:34 . 2004-08-04 03:45 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 07:34 . 2004-08-04 03:45 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 07:33 . 2004-08-04 03:45 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 07:33 . 2004-08-04 03:45 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 07:32 . 2004-08-04 03:45 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 07:32 . 2004-08-04 03:45 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 07:31 . 2004-08-04 03:45 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 07:31 . 2004-08-04 03:44 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 07:31 . 2004-08-04 03:45 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 07:22 . 2001-10-28 18:07 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 14:20 . 2004-08-04 03:45 286208 ----a-w c:\windows\system32\pdh.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-05-23_22.03.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-05-23 22:20 . 2009-05-23 22:20 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\bfad9f5deabd8b909190a48b1e9fa742\WindowsLiveWriter.ni.exe

+ 2009-05-23 23:24 . 2009-05-23 23:24 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4579c63ce2413da56074f4fe08b81a08\WindowsLive.Writer.Api.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\2fdea9e284d3556cc136d84da2e2a1f1\WindowsLiveLocal.WriterPlugin.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e49be4b9f9c7bc60d54351ba1c0ebf79\WindowsLive.Writer.Extensibility.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d4f0aaf1906c33734220a6880ac2defa\WindowsLive.Writer.Interop.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d0d9f3022b22c6e7fb2dc7a5bbc8a028\WindowsLive.Writer.SpellChecker.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c9b2e369443625c456a70401198c6132\WindowsLive.Writer.Mshtml.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c7fc6e7adabb89419e8eb0b07515b886\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c4fdca0dacc4febe5f7e9fd6d199b9c3\WindowsLive.Writer.BlogClient.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b99838da7492ea7268809deb4891e14d\WindowsLive.Writer.HtmlParser.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8be12d7b5a55a0f1f9ce1cb18f7edd32\WindowsLive.Writer.Controls.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\71e1a2040f2329a1cb9ae82faaaf88eb\WindowsLive.Writer.BrowserControl.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5314564aaa71ce63df6997ae6f80642a\WindowsLive.Writer.Interop.Mshtml.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4172c829af224bbf74f01141ef8afa55\WindowsLive.Writer.Passport.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\36125da11b4bf5a1795fbbc2ed5986f3\WindowsLive.Writer.Localization.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2a3d9e5a58523a27d90cccf04056773b\WindowsLive.Writer.Instrumentation.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\034e5881298e73d1daa767f19af4fe3a\WindowsLive.Writer.FileDestinations.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\a2730a0c40843cd41dd7a950a941f963\WindowsLive.Client.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 2002944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d26330ea822b02fb174a852016237e3e\WindowsLive.Writer.CoreServices.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\62d1f8674aa52cf151330a4a3d70e2ac\WindowsLive.Writer.PostEditor.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\44200cb83b0e2575a75ba9dca3478e0d\WindowsLive.Writer.ApplicationFramework.ni.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BitTorrent DNA"="c:\arquivos de programas\BitTorrent_DNA\dna.exe" [2009-01-16 286016]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NSLauncher"="c:\arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]

"Adobe Photo Downloader"="c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344]

"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SpeedTouch USB Diagnostics"="c:\arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"MSNGS"="c:\windows\msmsgs.txt" [2009-05-07 217600]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

 

c:\documents and settings\Vitor\Menu Iniciar\Programas\Inicializar\

Webshots.lnk - c:\arquivos de programas\Webshots\Launcher.exe [2008-11-8 157000]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32

"MIDI1"= SYNCOR11.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"getPlus® Helper"=3 (0x3)

"AGWinService"=2 (0x2)

"AresChatServer"=3 (0x3)

"SoundMAX Agent Service (default)"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\BitTorrent_DNA\\dna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6/2/2009 14:23 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6/2/2009 14:24 93336]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [6/2/2009 14:23 727720]

R3 PAC207;e-Messenger 112;c:\windows\system32\drivers\PFC027.SYS [18/5/2009 22:32 616064]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]

S3 alcan5ln;Alcatel SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [8/11/2008 14:12 36048]

S4 AGWinService;AG Windows Service;c:\arquivos de programas\AGI\common\win32\pythonservice.exe [10/11/2008 21:02 10240]

S4 getPlus® Helper;getPlus® Helper;c:\arquivos de programas\NOS\bin\getPlus_HelperSvc.exe --> c:\arquivos de programas\NOS\bin\getPlus_HelperSvc.exe [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-05-26 c:\windows\Tasks\User_Feed_Synchronization-{1FA118A6-31B6-46FC-BDF1-5AA9F555BDBF}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

mStart Page = hxxp://www.google.com

mWindow Title =

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {44B97DF7-679B-4472-A6DA-01B793E45A92} = 200.175.5.139 200.175.182.139

DPF: {E281E771-5E4C-11D5-B3E8-0040C7A63343} - hxxp://www.centraldejogos.com.br/StopWeb/StopWeb.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-25 21:54

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(3084)

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\wmp.dll

c:\windows\system32\wmploc.dll

c:\windows\system32\wmpps.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-05-26 21:58

ComboFix-quarantined-files.txt 2009-05-26 00:58

ComboFix2.txt 2009-05-23 23:18

ComboFix3.txt 2009-05-23 22:20

ComboFix4.txt 2009-05-23 22:07

 

Pré-execução: 6.720.036.864 bytes disponíveis

Pós execução: 6.764.220.416 bytes disponíveis

 

189 --- E O F --- 2009-05-13 16:25

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa ViniPage,

 

O Malwarebytes AntiMalware é um produto relativamente novo, porém com grande eficácia na remoção de infecções comuns. O programa é pequeno, gratuito e em português.

 

A sua instalação é o primeiro passo para a limpeza de um sistema operacional infectado.

 

Neste tutorial você aprenderá a instalá-lo e executá-lo.

 

1) Primeiramente faça o download do programa:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

2) Agora proceda a instalação do programa, conforme segue:

 

Execute o programa de instalação:

capturadatelaha4.png

 

Logo após a execução do arquivo de instalação, será exibida a seguinte tela:

capturadatela1zv8.png

 

Agora, clique em Instalar para concluir:

capturadatela6yd8.png

 

Ao término da instalação deixe marcadas as opções de Atualização e Execução:

capturadatela7cd6.png

 

Será exibida então a tela de atualização do programa:

capturadatela9en9.png

 

3) Essa é a tela inicial do programa. Marque a opção Verificação Completa e clique no botão Verificar.

capturadatela10vs1.png

 

Aguarde até o final da verificação:

capturadatela12zo1.png

 

Ao concluir a verificação, será exibida essa mensagem:

capturadatela13oi2.png

 

O resultado da verificação será exibido, com o nome dos arquivos e malwares encontrados.

Para efetivar a limpeza, clique em Remover selecionados:

capturadatela14qb8.png

 

Para concluir a limpeza haverá a necessidade da reinicialização do computador:

capturadatela15um2ed5.png

 

O programa guarda os logs das verificações feitas na pasta C:\Documents and Settings\Seu nome de Usuario\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\Logs, que também pode ser acessados na aba Logs, dentro do programa.

 

Retorne com o resultado da varredura.

 

Créditos: Fabio Assolini.

 

Link para a postagem original: aqui.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui está o resultado da varredura:

 

Malwarebytes' Anti-Malware 1.37

Versão do banco de dados: 2182

Windows 5.1.2600 Service Pack 3

 

29/5/2009 00:31:04

mbam-log-2009-05-29 (00-31-04).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 145892

Tempo decorrido: 46 minute(s), 49 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 2

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa ViniPage,

 

Desative o seu anti-vírus temporariamente.

 

Execute um Scan Online com o Kaspersky Virusscanner.

 

* Clique em Clipboard01-1.jpg;

* Desça até o final do texto de contrato e clique sobre Clipboard015.jpg;

* Caso apareça a mensagem de execução da Máquina Java, da Sun, clique sobre Run;

* Aguarde a instalação e a atualização. Depois clique em Clipboard013.jpg;

* Clique agora sobre Clipboard016.jpg;

* Nas opções do scan (settings), certifique-se de que as entradas abaixo estão selecionadas:

 

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives Scan Mail Bases

 

* Clique em Clipboard014.jpg;

* Clique em My Computer para que seja feito um scan completo em seu sistema;

* Será iniciado o scan e a varredura poderá demorar um pouco. Seja paciente e aguarde;

* No final do scan, clique no botão Save as Text;

* Salve o log com os resultados e cole o conteúdo em sua próxima mensagem, de acordo com estas instruções.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

opa beleza jgarcia!

 

aqui esta os resultados:

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Tuesday, June 2, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Tuesday, June 02, 2009 22:19:33

Records in database: 2298434

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

 

Scan statistics:

Files scanned: 65599

Threat name: 1

Infected objects: 2

Suspicious objects: 0

Duration of the scan: 03:15:44

 

 

File name / Threat name / Threats count

C:\WINDOWS\msmsgs.txt//PE_Patch.UPX//UPX/C:\WINDOWS\msmsgs.txt//PE_Patch.UPX//UPX Infected: Trojan-Downloader.Win32.Delf.tol 1

C:\WINDOWS\msmsgs.txt Infected: Trojan-Downloader.Win32.Delf.tol 1

 

The selected area was scanned.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa ViniPage,

 

1. Baixe o BankerFix 3.0.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. A janela do Banker Fix 3.0 abrir-se-á com a seguinte pergunta Instalar o BankerFix 3.0 / Install BankerFix 3.0 ? >> clique em SIM.

 

4. Uma janela informando que o BankerFix 3.0 será baixado via internet abrir-se-á >> clique sobre OK e aguarde. Na próxima janela clique em OK mais uma vez, a fim de que o BankerFix 3.0 seja iniciado.

 

5. Pressione qualquer tecla para dar continuidade ao processo e aguarde até que a varredura se complete. Tenha paciência, pois ela pode demorar alguns minutos.

 

6. Terminado o scan, leia a mensagem na tela e aperte Enter.

 

7. Habilite o seu anti-vírus.

 

8. Retorne com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

9. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

 

PS.: Caso apareça a seguinte mensagem: Site denunciado como foco de ataques!, não se preocupe e clique sobre Ignorar este alerta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

beleza

 

está aqui o relatório:

 

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-06-07 - 09:24

-------------------------------------------------------

Lista de Definição: 2009-05-04-2 | CORE: 2009-01-21-1

=======================================================

 

 

 

----- Fim -------------------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa ViniPage,

 

Poste um novo log do ComboFix.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

opa está ae o log:

 

 

 

ComboFix 09-06-07.07 - Vitor 08/06/2009 12:47.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.256.75 [GMT -3:00]

Executando de: c:\documents and settings\Vitor\Meus documentos\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Criado um novo ponto de restauração

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-08 to 2009-06-08 ))))))))))))))))))))))))))))

.

 

2009-05-30 22:21 . 2009-05-30 22:21 -------- d-----w- c:\arquivos de programas\VDOWNLOADER

2009-05-29 01:45 . 2009-05-29 01:45 -------- d-----w- c:\documents and settings\Vitor\Dados de aplicativos\Malwarebytes

2009-05-29 01:45 . 2009-05-26 16:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-29 01:45 . 2009-05-29 01:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-05-29 01:45 . 2009-05-26 16:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-29 01:45 . 2009-05-29 02:32 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-05-23 22:40 . 2009-05-23 22:40 -------- d-----w- c:\arquivos de programas\CCleaner

2009-05-23 20:52 . 2009-05-23 21:02 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center

2009-05-19 01:32 . 2008-04-23 17:05 47616 ----a-w- c:\windows\system32\Remove.exe

2009-05-19 01:32 . 2007-10-25 21:31 616064 ----a-w- c:\windows\system32\drivers\PFC027.SYS

2009-05-19 01:32 . 2009-05-19 01:32 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PAC207

2009-05-15 15:05 . 2009-05-15 15:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-05-15 01:39 . 2009-05-15 01:39 -------- d-sh--w- c:\documents and settings\Vitor\IECompatCache

2009-05-15 01:38 . 2009-05-15 01:38 -------- d-sh--w- c:\documents and settings\Vitor\PrivacIE

2009-05-15 01:35 . 2009-05-15 01:35 -------- d-sh--w- c:\documents and settings\Vitor\IETldCache

2009-05-15 01:33 . 2009-05-15 01:33 -------- d-----w- c:\windows\ie8updates

2009-05-15 01:28 . 2009-05-15 01:31 -------- dc-h--w- c:\windows\ie8

2009-05-15 01:26 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-05-13 18:58 . 2009-05-13 18:58 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-05-13 18:56 . 2009-05-13 18:56 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-05-13 18:20 . 2009-05-17 00:36 -------- d-----w- c:\arquivos de programas\Windows Live

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-08 15:48 . 2009-01-16 18:42 -------- d-----w- c:\documents and settings\Vitor\Dados de aplicativos\BitTorrent DNA

2009-05-30 22:54 . 2001-10-28 18:07 79022 ----a-w- c:\windows\system32\perfc016.dat

2009-05-30 22:54 . 2001-10-28 18:07 468108 ----a-w- c:\windows\system32\perfh016.dat

2009-05-21 20:06 . 2009-05-01 15:04 150745 ----a-w- c:\windows\hpoins15.dat

2009-05-19 01:32 . 2009-02-25 00:34 -------- d-----w- c:\arquivos de programas\KYE

2009-05-19 00:06 . 2008-11-08 23:26 -------- d-----w- c:\arquivos de programas\Webshots

2009-05-17 01:04 . 2008-11-10 21:27 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-05-17 01:04 . 2008-11-10 21:27 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-05-13 18:57 . 2008-11-11 00:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WindowsLiveInstaller

2009-05-13 18:28 . 2008-11-11 00:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-05-02 18:04 . 2009-05-01 15:37 -------- d-----w- c:\documents and settings\Vitor\Dados de aplicativos\HPAppData

2009-05-01 15:37 . 2009-02-26 18:56 -------- d-----w- c:\arquivos de programas\HP

2009-05-01 15:37 . 2009-05-01 15:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2009-05-01 15:34 . 2009-05-01 15:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2009-05-01 15:34 . 2009-02-26 19:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2009-04-27 15:53 . 2009-04-27 15:52 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PC Suite

2009-04-27 15:52 . 2009-04-27 15:52 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nokia

2009-04-26 02:57 . 2009-01-16 18:43 -------- d-----w- c:\documents and settings\Vitor\Dados de aplicativos\BitTorrent

.

 

((((((((((((((((((((((((((((( SnapShot@2009-05-23_22.03.59 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-10-28 18:07 . 2009-05-13 21:47 67312 c:\windows\system32\perfc009.dat

+ 2001-10-28 18:07 . 2009-05-30 22:54 67312 c:\windows\system32\perfc009.dat

+ 2009-05-27 23:43 . 2009-05-27 23:43 78562 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

+ 2009-04-29 10:17 . 2009-04-29 10:17 58736 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

- 2009-03-14 15:44 . 2009-01-16 21:45 58736 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

- 2009-03-14 15:46 . 2009-01-16 22:16 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

+ 2009-04-28 10:23 . 2009-04-28 10:23 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

+ 2009-04-29 10:17 . 2009-04-29 10:17 52288 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

- 2009-03-14 15:44 . 2009-01-16 21:45 52288 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

+ 2009-05-23 22:20 . 2009-05-23 22:20 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\bfad9f5deabd8b909190a48b1e9fa742\WindowsLiveWriter.ni.exe

+ 2009-05-23 23:24 . 2009-05-23 23:24 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4579c63ce2413da56074f4fe08b81a08\WindowsLive.Writer.Api.ni.dll

+ 2009-04-28 10:26 . 2009-04-28 10:26 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

- 2009-03-14 15:46 . 2009-01-16 22:17 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

+ 2009-06-08 15:25 . 2009-06-08 15:38 1524 c:\windows\SoftwareDistribution\EventCache\{3ED72741-9DE4-48AD-BEF0-210F5F838671}.bin

- 2001-10-28 18:07 . 2009-05-13 21:47 432356 c:\windows\system32\perfh009.dat

+ 2001-10-28 18:07 . 2009-05-30 22:54 432356 c:\windows\system32\perfh009.dat

+ 2009-04-28 10:24 . 2009-04-28 10:24 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

- 2009-03-14 15:46 . 2009-01-16 22:16 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

+ 2009-04-29 10:28 . 2009-04-29 10:28 468408 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe

+ 2009-04-28 10:26 . 2009-04-28 10:26 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll

- 2009-03-14 15:46 . 2009-01-16 22:18 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll

+ 2009-04-28 10:24 . 2009-04-28 10:24 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll

+ 2009-04-29 10:17 . 2009-04-29 10:17 716800 c:\windows\system32\Adobe\Shockwave 11\gi.dll

+ 2009-04-28 10:26 . 2009-04-28 10:26 614400 c:\windows\system32\Adobe\Shockwave 11\Control.dll

+ 2009-04-29 10:29 . 2009-04-29 10:29 202168 c:\windows\system32\Adobe\Director\SwDir.dll

- 2009-01-19 23:54 . 2009-01-16 22:25 202168 c:\windows\system32\Adobe\Director\SwDir.dll

+ 2009-04-28 10:25 . 2009-04-28 10:25 131072 c:\windows\system32\Adobe\Director\np32dsw.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\2fdea9e284d3556cc136d84da2e2a1f1\WindowsLiveLocal.WriterPlugin.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e49be4b9f9c7bc60d54351ba1c0ebf79\WindowsLive.Writer.Extensibility.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d4f0aaf1906c33734220a6880ac2defa\WindowsLive.Writer.Interop.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d0d9f3022b22c6e7fb2dc7a5bbc8a028\WindowsLive.Writer.SpellChecker.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c9b2e369443625c456a70401198c6132\WindowsLive.Writer.Mshtml.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c7fc6e7adabb89419e8eb0b07515b886\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c4fdca0dacc4febe5f7e9fd6d199b9c3\WindowsLive.Writer.BlogClient.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b99838da7492ea7268809deb4891e14d\WindowsLive.Writer.HtmlParser.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8be12d7b5a55a0f1f9ce1cb18f7edd32\WindowsLive.Writer.Controls.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\71e1a2040f2329a1cb9ae82faaaf88eb\WindowsLive.Writer.BrowserControl.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5314564aaa71ce63df6997ae6f80642a\WindowsLive.Writer.Interop.Mshtml.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4172c829af224bbf74f01141ef8afa55\WindowsLive.Writer.Passport.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\36125da11b4bf5a1795fbbc2ed5986f3\WindowsLive.Writer.Localization.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2a3d9e5a58523a27d90cccf04056773b\WindowsLive.Writer.Instrumentation.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\034e5881298e73d1daa767f19af4fe3a\WindowsLive.Writer.FileDestinations.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\a2730a0c40843cd41dd7a950a941f963\WindowsLive.Client.ni.dll

+ 2009-04-28 10:00 . 2009-04-28 10:00 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll

+ 2009-04-29 10:17 . 2009-04-29 10:17 1145896 c:\windows\system32\Adobe\Shockwave 11\gt.exe

- 2009-03-14 15:46 . 2009-01-16 21:58 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

+ 2009-04-28 10:04 . 2009-04-28 10:04 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 2002944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d26330ea822b02fb174a852016237e3e\WindowsLive.Writer.CoreServices.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\62d1f8674aa52cf151330a4a3d70e2ac\WindowsLive.Writer.PostEditor.ni.dll

+ 2009-05-23 23:24 . 2009-05-23 23:24 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\44200cb83b0e2575a75ba9dca3478e0d\WindowsLive.Writer.ApplicationFramework.ni.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BitTorrent DNA"="c:\arquivos de programas\BitTorrent_DNA\dna.exe" [2009-01-16 286016]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NSLauncher"="c:\arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]

"Adobe Photo Downloader"="c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344]

"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SpeedTouch USB Diagnostics"="c:\arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"MSNGS"="c:\windows\msmsgs.txt" [2009-05-07 217600]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

 

c:\documents and settings\Vitor\Menu Iniciar\Programas\Inicializar\

Webshots.lnk - c:\arquivos de programas\Webshots\Launcher.exe [2008-11-8 157000]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"getPlus® Helper"=3 (0x3)

"AGWinService"=2 (0x2)

"AresChatServer"=3 (0x3)

"SoundMAX Agent Service (default)"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\BitTorrent_DNA\\dna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6/2/2009 14:23 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6/2/2009 14:24 93336]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [6/2/2009 14:23 727720]

R3 PAC207;e-Messenger 112;c:\windows\system32\drivers\PFC027.SYS [18/5/2009 22:32 616064]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]

S3 alcan5ln;Alcatel SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [8/11/2008 14:12 36048]

S4 AGWinService;AG Windows Service;c:\arquivos de programas\AGI\common\win32\pythonservice.exe [10/11/2008 21:02 10240]

S4 getPlus® Helper;getPlus® Helper;c:\arquivos de programas\NOS\bin\getPlus_HelperSvc.exe --> c:\arquivos de programas\NOS\bin\getPlus_HelperSvc.exe [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-06-08 c:\windows\Tasks\User_Feed_Synchronization-{1FA118A6-31B6-46FC-BDF1-5AA9F555BDBF}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

mStart Page = hxxp://www.google.com

mWindow Title =

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {44B97DF7-679B-4472-A6DA-01B793E45A92} = 200.175.5.139 200.175.182.139

DPF: {E281E771-5E4C-11D5-B3E8-0040C7A63343} - hxxp://www.centraldejogos.com.br/StopWeb/StopWeb.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-08 12:54

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(3820)

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-06-08 12:58

ComboFix-quarantined-files.txt 2009-06-08 15:58

ComboFix2.txt 2009-05-26 00:58

ComboFix3.txt 2009-05-23 23:18

ComboFix4.txt 2009-05-23 22:20

ComboFix5.txt 2009-06-08 15:45

 

Pré-execução: 6.219.587.584 bytes disponíveis

Pós execução: 6.555.320.320 bytes disponíveis

 

208 --- E O F --- 2009-05-13 16:25

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa ViniPage,

 

1. Reinicie o PC em Modo Seguro.

 

2. Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

3. Navegue até a seguinte subchave do registro:

 

HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components

 

4. Localize e delete a seguinte pasta:

 

Ø•€|ÿÿÿÿ•€|ù•6~

 

5. Reinicie em Modo Normal.

 

6. Poste um novo log do ComboFix.

 

Submeta os arquivos abaixo ao site da Jotti e retorne com os resultados:

 

c:\windows\system32\Remove.exe

 

c:\windows\system32\drivers\PFC027.SYS

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

opa jgarcia

 

aqui está o log do combofix, e logo abaixo está o resultado da verificação do site Jotti:

 

ComboFix 09-06-12.04 - Vitor 13/06/2009 13:03.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.256.136 [GMT -3:00]

Executando de: c:\documents and settings\Vitor\Meus documentos\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-13 to 2009-06-13 ))))))))))))))))))))))))))))

.

 

2009-06-10 16:38 . 2009-04-30 21:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-06-10 16:38 . 2009-04-30 21:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-05-30 22:21 . 2009-05-30 22:21 -------- d-----w- c:\arquivos de programas\VDOWNLOADER

2009-05-29 01:45 . 2009-05-29 01:45 -------- d-----w- c:\documents and settings\Vitor\Dados de aplicativos\Malwarebytes

2009-05-29 01:45 . 2009-05-26 16:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-29 01:45 . 2009-05-29 01:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-05-29 01:45 . 2009-05-26 16:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-29 01:45 . 2009-05-29 02:32 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-05-23 22:40 . 2009-05-23 22:40 -------- d-----w- c:\arquivos de programas\CCleaner

2009-05-23 20:52 . 2009-05-23 21:02 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center

2009-05-19 01:32 . 2008-04-23 17:05 47616 ----a-w- c:\windows\system32\Remove.exe

2009-05-19 01:32 . 2007-10-25 21:31 616064 ----a-w- c:\windows\system32\drivers\PFC027.SYS

2009-05-19 01:32 . 2009-05-19 01:32 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PAC207

2009-05-15 15:05 . 2009-05-15 15:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-05-15 01:39 . 2009-05-15 01:39 -------- d-sh--w- c:\documents and settings\Vitor\IECompatCache

2009-05-15 01:38 . 2009-05-15 01:38 -------- d-sh--w- c:\documents and settings\Vitor\PrivacIE

2009-05-15 01:35 . 2009-05-15 01:35 -------- d-sh--w- c:\documents and settings\Vitor\IETldCache

2009-05-15 01:33 . 2009-06-10 16:59 -------- d-----w- c:\windows\ie8updates

2009-05-15 01:28 . 2009-05-15 01:31 -------- dc-h--w- c:\windows\ie8

2009-05-15 01:26 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-13 16:05 . 2009-01-16 18:42 -------- d-----w- c:\documents and settings\Vitor\Dados de aplicativos\BitTorrent DNA

2009-06-11 01:43 . 2001-10-28 18:07 79022 ----a-w- c:\windows\system32\perfc016.dat

2009-06-11 01:43 . 2001-10-28 18:07 468108 ----a-w- c:\windows\system32\perfh016.dat

2009-06-08 19:10 . 2008-12-05 17:23 -------- d-----w- c:\documents and settings\Vitor\Dados de aplicativos\AniFX

2009-05-21 20:06 . 2009-05-01 15:04 150745 ----a-w- c:\windows\hpoins15.dat

2009-05-19 01:32 . 2009-02-25 00:34 -------- d-----w- c:\arquivos de programas\KYE

2009-05-19 00:06 . 2008-11-08 23:26 -------- d-----w- c:\arquivos de programas\Webshots

2009-05-17 01:04 . 2008-11-10 21:27 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-05-17 01:04 . 2008-11-10 21:27 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-05-17 00:36 . 2009-05-13 18:20 -------- d-----w- c:\arquivos de programas\Windows Live

2009-05-13 18:58 . 2009-05-13 18:58 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-05-13 18:57 . 2008-11-11 00:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WindowsLiveInstaller

2009-05-13 18:56 . 2009-05-13 18:56 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-05-13 18:28 . 2008-11-11 00:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-05-13 05:03 . 2004-08-04 03:45 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll

2009-05-02 18:04 . 2009-05-01 15:37 -------- d-----w- c:\documents and settings\Vitor\Dados de aplicativos\HPAppData

2009-05-01 15:37 . 2009-02-26 18:56 -------- d-----w- c:\arquivos de programas\HP

2009-05-01 15:37 . 2009-05-01 15:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2009-05-01 15:34 . 2009-05-01 15:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2009-05-01 15:34 . 2009-02-26 19:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2009-04-27 15:53 . 2009-04-27 15:52 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PC Suite

2009-04-27 15:52 . 2009-04-27 15:52 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nokia

2009-04-26 02:57 . 2009-01-16 18:43 -------- d-----w- c:\documents and settings\Vitor\Dados de aplicativos\BitTorrent

2009-04-19 19:50 . 2004-08-04 03:38 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:53 . 2004-08-04 03:45 585216 ----a-w- c:\windows\system32\rpcrt4.dll

.

 

((((((((((((((((((((((((((((( SnapShot_2009-06-08_15.54.12 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-10-28 18:07 . 2009-05-30 22:54 67312 c:\windows\system32\perfc009.dat

+ 2001-10-28 18:07 . 2009-06-11 01:43 67312 c:\windows\system32\perfc009.dat

- 2004-08-04 03:45 . 2009-03-08 07:33 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-04 03:45 . 2009-04-30 21:14 25600 c:\windows\system32\jsproxy.dll

- 2004-08-04 03:45 . 2009-03-08 07:33 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2004-08-04 03:45 . 2009-04-30 21:14 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2008-11-08 11:37 . 2009-06-10 17:08 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-11-08 11:37 . 2009-05-15 17:24 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-11-08 11:37 . 2009-06-10 17:08 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-11-08 11:37 . 2009-05-15 17:24 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-11-08 11:37 . 2009-06-10 17:08 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-11-08 11:37 . 2009-05-15 17:24 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-11-08 11:37 . 2009-06-10 17:08 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-11-08 11:37 . 2009-05-15 17:24 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-11-08 11:37 . 2009-05-15 17:24 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-11-08 11:37 . 2009-06-10 17:08 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2008-11-08 11:37 . 2009-05-15 17:24 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-11-08 11:37 . 2009-06-10 17:08 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2009-06-10 17:00 . 2009-03-08 07:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll

+ 2009-06-10 16:59 . 2009-03-08 07:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll

+ 2009-06-13 14:00 . 2009-06-13 14:31 2268 c:\windows\SoftwareDistribution\EventCache\{25C4A387-CF00-4355-8C0F-F70A7A4FACF3}.bin

+ 2008-11-08 11:37 . 2009-06-10 17:08 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-11-08 11:37 . 2009-05-15 17:24 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2001-10-28 18:07 . 2009-06-11 01:43 432356 c:\windows\system32\perfh009.dat

- 2001-10-28 18:07 . 2009-05-30 22:54 432356 c:\windows\system32\perfh009.dat

+ 2004-08-04 03:45 . 2009-04-30 21:14 385536 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 03:45 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe

- 2004-08-04 03:45 . 2009-03-08 07:32 173056 c:\windows\system32\ie4uinit.exe

- 2008-11-08 09:05 . 2009-04-27 18:12 167504 c:\windows\system32\FNTCACHE.DAT

+ 2008-11-08 09:05 . 2009-06-10 17:15 167504 c:\windows\system32\FNTCACHE.DAT

+ 2004-08-04 03:45 . 2009-05-13 05:03 915456 c:\windows\system32\dllcache\wininet.dll

+ 2009-04-15 14:53 . 2009-04-15 14:53 585216 c:\windows\system32\dllcache\rpcrt4.dll

+ 2009-05-07 15:33 . 2009-05-07 15:33 347136 c:\windows\system32\dllcache\localspl.dll

+ 2004-08-04 03:45 . 2009-04-30 21:14 385536 c:\windows\system32\dllcache\iedkcs32.dll

+ 2004-08-04 03:45 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe

- 2004-08-04 03:45 . 2009-03-08 07:32 173056 c:\windows\system32\dllcache\ie4uinit.exe

- 2008-11-08 11:37 . 2009-05-15 17:24 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-11-08 11:37 . 2009-06-10 17:08 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2008-11-08 11:37 . 2009-05-15 17:24 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-11-08 11:37 . 2009-06-10 17:08 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-11-08 11:37 . 2009-06-10 17:08 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-11-08 11:37 . 2009-05-15 17:24 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-11-08 11:37 . 2009-05-15 17:24 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-11-08 11:37 . 2009-06-10 17:08 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-11-08 11:37 . 2009-06-10 17:08 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-11-08 11:37 . 2009-05-15 17:24 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-11-08 11:37 . 2009-05-15 17:24 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-11-08 11:37 . 2009-06-10 17:08 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2009-06-10 16:59 . 2009-03-08 07:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll

+ 2009-06-10 17:00 . 2008-07-09 07:35 395128 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll

+ 2009-06-10 17:00 . 2007-11-30 12:39 233336 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe

+ 2009-06-10 17:00 . 2009-03-08 07:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll

+ 2009-06-10 17:00 . 2009-03-08 17:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll

+ 2009-06-10 17:00 . 2009-03-08 07:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe

+ 2004-08-04 03:45 . 2009-04-30 21:14 1207808 c:\windows\system32\urlmon.dll

+ 2004-08-04 03:45 . 2009-05-13 05:03 5936128 c:\windows\system32\mshtml.dll

- 2007-08-13 20:34 . 2009-03-08 07:32 1985024 c:\windows\system32\iertutil.dll

+ 2007-08-13 20:34 . 2009-04-30 21:14 1985024 c:\windows\system32\iertutil.dll

+ 2008-11-10 23:09 . 2009-04-19 19:50 1847296 c:\windows\system32\dllcache\win32k.sys

+ 2004-08-04 03:45 . 2009-04-30 21:14 1207808 c:\windows\system32\dllcache\urlmon.dll

+ 2004-08-04 03:45 . 2009-05-13 05:03 5936128 c:\windows\system32\dllcache\mshtml.dll

+ 2008-11-15 01:19 . 2009-04-30 21:14 1985024 c:\windows\system32\dllcache\iertutil.dll

- 2008-11-15 01:19 . 2009-03-08 07:32 1985024 c:\windows\system32\dllcache\iertutil.dll

+ 2009-06-10 16:59 . 2009-03-08 07:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll

+ 2009-06-10 16:59 . 2009-03-08 07:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll

+ 2009-06-10 16:59 . 2009-03-08 07:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll

+ 2008-11-13 23:24 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe

+ 2007-08-13 20:54 . 2009-04-30 21:14 11064832 c:\windows\system32\ieframe.dll

+ 2008-11-15 01:18 . 2009-04-30 21:14 11064832 c:\windows\system32\dllcache\ieframe.dll

+ 2009-06-10 16:59 . 2009-03-08 07:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BitTorrent DNA"="c:\arquivos de programas\BitTorrent_DNA\dna.exe" [2009-01-16 286016]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NSLauncher"="c:\arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]

"Adobe Photo Downloader"="c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344]

"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SpeedTouch USB Diagnostics"="c:\arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"MSNGS"="c:\windows\msmsgs.txt" [2009-05-07 217600]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

 

c:\documents and settings\Vitor\Menu Iniciar\Programas\Inicializar\

Webshots.lnk - c:\arquivos de programas\Webshots\Launcher.exe [2008-11-8 157000]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"getPlus® Helper"=3 (0x3)

"AGWinService"=2 (0x2)

"AresChatServer"=3 (0x3)

"SoundMAX Agent Service (default)"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\BitTorrent_DNA\\dna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6/2/2009 14:23 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6/2/2009 14:24 93336]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [6/2/2009 14:23 727720]

R3 PAC207;e-Messenger 112;c:\windows\system32\drivers\PFC027.SYS [18/5/2009 22:32 616064]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]

S3 alcan5ln;Alcatel SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [8/11/2008 14:12 36048]

S4 AGWinService;AG Windows Service;c:\arquivos de programas\AGI\common\win32\pythonservice.exe [10/11/2008 21:02 10240]

S4 getPlus® Helper;getPlus® Helper;c:\arquivos de programas\NOS\bin\getPlus_HelperSvc.exe --> c:\arquivos de programas\NOS\bin\getPlus_HelperSvc.exe [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{1FA118A6-31B6-46FC-BDF1-5AA9F555BDBF}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

mStart Page = hxxp://www.google.com

mWindow Title =

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {44B97DF7-679B-4472-A6DA-01B793E45A92} = 200.175.5.139 200.175.182.139

DPF: {E281E771-5E4C-11D5-B3E8-0040C7A63343} - hxxp://www.centraldejogos.com.br/StopWeb/StopWeb.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-13 13:08

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(4032)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-06-13 13:10

ComboFix-quarantined-files.txt 2009-06-13 16:10

ComboFix2.txt 2009-06-08 15:58

ComboFix3.txt 2009-05-26 00:58

ComboFix4.txt 2009-05-23 23:18

ComboFix5.txt 2009-06-13 16:02

 

Pré-execução: 6.286.204.928 bytes disponíveis

Pós execução: 6.326.018.048 bytes disponíveis

 

230 --- E O F --- 2009-06-11 00:16

 

resultado da verificação do site Jotti:

 

Jotti's malware scan

Filename: Remove.exe

Status: Scan finished. 0 out of 20 scanners reported malware.

 

Filename: PFC027.SYS

Status: Scan finished. 0 out of 20 scanners reported malware.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa ViniPage,

 

Desculpe a demora, pois o tempo anda muito curto. :upset:

 

Poste um novo log do ComboFix.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

naum q isso tudo bem hehehe

 

beleza ta ae o log:

 

ComboFix 09-06-22.04 - Vitor 22/06/2009 18:52.8 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.256.110 [GMT -3:00]

Executando de: c:\documents and settings\Vitor\Meus documentos\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Criado um novo ponto de restauração

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-22 to 2009-06-22 ))))))))))))))))))))))))))))

.

 

2009-06-10 16:38 . 2009-04-30 21:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-06-10 16:38 . 2009-04-30 21:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-05-30 22:21 . 2009-05-30 22:21 -------- d-----w- c:\arquivos de programas\VDOWNLOADER

2009-05-29 01:45 . 2009-05-29 01:45 -------- d-----w- c:\documents and settings\Vitor\Dados de aplicativos\Malwarebytes

2009-05-29 01:45 . 2009-05-26 16:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-29 01:45 . 2009-05-29 01:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-05-29 01:45 . 2009-05-26 16:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-29 01:45 . 2009-05-29 02:32 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-05-23 22:40 . 2009-05-23 22:40 -------- d-----w- c:\arquivos de programas\CCleaner

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-22 21:48 . 2009-01-16 18:42 -------- d-----w- c:\documents and settings\Vitor\Dados de aplicativos\BitTorrent DNA

2009-06-18 16:54 . 2009-01-13 01:19 -------- d-----w- c:\documents and settings\Vitor\Dados de aplicativos\NSeries

2009-06-11 01:43 . 2001-10-28 18:07 79022 ----a-w- c:\windows\system32\perfc016.dat

2009-06-11 01:43 . 2001-10-28 18:07 468108 ----a-w- c:\windows\system32\perfh016.dat

2009-06-08 19:10 . 2008-12-05 17:23 -------- d-----w- c:\documents and settings\Vitor\Dados de aplicativos\AniFX

2009-05-23 21:02 . 2009-05-23 20:52 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center

2009-05-21 20:06 . 2009-05-01 15:04 150745 ----a-w- c:\windows\hpoins15.dat

2009-05-19 01:32 . 2009-02-25 00:34 -------- d-----w- c:\arquivos de programas\KYE

2009-05-19 01:32 . 2009-05-19 01:32 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PAC207

2009-05-19 00:06 . 2008-11-08 23:26 -------- d-----w- c:\arquivos de programas\Webshots

2009-05-17 01:04 . 2008-11-10 21:27 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-05-17 01:04 . 2008-11-10 21:27 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-05-17 00:36 . 2009-05-13 18:20 -------- d-----w- c:\arquivos de programas\Windows Live

2009-05-13 18:58 . 2009-05-13 18:58 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-05-13 18:57 . 2008-11-11 00:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WindowsLiveInstaller

2009-05-13 18:56 . 2009-05-13 18:56 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-05-13 18:28 . 2008-11-11 00:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-05-13 05:03 . 2004-08-04 03:45 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll

2009-05-02 18:04 . 2009-05-01 15:37 -------- d-----w- c:\documents and settings\Vitor\Dados de aplicativos\HPAppData

2009-05-01 15:37 . 2009-02-26 18:56 -------- d-----w- c:\arquivos de programas\HP

2009-05-01 15:37 . 2009-05-01 15:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2009-05-01 15:34 . 2009-05-01 15:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2009-05-01 15:34 . 2009-02-26 19:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2009-04-27 15:53 . 2009-04-27 15:52 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PC Suite

2009-04-27 15:52 . 2009-04-27 15:52 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nokia

2009-04-26 02:57 . 2009-01-16 18:43 -------- d-----w- c:\documents and settings\Vitor\Dados de aplicativos\BitTorrent

2009-04-19 19:50 . 2004-08-04 03:38 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:53 . 2004-08-04 03:45 585216 ----a-w- c:\windows\system32\rpcrt4.dll

.

 

------- Sigcheck -------

 

[7] 2004-08-04 03:45 14336 5DE3E7B6F7624552F2F06664F110820D c:\windows\$NtServicePackUninstall$\svchost.exe

[7] 2008-04-14 02:21 14336 ED2D69CD4B0EBE37EFE11D4DC4ABC68F c:\windows\ServicePackFiles\i386\svchost.exe

[7] 2004-08-04 03:45 14336 5DE3E7B6F7624552F2F06664F110820D c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\svchost.exe

[7] 2008-04-14 02:21 14336 ED2D69CD4B0EBE37EFE11D4DC4ABC68F c:\windows\system32\svchost.exe

 

[-] 2005-03-02 18:20 577536 3ED0A4D74EFD5AAF8408095F452E2613 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2007-03-08 15:50 578560 F86D3E5C8FE13297E1C2D662F9E2D59D c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2007-03-08 15:36 578048 B5782EE6EAFE3C218236F79F1A27B747 c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2004-08-04 03:45 577536 E0FF28447D1038DE106D1F2FDF851647 c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2005-03-02 18:18 577536 7FFBCF1B94E6929DEECE06670C2407D6 c:\windows\$NtUninstallKB925902$\user32.dll

[7] 2008-04-14 02:20 579072 54907DB28872A7A6D3EE2B4747A23828 c:\windows\ServicePackFiles\i386\user32.dll

[7] 2004-08-04 03:45 577536 E0FF28447D1038DE106D1F2FDF851647 c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\user32.dll

[7] 2008-04-14 02:20 579072 54907DB28872A7A6D3EE2B4747A23828 c:\windows\system32\user32.dll

 

[7] 2004-08-04 03:45 82944 A5163442377D3C305BBFF612F80047D7 c:\windows\$NtServicePackUninstall$\ws2_32.dll

[7] 2008-04-14 02:20 82432 1FA3C4B2D7E35176E65FB69AB597B0F0 c:\windows\ServicePackFiles\i386\ws2_32.dll

[7] 2004-08-04 03:45 82944 A5163442377D3C305BBFF612F80047D7 c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\ws2_32.dll

[7] 2008-04-14 02:20 82432 1FA3C4B2D7E35176E65FB69AB597B0F0 c:\windows\system32\ws2_32.dll

 

[7] 2008-06-23 15:40 827904 8CFD66CC90F966333CFA8D8161E185DF c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

[7] 2008-08-20 05:33 669696 9DE49DCD6DB06B195BB6BF48FBFFDAD7 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll

[7] 2008-08-20 05:09 668160 89360A12DB77D411B2873E130923F6B9 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll

[7] 2008-08-20 05:07 668672 6C73C1A54E445C5687AD6B721EE27EBC c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll

[7] 2008-08-26 09:10 827904 CC9CD001AE0FF30D0E16A172BF39576A c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

[7] 2008-10-16 19:33 827904 4BCD45D77BD42A5E9C2DD2E847A5467E c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

[7] 2008-12-20 23:49 827904 E048867C310B09ED1C79E59B68DB8050 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

[7] 2009-03-03 00:15 828416 5E06773367C4F7D07F7E088DE4155795 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll

[7] 2009-05-13 05:08 915456 4E74AEBA5546A61C9DC35BC531EFFA23 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll

[7] 2004-08-04 03:45 658432 398A619CE60090303042D1F8CC68F712 c:\windows\$NtUninstallKB956390$\wininet.dll

[7] 2008-08-20 05:37 661504 FE5247936C9BCB765FD16114303F404D c:\windows\ie7\wininet.dll

[7] 2007-08-13 20:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB953838-IE7\wininet.dll

[7] 2008-06-23 16:29 826368 FB820C977C8249358D54FA9324B5E92B c:\windows\ie7updates\KB956390-IE7\wininet.dll

[7] 2008-08-26 08:11 826368 ACB8649F0EFDCC6D7B081E3BC213B93A c:\windows\ie7updates\KB958215-IE7\wininet.dll

[7] 2008-10-16 20:23 826368 779479E6F38BC77831F26BD9AAE3FAD3 c:\windows\ie7updates\KB961260-IE7\wininet.dll

[7] 2008-12-20 22:47 826368 94A623D9C0F2632796B4CE2753331F98 c:\windows\ie7updates\KB963027-IE7\wininet.dll

[7] 2009-03-03 00:06 826368 ED9B2E986B3F2EC048B1930FFCC3D7D4 c:\windows\ie8\wininet.dll

[7] 2009-03-08 07:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll

[7] 2008-04-14 02:20 668160 DF6D0F37A71883BE3505DD517EB8AD83 c:\windows\ServicePackFiles\i386\wininet.dll

[7] 2004-08-04 03:45 658432 398A619CE60090303042D1F8CC68F712 c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\wininet.dll

[7] 2009-05-13 05:03 915456 14E350ABCCBE0279D042AF2854E6D894 c:\windows\system32\wininet.dll

[7] 2009-05-13 05:03 915456 14E350ABCCBE0279D042AF2854E6D894 c:\windows\system32\dllcache\wininet.dll

 

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys

[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2004-08-04 02:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748_0$\tcpip.sys

[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys

[7] 2004-08-04 02:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\tcpip.sys

[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys

[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

 

[7] 2004-08-04 03:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 02:21 509952 71D440F79B711627B12B567FB2EADB42 c:\windows\ServicePackFiles\i386\winlogon.exe

[7] 2004-08-04 03:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\winlogon.exe

[7] 2008-04-14 02:21 509952 71D440F79B711627B12B567FB2EADB42 c:\windows\system32\winlogon.exe

 

[7] 2004-08-04 02:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys

[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys

[7] 2004-08-04 02:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\ndis.sys

[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

 

[7] 2004-08-04 02:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys

[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys

[7] 2004-08-04 02:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\ip6fw.sys

[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

 

[-] 2005-03-02 18:13 2061184 AED7B3AA86AD031CF39C6E4BBA37E818 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[7] 2009-02-09 11:17 2070400 FF7FE874B6DA494303EE3DD9B97AB007 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 13:39 2067200 145CD2BBA58988B7A2E9B910AC4D4CA4 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe

[7] 2008-08-14 13:24 2070272 A62251C7C1F0DBC3241ABF1985EDE75E c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

[7] 2008-08-14 21:26 2070272 586A93E0C23F6A1893F6706F36B22598 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 13:45 2061952 E3C62CC617A25870B024CBA8BB1D3C23 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[7] 2008-08-14 13:24 2070272 A62251C7C1F0DBC3241ABF1985EDE75E c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[7] 2008-04-14 02:00 2070144 F84054BFD1D688B901AD907499879BBD c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[7] 2004-08-04 03:55 2061056 C9BAE5544B8AA39454C50D8FF83AE5A8 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe

[7] 2009-02-10 22:07 2070272 DBAD62B9A518249C1A1408CF3AB9064A c:\windows\Driver Cache\i386\ntkrnlpa.exe

[7] 2008-04-14 02:00 2070144 F84054BFD1D688B901AD907499879BBD c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[7] 2004-08-04 03:55 2061056 C9BAE5544B8AA39454C50D8FF83AE5A8 c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\ntkrnlpa.exe

[7] 2009-02-10 22:07 2070272 DBAD62B9A518249C1A1408CF3AB9064A c:\windows\system32\ntkrnlpa.exe

[7] 2009-02-10 22:07 2070272 DBAD62B9A518249C1A1408CF3AB9064A c:\windows\system32\dllcache\ntkrnlpa.exe

 

[-] 2005-03-02 18:13 2183808 6E3AB4241E058B248CB7CDC5157449C3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[7] 2009-02-10 22:16 2193408 B0BF079AF000D97D8C043D1DFF08086D c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[7] 2008-08-14 13:39 2190208 B72A025A758683552C4FEC7EABCB0661 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

[7] 2008-08-14 13:24 2193408 04BA43B0D2A13BD6B06D707299243CFC c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

[7] 2008-08-14 21:26 2193408 A42CC3CFC02A7B2BAEC7B0D45808B257 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[7] 2008-08-14 13:45 2184576 837FCF2A885B4CF3F28475D8376B4FD2 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[7] 2008-08-14 13:24 2193408 04BA43B0D2A13BD6B06D707299243CFC c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[7] 2008-04-14 02:01 2193280 185F6C64734019E7E9F626E53CC37FB4 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[7] 2004-08-04 03:40 2185216 3B72A63F230DFB276FC96A99173A81BE c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe

[7] 2009-02-09 11:25 2193280 C667CA055AA4E24A0733061282276AA5 c:\windows\Driver Cache\i386\ntoskrnl.exe

[7] 2008-04-14 02:01 2193280 185F6C64734019E7E9F626E53CC37FB4 c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[7] 2004-08-04 03:40 2185216 3B72A63F230DFB276FC96A99173A81BE c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\ntoskrnl.exe

[7] 2009-02-09 11:25 2193280 C667CA055AA4E24A0733061282276AA5 c:\windows\system32\ntoskrnl.exe

[7] 2009-02-09 11:25 2193280 C667CA055AA4E24A0733061282276AA5 c:\windows\system32\dllcache\ntoskrnl.exe

 

[7] 2008-04-14 02:20 1035776 064EC7FF5F58B928C3E119402977FA6D c:\windows\explorer.exe

[-] 2007-06-13 13:10 1035264 45D521506825A10B80833B4E9621CCF6 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 13:21 1035264 DCCBF18E94D651393A3FFA060F88E0A0 c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 03:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2008-04-14 02:20 1035776 064EC7FF5F58B928C3E119402977FA6D c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2004-08-04 03:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\explorer.exe

 

[7] 2009-02-09 11:17 111104 38867483E0CB504BB8F277E05729881E c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[7] 2004-08-04 03:45 108544 CC73C4430C2FC27FDE16A0A4E3678148 c:\windows\$NtServicePackUninstall$\services.exe

[7] 2008-04-14 02:21 109056 EE7999BAACA84CFAA03726E677EE2A33 c:\windows\$NtUninstallKB956572$\services.exe

[7] 2008-04-14 02:21 109056 EE7999BAACA84CFAA03726E677EE2A33 c:\windows\ServicePackFiles\i386\services.exe

[7] 2004-08-04 03:45 108544 CC73C4430C2FC27FDE16A0A4E3678148 c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\services.exe

[7] 2009-02-09 11:25 111104 C52DEB6D8CD4B096BF1A9EC001F36507 c:\windows\system32\services.exe

[7] 2009-02-09 11:25 111104 C52DEB6D8CD4B096BF1A9EC001F36507 c:\windows\system32\dllcache\services.exe

 

[7] 2004-08-04 03:45 13312 35C6463B3C5F62D2B20C953B6E1538E9 c:\windows\$NtServicePackUninstall$\lsass.exe

[7] 2008-04-14 02:21 13312 9607142710D3B64AB7FCCE4BE4E30D37 c:\windows\ServicePackFiles\i386\lsass.exe

[7] 2004-08-04 03:45 13312 35C6463B3C5F62D2B20C953B6E1538E9 c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\lsass.exe

[7] 2008-04-14 02:21 13312 9607142710D3B64AB7FCCE4BE4E30D37 c:\windows\system32\lsass.exe

 

[7] 2004-08-04 03:45 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2008-04-14 02:20 15360 4E486ADFE3A0B9ED0EB0639902E9F64F c:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2004-08-04 03:45 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\ctfmon.exe

[7] 2008-04-14 02:20 15360 4E486ADFE3A0B9ED0EB0639902E9F64F c:\windows\system32\ctfmon.exe

 

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe

[7] 2004-08-04 03:45 57856 3971289FA7072812CAF4D053BBC6352B c:\windows\$NtUninstallKB896423$\spoolsv.exe

[7] 2008-04-14 02:21 57856 AF1D9AE15C11163F576DF6ED6194B53C c:\windows\ServicePackFiles\i386\spoolsv.exe

[7] 2004-08-04 03:45 57856 3971289FA7072812CAF4D053BBC6352B c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\spoolsv.exe

[7] 2008-04-14 02:21 57856 AF1D9AE15C11163F576DF6ED6194B53C c:\windows\system32\spoolsv.exe

 

[7] 2008-04-14 02:21 111616 4F2DDAECD720AAA6AD7475E5A29E5980 c:\windows\ServicePackFiles\i386\wuauclt.exe

[7] 2008-10-16 16:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe

[7] 2008-10-16 16:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

 

[7] 2004-08-04 03:45 24576 4CA695EC1EE4C7CF2144DFA00EA0E1F7 c:\windows\$NtServicePackUninstall$\userinit.exe

[7] 2008-04-14 02:21 26112 A7EA40F680163808D96F89B4FF991876 c:\windows\ServicePackFiles\i386\userinit.exe

[7] 2004-08-04 03:45 24576 4CA695EC1EE4C7CF2144DFA00EA0E1F7 c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\userinit.exe

[7] 2008-04-14 02:21 26112 A7EA40F680163808D96F89B4FF991876 c:\windows\system32\userinit.exe

 

[7] 2004-08-04 03:45 296960 23DFF6DAA7565CC5802E057A6B9F585E c:\windows\$NtServicePackUninstall$\termsrv.dll

[7] 2008-04-14 02:20 296960 0F4DB70DCE17B9DC1A5D835B1A5EE469 c:\windows\ServicePackFiles\i386\termsrv.dll

[7] 2004-08-04 03:45 296960 23DFF6DAA7565CC5802E057A6B9F585E c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\termsrv.dll

[7] 2008-04-14 02:20 296960 0F4DB70DCE17B9DC1A5D835B1A5EE469 c:\windows\system32\termsrv.dll

 

[-] 2007-04-16 16:11 1025024 631A6F8B57F800E4B55F8539F76E7274 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

[7] 2009-03-21 13:59 1030656 03DA51CE83B0D693A10C91B139BBD221 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2007-04-16 15:53 1023488 ECE3A528F975CEEC8B4FAF404548A449 c:\windows\$NtServicePackUninstall$\kernel32.dll

[7] 2004-08-04 03:45 1022464 AD72A244955E89EBBB8FABF02F8041C6 c:\windows\$NtUninstallKB935839$\kernel32.dll

[7] 2008-04-14 02:20 1028608 68ECDAD8AE2768DE61C20C41A28CC0B0 c:\windows\$NtUninstallKB959426$\kernel32.dll

[7] 2008-04-14 02:20 1028608 68ECDAD8AE2768DE61C20C41A28CC0B0 c:\windows\ServicePackFiles\i386\kernel32.dll

[7] 2004-08-04 03:45 1022464 AD72A244955E89EBBB8FABF02F8041C6 c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\kernel32.dll

[7] 2009-03-21 14:08 1028608 6A5A13A014F72F3C8E8A23B662C9DAF1 c:\windows\system32\kernel32.dll

[7] 2009-03-21 14:08 1028608 6A5A13A014F72F3C8E8A23B662C9DAF1 c:\windows\system32\dllcache\kernel32.dll

 

[7] 2004-08-04 03:45 17408 0F81EB414DE1D77DD315F4A3D324BC1E c:\windows\$NtServicePackUninstall$\powrprof.dll

[7] 2008-04-14 02:20 17408 C008BBC88156E0EE109C7FF445CD9555 c:\windows\ServicePackFiles\i386\powrprof.dll

[7] 2004-08-04 03:45 17408 0F81EB414DE1D77DD315F4A3D324BC1E c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\powrprof.dll

[7] 2008-04-14 02:20 17408 C008BBC88156E0EE109C7FF445CD9555 c:\windows\system32\powrprof.dll

 

[7] 2004-08-04 03:45 110080 602B88592E0690D0DFB5E5F44A9EF820 c:\windows\$NtServicePackUninstall$\imm32.dll

[7] 2008-04-14 02:20 110080 05C621EAA979D33A12F3B510FF4C6F9F c:\windows\ServicePackFiles\i386\imm32.dll

[7] 2004-08-04 03:45 110080 602B88592E0690D0DFB5E5F44A9EF820 c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\imm32.dll

[7] 2008-04-14 02:20 110080 05C621EAA979D33A12F3B510FF4C6F9F c:\windows\system32\imm32.dll

 

[7] 2004-08-04 03:45 1548288 1DD4FC7EEE3A45257528A34FDF7BC689 c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[7] 2008-04-14 02:20 1571840 698F9583D1EB213B09F12DD5826A46E2 c:\windows\ServicePackFiles\i386\sfcfiles.dll

[7] 2004-08-04 03:45 1548288 1DD4FC7EEE3A45257528A34FDF7BC689 c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\sfcfiles.dll

[7] 2008-04-14 02:20 1571840 698F9583D1EB213B09F12DD5826A46E2 c:\windows\system32\sfcfiles.dll

 

[7] 2004-08-04 03:45 172032 2E131621557A6EF486FC86D738CBC8B6 c:\windows\$NtServicePackUninstall$\appmgmts.dll

[7] 2008-04-14 02:20 172032 27683D3EE8FCB7E620B25C8A84B329D6 c:\windows\ServicePackFiles\i386\appmgmts.dll

[7] 2004-08-04 03:45 172032 2E131621557A6EF486FC86D738CBC8B6 c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\appmgmts.dll

[7] 2008-04-14 02:20 172032 27683D3EE8FCB7E620B25C8A84B329D6 c:\windows\system32\appmgmts.dll

 

[7] 2004-08-04 03:39 25088 7FC1E330386610D5EB3E7C4C7893CA93 c:\windows\$NtServicePackUninstall$\kbdclass.sys

[7] 2008-04-14 01:58 25088 D3D4832B494CBF9A87CF86D7517013CB c:\windows\ServicePackFiles\i386\kbdclass.sys

[7] 2004-08-04 03:39 25088 7FC1E330386610D5EB3E7C4C7893CA93 c:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\kbdclass.sys

[7] 2008-04-14 01:58 25088 D3D4832B494CBF9A87CF86D7517013CB c:\windows\system32\drivers\kbdclass.sys

.

((((((((((((((((((((((((((((( SnapShot_2009-06-13_16.08.11 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-17 01:32 . 2009-06-17 01:32 65536 c:\windows\Installer\{49FC50FC-F965-40D9-89B4-CBFF80941033}\ARPPRODUCTICON.exe

+ 2009-06-22 15:57 . 2009-06-22 20:49 1650 c:\windows\SoftwareDistribution\EventCache\{97C62376-593B-4864-BB48-086919FF0226}.bin

+ 2008-11-08 11:12 . 2002-12-20 16:06 3366912 c:\windows\system32\dllcache\moviemk.exe

+ 2009-06-17 01:29 . 2002-12-20 16:06 3366912 c:\windows\RegisteredPackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\moviemk.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BitTorrent DNA"="c:\arquivos de programas\BitTorrent_DNA\dna.exe" [2009-01-16 286016]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NSLauncher"="c:\arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]

"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SpeedTouch USB Diagnostics"="c:\arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

 

c:\documents and settings\Vitor\Menu Iniciar\Programas\Inicializar\

Webshots.lnk - c:\arquivos de programas\Webshots\Launcher.exe [2008-11-8 157000]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"getPlus® Helper"=3 (0x3)

"AGWinService"=2 (0x2)

"AresChatServer"=3 (0x3)

"SoundMAX Agent Service (default)"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\BitTorrent_DNA\\dna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6/2/2009 14:23 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6/2/2009 14:24 93336]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [6/2/2009 14:23 727720]

R3 PAC207;e-Messenger 112;c:\windows\system32\drivers\PFC027.SYS [18/5/2009 22:32 616064]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]

S3 alcan5ln;Alcatel SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [8/11/2008 14:12 36048]

S4 AGWinService;AG Windows Service;c:\arquivos de programas\AGI\common\win32\pythonservice.exe [10/11/2008 21:02 10240]

S4 getPlus® Helper;getPlus® Helper;c:\arquivos de programas\NOS\bin\getPlus_HelperSvc.exe --> c:\arquivos de programas\NOS\bin\getPlus_HelperSvc.exe [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-06-22 c:\windows\Tasks\User_Feed_Synchronization-{1FA118A6-31B6-46FC-BDF1-5AA9F555BDBF}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

mStart Page = hxxp://www.google.com

mWindow Title =

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {44B97DF7-679B-4472-A6DA-01B793E45A92} = 200.175.5.139 200.175.182.139

DPF: {E281E771-5E4C-11D5-B3E8-0040C7A63343} - hxxp://www.centraldejogos.com.br/StopWeb/StopWeb.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-22 18:57

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(192)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-06-22 19:02

ComboFix-quarantined-files.txt 2009-06-22 22:02

ComboFix2.txt 2009-06-13 16:10

ComboFix3.txt 2009-06-08 15:58

ComboFix4.txt 2009-05-26 00:58

ComboFix5.txt 2009-06-22 20:51

 

Pré-execução: 6.589.599.744 bytes disponíveis

Pós execução: 6.606.385.152 bytes disponíveis

 

310 --- E O F --- 2009-06-11 00:16

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa ViniPage,

 

A máquina parece limpa. Os problemas persistem?

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.