Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

rafael0xp

[Arquivado] Erro Temp 2.exe....

Recommended Posts

Toda vez que ligo meu computador... fika um pouco lerdo e da esse erro de temp2.exe...

antes nunca dava e meu pc era mt rapido

masi agora fiko lerdo

nao sei se foi por causa dele.. mais por favor alguem poderia me informar que erro é este?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa rafael0xp,

 

Faça o seguinte:

 

Baixe o HijackThis versão 1.99.1.

 

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (extraindo do zip --> para uma pasta própria tipo c:/Hijack).

 

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

 

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado aqui neste mesmo tópico.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

jgarcia, segue ai o log

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:02:05, on 21/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\Arquivos de programas\GRISOFT\AVG7\avgcc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conex? do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\pt-br\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [steam] C:\Arquivos de programas\Steam\Steam.exe -silent

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4CDA5123-567D-4335-9A91-8546F0CF394E}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe" --ntservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: BOCore - COMODO - C:\Arquivos de programas\Comodo\CBOClean\BOCORE.exe

O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa rafael0xp,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Jgarcia, estão entrando vários arquivos na pasta C:/ComboFix e acabou de aparecer uma janela .dos..

é comum isso? to fazendo a coisa certa?

obrigado..

Compartilhar este post


Link para o post
Compartilhar em outros sites
Jgarcia, estão entrando vários arquivos na pasta C:/ComboFix e acabou de aparecer uma janela .dos..

é comum isso? to fazendo a coisa certa?

obrigado..

Isto é normal. :thumbsup:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Jgarcia, segue aqui o log do combo fix, em seguida do hijack

 

ComboFix 08-03-21.1 - Administrador 2008-03-21 16:31:17.1 - NTFSx86

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\Gravity\Ragnarok Online\neoncube\_desktop.ini

C:\Arquivos de programas\Gravity\Ragnarok Online\neoncube\skin_BbRO\_desktop.ini

C:\Arquivos de programas\Gravity\Ragnarok Online\neoncube\skin_default\_desktop.ini

C:\Arquivos de programas\Gravity\Ragnarok Online\neoncube\skin_red\_desktop.ini

C:\WINDOWS\autorun.inf

C:\WINDOWS\system32\temp2.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-21 to 2008-03-21 ))))))))))))))))))))))))))))))))

.

 

2008-03-21 16:19 . 2008-03-21 16:19 3,631 --a--c--- C:\D31.tmp

2008-03-21 15:00 . 2008-03-21 15:02 <DIR> d----c--- C:\HijackThis

2008-03-21 14:59 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe

2008-03-21 14:27 . 2008-03-21 14:29 <DIR> d----c--- C:\ClamWinPortable

2008-03-21 14:12 . 2008-03-21 14:12 <DIR> d----c--- C:\Arquivos de programas\DNA

2008-03-21 14:12 . 2008-03-21 14:12 <DIR> d----c--- C:\Arquivos de programas\BitTorrent

2008-03-20 23:37 . 2008-03-20 23:37 <DIR> d----c--- C:\Brasfoot2008

2008-03-20 23:03 . 2008-03-20 23:24 <DIR> d----c--- C:\Arquivos de programas\Download Direct

2008-03-20 22:52 . 2008-03-21 14:02 <DIR> d----c--- C:\Arquivos de programas\Steam

2008-03-20 22:40 . 2008-03-21 14:05 <DIR> d----c--- C:\PacSteamT

2008-03-20 22:40 . 2008-03-20 22:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Thraex Software

2008-03-20 22:22 . 2008-03-20 22:22 268 --ah-c--- C:\sqmdata01.sqm

2008-03-20 22:22 . 2008-03-20 22:22 244 --ah-c--- C:\sqmnoopt01.sqm

2008-03-20 22:09 . 2008-03-20 22:09 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-20 21:57 . 2008-03-20 21:57 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\AdobeUM

2008-03-20 12:01 . 2005-03-20 12:09 <DIR> d----c--- C:\Arquivos de programas\Wyd Tebas

2008-03-14 22:50 . 2008-03-18 22:36 <DIR> d----c--- C:\fansro_bro

2008-03-14 18:16 . 2008-03-14 18:22 <DIR> d-------- C:\Documents and Settings\Rafael2\Contacts

2008-03-14 17:09 . 2008-03-14 17:09 268 --ah-c--- C:\sqmdata00.sqm

2008-03-14 17:09 . 2008-03-14 17:09 244 --ah-c--- C:\sqmnoopt00.sqm

2008-03-14 17:08 . 2008-03-14 17:08 <DIR> d--hs---- C:\Documents and Settings\Rafael2\Configuracoes locais

2008-03-14 17:05 . 2008-02-04 18:47 <DIR> d-------- C:\Documents and Settings\Rafael2\nodtmpb

2008-03-14 17:05 . 2008-02-04 18:43 <DIR> d--h----- C:\Documents and Settings\Rafael2\Modelos

2008-03-14 17:05 . 2008-03-14 18:19 <DIR> dr------- C:\Documents and Settings\Rafael2\Meus documentos

2008-03-14 17:05 . 2008-02-04 16:36 <DIR> dr------- C:\Documents and Settings\Rafael2\Menu Iniciar

2008-03-14 17:05 . 2008-03-14 17:08 <DIR> dr------- C:\Documents and Settings\Rafael2\Favoritos

2008-03-14 17:05 . 2008-03-15 16:26 <DIR> dr-h----- C:\Documents and Settings\Rafael2\Dados de aplicativos

2008-03-14 17:05 . 2008-03-14 17:08 <DIR> d--h----- C:\Documents and Settings\Rafael2\Configurações locais

2008-03-14 17:05 . 2008-02-04 16:36 <DIR> d--h----- C:\Documents and Settings\Rafael2\Ambiente de rede

2008-03-14 17:05 . 2008-02-04 16:36 <DIR> d--h----- C:\Documents and Settings\Rafael2\Ambiente de impressão

2008-03-14 10:27 . 2008-03-14 10:27 <DIR> d----c--- C:\data102

2008-03-13 15:49 . 2008-03-13 15:49 <DIR> d-------- C:\WINDOWS\RagnaPROJECT

2008-03-13 14:21 . 2003-03-15 23:15 90,112 --------- C:\WINDOWS\unvise32.exe

2008-03-11 22:24 . 2008-03-11 22:24 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\PC Accelerate

2008-03-11 22:24 . 2008-03-11 22:24 <DIR> d----c--- C:\Arquivos de programas\PC Accelerate

2008-03-11 22:17 . 2006-05-20 20:19 70,207 -rahsc--- C:\host.exe

2008-03-11 17:59 . 2008-03-11 17:59 <DIR> d--h----- C:\WINDOWS\PIF

2008-03-11 17:42 . 2008-03-11 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\FreeRIP

2008-03-11 17:42 . 2008-03-11 17:42 <DIR> d----c--- C:\Arquivos de programas\FreeRIP3

2008-03-11 17:42 . 2008-03-11 17:48 425 --a------ C:\WINDOWS\cdplayer.ini

2008-03-08 14:46 . 2008-03-08 14:46 <DIR> d----c--- C:\Arquivos de programas\MSN Messenger

2008-03-08 14:45 . 2008-03-08 14:45 <DIR> d----c--- C:\Arquivos de programas\MSN Toolbar

2008-03-08 13:22 . 2008-03-15 10:59 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\IGN_DLM

2008-03-06 09:58 . 2008-03-06 09:58 73,216 --a------ C:\WINDOWS\temp.003

2008-03-06 09:58 . 2008-03-06 09:58 1,688 --a------ C:\WINDOWS\ST6UNST.007

2008-03-06 09:57 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll

2008-03-06 09:57 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax

2008-03-06 09:56 . 2008-03-06 09:56 73,216 --a------ C:\WINDOWS\temp.002

2008-03-06 09:56 . 2008-03-06 09:56 1,688 --a------ C:\WINDOWS\ST6UNST.006

2008-03-06 09:55 . 2008-03-06 09:55 1,715 --a------ C:\WINDOWS\ST6UNST.005

2008-03-06 09:54 . 2008-03-06 09:54 73,216 --a------ C:\WINDOWS\temp.001

2008-03-06 09:54 . 2008-03-06 09:54 1,688 --a------ C:\WINDOWS\ST6UNST.004

2008-03-06 09:53 . 2008-03-06 09:53 73,216 --a------ C:\WINDOWS\temp.000

2008-03-06 09:53 . 2008-03-06 09:53 1,688 --a------ C:\WINDOWS\ST6UNST.002

2008-03-06 09:53 . 2008-03-06 09:53 1,637 --a------ C:\WINDOWS\ST6UNST.003

2008-03-06 09:51 . 2003-01-10 15:10 1,819,276 --------- C:\WINDOWS\AUTORUN.CAB

2008-03-06 09:51 . 2008-03-06 09:59 856,064 --------- C:\WINDOWS\Setup1.exe

2008-03-06 09:51 . 2008-03-06 09:59 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-03-06 09:51 . 2008-03-06 09:51 1,894 --a------ C:\WINDOWS\ST6UNST.000

2008-03-06 09:51 . 2008-03-06 09:52 1,637 --a------ C:\WINDOWS\ST6UNST.001

2008-03-03 22:05 . 2008-03-11 21:26 <DIR> d----c--- C:\Arquivos de programas\Lineage II

2008-03-03 22:04 . 2008-03-03 22:04 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2008-03-03 16:24 . 2008-03-03 16:24 <DIR> d----c--- C:\Arquivos de programas\Elaborate Bytes

2008-02-29 22:12 . 2008-03-01 00:09 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\GetRightToGo

2008-02-29 12:22 . 2008-03-21 16:03 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\DNA

2008-02-29 12:22 . 2008-03-21 16:01 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\BitTorrent

2008-02-29 11:48 . 2008-02-29 11:51 471,040 --a------ C:\WINDOWS\dog3.scr

2008-02-29 11:47 . 2008-02-29 11:51 <DIR> d-------- C:\WINDOWS\dog3 dir

2008-02-28 15:28 . 2008-02-28 15:28 <DIR> d----c--- C:\Arquivos de programas\LevelUpGames

2008-02-28 14:57 . 2008-03-14 14:23 <DIR> d----c--- C:\Arquivos de programas\OnGame

2008-02-28 12:23 . 2008-02-28 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-28 12:23 . 2008-02-28 12:23 <DIR> d----c--- C:\Arquivos de programas\Windows Live

2008-02-28 12:23 . 2008-02-28 12:23 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-24 12:39 . 2008-02-24 12:39 24,624 --a------ C:\WINDOWS\FUJIGOLF.DAT

2008-02-24 12:39 . 2008-02-24 12:42 212 --a------ C:\WINDOWS\FUJIGOLF.INI

2008-02-24 12:39 . 2008-02-24 12:39 15 --a------ C:\WINDOWS\entpack.ini

2008-02-23 19:01 . 2008-02-23 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2008-02-23 17:15 . 2006-02-04 04:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd

2008-02-23 17:15 . 2006-02-04 04:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2008-02-23 16:53 . 2008-02-23 16:53 <DIR> d----c--- C:\Arquivos de programas\Gravity

2008-02-23 11:32 . 2008-02-23 11:32 <DIR> d----c--- C:\Arquivos de programas\Windows Live Safety Center

2008-02-21 15:06 . 2008-02-21 15:06 <DIR> d----c--- C:\Automap

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-21 17:11 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-20 20:32 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Hamachi

2008-03-15 14:02 --------- dc----w C:\Arquivos de programas\ZillaSoft.ws

2008-03-13 19:03 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\AVG7

2008-03-11 20:42 --------- d-----w C:\Arquivos de programas\ESET

2008-03-04 01:04 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-03 19:23 471,040 ----a-w C:\WINDOWS\dog2.scr

2008-03-03 19:23 12,288 ----a-w C:\WINDOWS\impborl.dll

2008-03-01 20:55 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Tibia

2008-02-21 19:46 --------- dc----w C:\Arquivos de programas\Tibia8.0

2008-02-20 23:12 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\HP

2008-02-19 00:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-02-19 00:18 --------- dc----w C:\Arquivos de programas\HP

2008-02-19 00:18 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

2008-02-19 00:14 --------- dc----w C:\Arquivos de programas\Hewlett-Packard

2008-02-19 00:13 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-02-13 20:24 --------- dc----w C:\Arquivos de programas\Real Alternative

2008-02-13 15:21 --------- dc----w C:\Arquivos de programas\No-IP

2008-02-07 18:07 --------- dc----w C:\Arquivos de programas\WYD Maniaa

2008-02-07 00:15 --------- dc----w C:\Arquivos de programas\Bazooka Scanner

2008-02-06 04:04 --------- dc----w C:\Arquivos de programas\Hamachi

2008-02-06 04:03 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-02-06 01:09 --------- dc----w C:\Arquivos de programas\Asprate

2008-02-06 00:35 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\sqlitestudio

2008-02-05 18:45 504,320 ----a-w C:\WINDOWS\system32\winlogon.exe

2008-02-05 18:06 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BOC425

2008-02-05 02:29 730,016 ----a-w C:\WINDOWS\winexec32.exe

2008-02-05 01:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-02-05 00:36 --------- d-----w C:\Arquivos de programas\Comodo

2008-02-05 00:25 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic

2008-02-05 00:17 --------- d-----w C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2008-02-05 00:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-02-04 23:49 --------- d-----w C:\Arquivos de programas\Google

2008-02-04 23:42 --------- d-----w C:\Arquivos de programas\DAP

2008-02-04 23:39 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll

2008-02-04 23:37 --------- d-----w C:\Arquivos de programas\YourWare Solutions

2008-02-04 23:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-02-04 23:05 --------- d-----w C:\Arquivos de programas\Symantec

2008-02-04 22:52 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

2008-02-04 22:51 --------- d-----w C:\Arquivos de programas\Ahead

2008-02-04 22:50 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-02-04 22:48 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Motive

2008-02-04 22:48 --------- d-----w C:\Arquivos de programas\Assistente Tecnico Speedy

2008-02-04 22:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Motive

2008-02-04 22:47 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-02-04 22:44 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-02-04 22:38 --------- d-----w C:\Arquivos de programas\Motive

2008-02-04 22:38 --------- d-----w C:\Arquivos de programas\Common Files

2008-02-04 22:36 155,995 ----a-w C:\WINDOWS\java\Packages\QY4F7RBD.ZIP

2008-02-04 22:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA

2008-02-04 22:32 --------- d-----w C:\Arquivos de programas\Telefonica

2008-02-04 22:24 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Symantec

2008-02-04 22:18 606,848 ----a-w C:\WINDOWS\flashax.exe

2008-02-04 22:18 194,560 ----a-w C:\WINDOWS\ASUS_Ai_Proactive_Screensaver (E).scr

2008-02-04 22:17 --------- d-----w C:\Arquivos de programas\Marvell

2008-02-04 22:10 --------- d-----w C:\Arquivos de programas\Asus

2008-02-04 22:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-02-04 22:07 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-04 22:06 --------- d-----w C:\Arquivos de programas\Intel

2008-02-04 21:56 --------- d-----w C:\Arquivos de programas\Analog Devices

2008-02-04 21:48 --------- d-----w C:\Arquivos de programas\Java

2008-02-04 21:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-02-04 21:47 502,208 ----a-w C:\WINDOWS\system32\drivers\amon.sys

2008-02-04 21:47 270,336 ----a-w C:\WINDOWS\system32\imon.dll

2008-02-04 21:45 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-02-04 21:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-02-04 23:39 251,392 ----a-w C:\Arquivos de programas\opera\program\plugins\dapop.dll

.

 

------- Sigcheck -------

 

2008-02-05 15:45 504320 51733fc02dc0a7eb35452fb2ab5ada64 C:\WINDOWS\system32\winlogon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:45 15360]

"BitTorrent DNA"="C:\Arquivos de programas\DNA\btdna.exe" [2008-03-21 14:12 287040]

"FreeRAM XP"="C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 23:13 1591808]

"NitroPC"="C:\Arquivos de programas\NitroPC\NitroPC.exe" [ ]

"Steam"="C:\Arquivos de programas\Steam\Steam.exe" [2008-03-20 22:54 1266936]

"DLD.EXE"="C:\Arquivos de programas\Download Direct\DLD.exe" [2007-09-06 10:54 1343488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-17 23:49 7618560]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2001-10-28 14:06 208949]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2001-10-28 14:06 77824]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2001-10-28 14:06 737360]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2001-10-28 14:06 737360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 18:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-02-04 21:17 219136]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="cmd.exe" [2004-08-03 18:45 400384 C:\WINDOWS\system32\cmd.exe]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 18:34 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\hamachi.lnk

backup=C:\WINDOWS\pss\hamachi.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Assistente Tecnico Speedy.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Assistente Tecnico Speedy.lnk

backup=C:\WINDOWS\pss\Assistente Tecnico Speedy.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]

--a------ 2002-12-06 15:07 617984 C:\Program Files\ASUS\Asus Probe\AsusProb.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

--a------ 2008-02-04 21:17 579072 C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425]

--a------ 2007-11-26 09:38 342272 C:\ARQUIV~1\Comodo\CBOClean\BOC425.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-03 18:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

--a------ 2008-02-04 20:39 4576768 C:\Arquivos de programas\DAP\DAP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]

--a------ 2006-03-22 23:13 1591808 C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a--c--- 2006-02-19 02:41 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTV Agent]

C:\Arquivos de programas\HTV\HTV.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

--a------ 2001-10-28 14:06 208949 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

C:\WINDOWS\svchost.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

--a------ 2005-04-15 15:46 397312 C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a--c--- 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

--a------ 2001-10-28 14:06 77824 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

--a------ 2008-02-04 18:47 917504 C:\Arquivos de programas\Eset\nod32kui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-07-17 23:49 7618560 C:\WINDOWS\system32\NvCpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2006-07-17 23:49 86016 C:\WINDOWS\system32\NvMcTray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-07-17 23:49 1519616 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

--a------ 2001-10-28 14:06 737360 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

--a------ 2001-10-28 14:06 737360 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired]

--a------ 2004-11-18 09:16 86016 C:\Arquivos de programas\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2005-09-07 14:35 716800 C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a------ 2005-05-19 22:11 925696 C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-06-03 02:52 36975 C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\DAP\\DAP.exe"=

"C:\\Arquivos de programas\\GRISOFT\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\GRISOFT\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\GRISOFT\\AVG7\\avgcc.exe"=

"C:\\Arquivos de programas\\GRISOFT\\AVG7\\avgemc.exe"=

"C:\\WINDOWS\\winexec32.exe"=

"C:\\Documents and Settings\\Administrador\\Configurações locais\\Temp\\wingbp.exe"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Documents and Settings\\Administrador\\Meus documentos\\Striker Server\\LiiveOT™.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"C:\\Arquivos de programas\\LevelUpGames\\Grand Chase\\Main.exe"=

"C:\\Arquivos de programas\\DNA\\btdna.exe"=

"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\PacSteamT\\SteamApps\\rafael0x\\counter-strike\\hl.exe"=

 

S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\Administrador\Desktop\Moonlite\Moon_light\IlvMoney1129.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99b0f03d-efc7-11dc-9599-0018f34ef6f2}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-21 16:40:11

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Arquivos de programas\Eset\pr_imon.dll

.

Tempo para conclusão: 2008-03-21 16:44:28

ComboFix-quarantined-files.txt 2008-03-21 19:43:24

.

2008-02-06 14:00:57 --- E O F ---

 

Jgarcia, segue ai o log do hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 16:46:55, on 21/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: Auxiliar de Conex? do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\pt-br\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [steam] C:\Arquivos de programas\Steam\Steam.exe -silent

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4CDA5123-567D-4335-9A91-8546F0CF394E}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe" --ntservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: BOCore - COMODO - C:\Arquivos de programas\Comodo\CBOClean\BOCORE.exe

O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa rafael0xp,

 

Ainda há o que fazer, então vamos lá.

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\WINDOWS\unvise32.exe

C:\WINDOWS\winexec32.exe

C:\WINDOWS\flashax.exe

C:\WINDOWS\svchost.exe

C:\WINDOWS\AUTORUN.CAB

C:\WINDOWS\FUJIGOLF.DAT

C:\WINDOWS\FUJIGOLF.INI

C:\WINDOWS\entpack.ini

C:\WINDOWS\impborl.dll

C:\host.exe

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

  • 2. Salve o arquivo como CFScript.txt;
     
    3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
    645i642.gif
     
    4. Ao término do processo a ferramenta irá gerar um log (talvez a máquina seja reiniciada).
     
    5. Agora, vá em Iniciar -> Executar -> digite regedit -> dê Ok.
     
    6. Navegue até a seguinte subchave:
     
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2
     
    7. Localize e delete a seguinte pasta:
     
    {99b0f03d-efc7-11dc-9599-0018f34ef6f2}
     
    8. Saia do Editor do Registro.
     
    9. Poste o log gerado (C:\ComboFix.txt) em sua próxima resposta.

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Jgarcia,

no regedit, fui até o explorer nao tem esse mount...2!

oquê eu faço?

Tranqüilo. Poste apenas o log gerado. ;)

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-03-21.1 - Administrador 2008-03-21 21:03:42.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1254.7.1046.18.216 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\host.exe

C:\WINDOWS\AUTORUN.CAB

C:\WINDOWS\entpack.ini

C:\WINDOWS\flashax.exe

C:\WINDOWS\FUJIGOLF.DAT

C:\WINDOWS\FUJIGOLF.INI

C:\WINDOWS\impborl.dll

C:\WINDOWS\svchost.exe

C:\WINDOWS\unvise32.exe

C:\WINDOWS\winexec32.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

C:\host.exe

C:\WINDOWS\AUTORUN.CAB

C:\WINDOWS\entpack.ini

C:\WINDOWS\flashax.exe

C:\WINDOWS\FUJIGOLF.DAT

C:\WINDOWS\FUJIGOLF.INI

C:\WINDOWS\impborl.dll

C:\WINDOWS\winexec32.exe

D:\Autorun.inf

D:\copy.exe

D:\host.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))

.

 

2008-03-21 21:03 . 2008-03-21 21:03 3,631 --a--c--- C:\41C.tmp

2008-03-21 19:21 . 2008-03-21 19:21 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-03-21 19:21 . 2008-03-21 19:21 <DIR> d-------- C:\WINDOWS\system32\oobe

2008-03-21 19:21 . 2008-03-21 19:21 <DIR> d----c--- C:\Arquivos de programas\microsoft frontpage

2008-03-21 16:19 . 2008-03-21 16:19 3,631 --a--c--- C:\D31.tmp

2008-03-21 15:00 . 2008-03-21 16:46 <DIR> d----c--- C:\HijackThis

2008-03-21 14:59 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe

2008-03-21 14:27 . 2008-03-21 14:29 <DIR> d----c--- C:\ClamWinPortable

2008-03-21 14:12 . 2008-03-21 14:12 <DIR> d----c--- C:\Arquivos de programas\DNA

2008-03-21 14:12 . 2008-03-21 14:12 <DIR> d----c--- C:\Arquivos de programas\BitTorrent

2008-03-20 23:37 . 2008-03-20 23:37 <DIR> d----c--- C:\Brasfoot2008

2008-03-20 23:03 . 2008-03-20 23:24 <DIR> d----c--- C:\Arquivos de programas\Download Direct

2008-03-20 22:52 . 2008-03-21 19:22 <DIR> d----c--- C:\Arquivos de programas\Steam

2008-03-20 22:40 . 2008-03-21 14:05 <DIR> d----c--- C:\PacSteamT

2008-03-20 22:40 . 2008-03-20 22:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Thraex Software

2008-03-20 22:22 . 2008-03-20 22:22 268 --ah-c--- C:\sqmdata01.sqm

2008-03-20 22:22 . 2008-03-20 22:22 244 --ah-c--- C:\sqmnoopt01.sqm

2008-03-20 22:09 . 2008-03-20 22:09 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-20 21:57 . 2008-03-20 21:57 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\AdobeUM

2008-03-20 12:01 . 2005-03-20 12:09 <DIR> d----c--- C:\Arquivos de programas\Wyd Tebas

2008-03-14 22:50 . 2008-03-18 22:36 <DIR> d----c--- C:\fansro_bro

2008-03-14 18:16 . 2008-03-14 18:22 <DIR> d-------- C:\Documents and Settings\Rafael2\Contacts

2008-03-14 17:09 . 2008-03-14 17:09 268 --ah-c--- C:\sqmdata00.sqm

2008-03-14 17:09 . 2008-03-14 17:09 244 --ah-c--- C:\sqmnoopt00.sqm

2008-03-14 17:08 . 2008-03-14 17:08 <DIR> d--hs---- C:\Documents and Settings\Rafael2\Configuracoes locais

2008-03-14 17:05 . 2008-02-04 18:47 <DIR> d-------- C:\Documents and Settings\Rafael2\nodtmpb

2008-03-14 17:05 . 2008-02-04 18:43 <DIR> d--h----- C:\Documents and Settings\Rafael2\Modelos

2008-03-14 17:05 . 2008-03-14 18:19 <DIR> dr------- C:\Documents and Settings\Rafael2\Meus documentos

2008-03-14 17:05 . 2008-02-04 16:36 <DIR> dr------- C:\Documents and Settings\Rafael2\Menu Iniciar

2008-03-14 17:05 . 2008-03-14 17:08 <DIR> dr------- C:\Documents and Settings\Rafael2\Favoritos

2008-03-14 17:05 . 2008-03-15 16:26 <DIR> dr-h----- C:\Documents and Settings\Rafael2\Dados de aplicativos

2008-03-14 17:05 . 2008-03-21 16:44 <DIR> d--h----- C:\Documents and Settings\Rafael2\Configurações locais

2008-03-14 17:05 . 2008-02-04 16:36 <DIR> d--h----- C:\Documents and Settings\Rafael2\Ambiente de rede

2008-03-14 17:05 . 2008-02-04 16:36 <DIR> d--h----- C:\Documents and Settings\Rafael2\Ambiente de impressão

2008-03-14 10:27 . 2008-03-14 10:27 <DIR> d----c--- C:\data102

2008-03-13 15:49 . 2008-03-13 15:49 <DIR> d-------- C:\WINDOWS\RagnaPROJECT

2008-03-11 22:24 . 2008-03-11 22:24 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\PC Accelerate

2008-03-11 22:24 . 2008-03-11 22:24 <DIR> d----c--- C:\Arquivos de programas\PC Accelerate

2008-03-11 17:59 . 2008-03-11 17:59 <DIR> d--h----- C:\WINDOWS\PIF

2008-03-11 17:42 . 2008-03-11 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\FreeRIP

2008-03-11 17:42 . 2008-03-11 17:42 <DIR> d----c--- C:\Arquivos de programas\FreeRIP3

2008-03-11 17:42 . 2008-03-11 17:48 425 --a------ C:\WINDOWS\cdplayer.ini

2008-03-08 14:46 . 2008-03-08 14:46 <DIR> d----c--- C:\Arquivos de programas\MSN Messenger

2008-03-08 14:45 . 2008-03-08 14:45 <DIR> d----c--- C:\Arquivos de programas\MSN Toolbar

2008-03-08 13:22 . 2008-03-15 10:59 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\IGN_DLM

2008-03-06 09:58 . 2008-03-06 09:58 73,216 --a------ C:\WINDOWS\temp.003

2008-03-06 09:58 . 2008-03-06 09:58 1,688 --a------ C:\WINDOWS\ST6UNST.007

2008-03-06 09:57 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll

2008-03-06 09:57 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax

2008-03-06 09:56 . 2008-03-06 09:56 73,216 --a------ C:\WINDOWS\temp.002

2008-03-06 09:56 . 2008-03-06 09:56 1,688 --a------ C:\WINDOWS\ST6UNST.006

2008-03-06 09:55 . 2008-03-06 09:55 1,715 --a------ C:\WINDOWS\ST6UNST.005

2008-03-06 09:54 . 2008-03-06 09:54 73,216 --a------ C:\WINDOWS\temp.001

2008-03-06 09:54 . 2008-03-06 09:54 1,688 --a------ C:\WINDOWS\ST6UNST.004

2008-03-06 09:53 . 2008-03-06 09:53 73,216 --a------ C:\WINDOWS\temp.000

2008-03-06 09:53 . 2008-03-06 09:53 1,688 --a------ C:\WINDOWS\ST6UNST.002

2008-03-06 09:53 . 2008-03-06 09:53 1,637 --a------ C:\WINDOWS\ST6UNST.003

2008-03-06 09:51 . 2008-03-06 09:59 856,064 --------- C:\WINDOWS\Setup1.exe

2008-03-06 09:51 . 2008-03-06 09:59 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-03-06 09:51 . 2008-03-06 09:51 1,894 --a------ C:\WINDOWS\ST6UNST.000

2008-03-06 09:51 . 2008-03-06 09:52 1,637 --a------ C:\WINDOWS\ST6UNST.001

2008-03-03 22:05 . 2008-03-11 21:26 <DIR> d----c--- C:\Arquivos de programas\Lineage II

2008-03-03 22:04 . 2008-03-03 22:04 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2008-03-03 16:24 . 2008-03-03 16:24 <DIR> d----c--- C:\Arquivos de programas\Elaborate Bytes

2008-02-29 22:12 . 2008-03-01 00:09 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\GetRightToGo

2008-02-29 12:22 . 2008-03-21 21:01 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\DNA

2008-02-29 12:22 . 2008-03-21 16:01 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\BitTorrent

2008-02-29 11:48 . 2008-02-29 11:51 471,040 --a------ C:\WINDOWS\dog3.scr

2008-02-29 11:47 . 2008-02-29 11:51 <DIR> d-------- C:\WINDOWS\dog3 dir

2008-02-28 15:28 . 2008-02-28 15:28 <DIR> d----c--- C:\Arquivos de programas\LevelUpGames

2008-02-28 14:57 . 2008-03-14 14:23 <DIR> d----c--- C:\Arquivos de programas\OnGame

2008-02-28 12:23 . 2008-02-28 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-28 12:23 . 2008-02-28 12:23 <DIR> d----c--- C:\Arquivos de programas\Windows Live

2008-02-28 12:23 . 2008-02-28 12:23 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-23 19:01 . 2008-02-23 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2008-02-23 17:15 . 2006-02-04 04:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd

2008-02-23 17:15 . 2006-02-04 04:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2008-02-23 16:53 . 2008-02-23 16:53 <DIR> d----c--- C:\Arquivos de programas\Gravity

2008-02-23 11:32 . 2008-02-23 11:32 <DIR> d----c--- C:\Arquivos de programas\Windows Live Safety Center

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-21 17:11 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-20 20:32 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Hamachi

2008-03-15 14:02 --------- dc----w C:\Arquivos de programas\ZillaSoft.ws

2008-03-13 19:03 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\AVG7

2008-03-11 20:42 --------- d-----w C:\Arquivos de programas\ESET

2008-03-04 01:04 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-03 19:23 471,040 ----a-w C:\WINDOWS\dog2.scr

2008-03-01 20:55 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Tibia

2008-02-21 19:46 --------- dc----w C:\Arquivos de programas\Tibia8.0

2008-02-20 23:12 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\HP

2008-02-19 00:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-02-19 00:18 --------- dc----w C:\Arquivos de programas\HP

2008-02-19 00:18 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

2008-02-19 00:14 --------- dc----w C:\Arquivos de programas\Hewlett-Packard

2008-02-19 00:13 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-02-13 20:24 --------- dc----w C:\Arquivos de programas\Real Alternative

2008-02-13 15:21 --------- dc----w C:\Arquivos de programas\No-IP

2008-02-07 18:07 --------- dc----w C:\Arquivos de programas\WYD Maniaa

2008-02-07 00:15 --------- dc----w C:\Arquivos de programas\Bazooka Scanner

2008-02-06 04:04 --------- dc----w C:\Arquivos de programas\Hamachi

2008-02-06 04:03 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-02-06 01:09 --------- dc----w C:\Arquivos de programas\Asprate

2008-02-06 00:35 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\sqlitestudio

2008-02-05 18:45 504,320 ----a-w C:\WINDOWS\system32\winlogon.exe

2008-02-05 18:06 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BOC425

2008-02-05 01:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-02-05 00:36 --------- d-----w C:\Arquivos de programas\Comodo

2008-02-05 00:25 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic

2008-02-05 00:17 --------- d-----w C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2008-02-05 00:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-02-04 23:49 --------- d-----w C:\Arquivos de programas\Google

2008-02-04 23:42 --------- d-----w C:\Arquivos de programas\DAP

2008-02-04 23:39 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll

2008-02-04 23:37 --------- d-----w C:\Arquivos de programas\YourWare Solutions

2008-02-04 23:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-02-04 23:05 --------- d-----w C:\Arquivos de programas\Symantec

2008-02-04 22:52 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

2008-02-04 22:51 --------- d-----w C:\Arquivos de programas\Ahead

2008-02-04 22:50 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-02-04 22:48 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Motive

2008-02-04 22:48 --------- d-----w C:\Arquivos de programas\Assistente Tecnico Speedy

2008-02-04 22:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Motive

2008-02-04 22:47 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-02-04 22:44 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-02-04 22:38 --------- d-----w C:\Arquivos de programas\Motive

2008-02-04 22:38 --------- d-----w C:\Arquivos de programas\Common Files

2008-02-04 22:36 155,995 ----a-w C:\WINDOWS\java\Packages\QY4F7RBD.ZIP

2008-02-04 22:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA

2008-02-04 22:32 --------- d-----w C:\Arquivos de programas\Telefonica

2008-02-04 22:24 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Symantec

2008-02-04 22:18 194,560 ----a-w C:\WINDOWS\ASUS_Ai_Proactive_Screensaver (E).scr

2008-02-04 22:17 --------- d-----w C:\Arquivos de programas\Marvell

2008-02-04 22:10 --------- d-----w C:\Arquivos de programas\Asus

2008-02-04 22:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-02-04 22:07 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-04 22:06 --------- d-----w C:\Arquivos de programas\Intel

2008-02-04 21:56 --------- d-----w C:\Arquivos de programas\Analog Devices

2008-02-04 21:48 --------- d-----w C:\Arquivos de programas\Java

2008-02-04 21:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-02-04 21:47 502,208 ----a-w C:\WINDOWS\system32\drivers\amon.sys

2008-02-04 21:47 270,336 ----a-w C:\WINDOWS\system32\imon.dll

2008-02-04 21:45 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-02-04 21:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-02-04 23:39 251,392 ----a-w C:\Arquivos de programas\opera\program\plugins\dapop.dll

.

 

------- Sigcheck -------

 

2008-02-05 15:45 504320 51733fc02dc0a7eb35452fb2ab5ada64 C:\WINDOWS\system32\winlogon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:45 15360]

"BitTorrent DNA"="C:\Arquivos de programas\DNA\btdna.exe" [2008-03-21 14:12 287040]

"FreeRAM XP"="C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 23:13 1591808]

"NitroPC"="C:\Arquivos de programas\NitroPC\NitroPC.exe" [ ]

"Steam"="C:\Arquivos de programas\Steam\Steam.exe" [2008-03-20 22:54 1266936]

"DLD.EXE"="C:\Arquivos de programas\Download Direct\DLD.exe" [2007-09-06 10:54 1343488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-17 23:49 7618560]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2001-10-28 14:06 208949]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2001-10-28 14:06 77824]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2001-10-28 14:06 737360]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2001-10-28 14:06 737360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 18:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-02-04 21:17 219136]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="cmd.exe" [2004-08-03 18:45 400384 C:\WINDOWS\system32\cmd.exe]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 18:34 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\hamachi.lnk

backup=C:\WINDOWS\pss\hamachi.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Assistente Tecnico Speedy.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Assistente Tecnico Speedy.lnk

backup=C:\WINDOWS\pss\Assistente Tecnico Speedy.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]

--a------ 2002-12-06 15:07 617984 C:\Program Files\ASUS\Asus Probe\AsusProb.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

--a------ 2008-02-04 21:17 579072 C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425]

--a------ 2007-11-26 09:38 342272 C:\ARQUIV~1\Comodo\CBOClean\BOC425.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-03 18:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

--a------ 2008-02-04 20:39 4576768 C:\Arquivos de programas\DAP\DAP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]

--a------ 2006-03-22 23:13 1591808 C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a--c--- 2006-02-19 02:41 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTV Agent]

C:\Arquivos de programas\HTV\HTV.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

--a------ 2001-10-28 14:06 208949 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

C:\WINDOWS\svchost.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

--a------ 2005-04-15 15:46 397312 C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a--c--- 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

--a------ 2001-10-28 14:06 77824 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

--a------ 2008-02-04 18:47 917504 C:\Arquivos de programas\Eset\nod32kui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-07-17 23:49 7618560 C:\WINDOWS\system32\NvCpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2006-07-17 23:49 86016 C:\WINDOWS\system32\NvMcTray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-07-17 23:49 1519616 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

--a------ 2001-10-28 14:06 737360 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

--a------ 2001-10-28 14:06 737360 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired]

--a------ 2004-11-18 09:16 86016 C:\Arquivos de programas\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2005-09-07 14:35 716800 C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a------ 2005-05-19 22:11 925696 C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-06-03 02:52 36975 C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\DAP\\DAP.exe"=

"C:\\Arquivos de programas\\GRISOFT\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\GRISOFT\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\GRISOFT\\AVG7\\avgcc.exe"=

"C:\\Arquivos de programas\\GRISOFT\\AVG7\\avgemc.exe"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Documents and Settings\\Administrador\\Meus documentos\\Striker Server\\LiiveOT™.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"C:\\Arquivos de programas\\LevelUpGames\\Grand Chase\\Main.exe"=

"C:\\Arquivos de programas\\DNA\\btdna.exe"=

"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\PacSteamT\\SteamApps\\rafael0x\\counter-strike\\hl.exe"=

 

S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\Administrador\Desktop\Moonlite\Moon_light\IlvMoney1129.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99b0f03d-efc7-11dc-9599-0018f34ef6f2}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-21 21:05:27

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Arquivos de programas\Eset\pr_imon.dll

.

Tempo para conclusão: 2008-03-21 21:05:58

ComboFix-quarantined-files.txt 2008-03-22 00:05:50

ComboFix2.txt 2008-03-21 19:44:31

.

2008-02-06 14:00:57 --- E O F ---

 

 

Jgarcia, você poderia me indicar um Anti virus bom?, um firewall bom? (melhor do que ja vem com o windowns.

Obrigado deis de já...

 

e gostaria de saber em qual parte deste fórum fala sobre dicas de aumentar velocidade pc, internet, etc!

Obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa rafael0xp,

 

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão 01bt_scan_pt.gif;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

 

PS.: O NOD é um anti-vírus muito bom. Quanto ao Firewall, sugiro o Comodo Firewall Pro.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.