[Resolvido] Análise de Log

[Édipo Lino Ferreira 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:06:08, on 3/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\VMSnap3.EXE

C:\WINDOWS\Domino.EXE

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [VTPreset] VTPreset.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXE /P26 "EPSON Stylus CX3700 Series" /M "Stylus CX3700" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.portalepc.com.br/

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1190603539734

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{66FD89EB-5671-4F3C-853A-C0ABFA0C8984}: NameServer = 200.204.0.10 200.204.0.138

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

 

--

End of file - 6965 bytes

 

 

Muito obrigado.

[Silas Martins 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

[Édipo Lino Ferreira 0]

Não estou conseguindo fazer o download. Há algum outro link?

 

Obrigado.

[Édipo Lino Ferreira 0]

Agora consegui fazer o download. Vou postar o tópico assim que rodar o ComboFix.

 

Obrigado.

[Édipo Lino Ferreira 0]

:thumbsup:

 

Obrigado pela ajuda.

 

Análise do HijackThis:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:49:16, on 5/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\VMSnap3.EXE

C:\WINDOWS\Domino.EXE

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [VTPreset] VTPreset.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXE /P26 "EPSON Stylus CX3700 Series" /M "Stylus CX3700" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.portalepc.com.br/

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1190603539734

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{66FD89EB-5671-4F3C-853A-C0ABFA0C8984}: NameServer = 200.204.0.10 200.204.0.138

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

 

--

End of file - 6620 bytes

 

 

 

Análise do ComboFix:

 

 

ComboFix 08-06-05.3 - Édipo 2008-06-05 23:37:25.1 - NTFSx86

Executando de: C:\Documents and Settings\Édipo\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\_000020_.tmp.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-05-06 to 2008-06-06 ))))))))))))))))))))))))))))))))

.

 

2008-06-03 23:05 . 2008-06-03 23:05 <DIR> d-------- C:\HijackThis

2008-06-03 23:05 . 2008-06-03 23:05 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-05-26 22:13 . 2008-06-05 23:34 <DIR> dr-h----- C:\Documents and Settings\Édipo\Recent

2008-05-26 22:13 . 2008-06-05 23:34 <DIR> dr-h----- C:\Documents and Settings\Édipo\Recent

2008-05-25 17:50 . 2008-05-26 22:04 <DIR> d-------- C:\Documents and Settings\Édipo\Dados de aplicativos\MegauploadToolbar

2008-05-25 17:50 . 2008-05-25 17:50 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

2008-05-23 19:14 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-05-23 19:14 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-05-10 21:06 . 2008-05-10 21:06 <DIR> d-------- C:\Arquivos de programas\7-Zip

2008-05-07 22:03 . 2008-05-07 22:03 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-04 01:48 --------- d-----w C:\Documents and Settings\Édipo\Dados de aplicativos\AdobeUM

2008-06-04 01:20 --------- d-----w C:\Arquivos de programas\eMule

2008-06-03 22:20 --------- d--h--w C:\Arquivos de programas\Scpad

2008-05-20 02:39 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-05-08 01:03 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-05-01 18:44 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-05-01 18:44 --------- d-----w C:\Arquivos de programas\CyberLink

2008-05-01 18:27 --------- d-----w C:\Arquivos de programas\Discador iSBT

2008-05-01 18:23 --------- d-----w C:\Documents and Settings\Édipo\Dados de aplicativos\SlipStream

2008-04-29 00:52 --------- d-----w C:\Arquivos de programas\Assistente Tecnico Speedy

2008-04-29 00:51 --------- d-----w C:\Arquivos de programas\Common Files

2008-04-29 00:50 --------- d-----w C:\Arquivos de programas\Motive

2008-04-29 00:35 --------- d-----w C:\Arquivos de programas\Telefonica

2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:49 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus CX3700 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.exe" [2005-02-07 08:00 98304]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTPreset"="VTPreset.exe" [2004-02-24 18:17 45056 C:\WINDOWS\system32\VTPreset.exe]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52 36975]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"Ink Monitor"="C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2004-05-05 11:54 262210]

"EPSON Stylus CX3700 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.exe" [2005-02-07 08:00 98304]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-10-10 21:41 286720]

"VMSnap3"="C:\WINDOWS\VMSnap3.EXE" [2006-08-30 09:58 49152]

"Domino"="C:\WINDOWS\Domino.EXE" [2006-06-28 16:54 49152]

"Motive SmartBridge"="C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 15:46 397312]

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-05-07 22:03 180269]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

Assistente Tecnico Speedy.lnk - C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2008-04-28 21:50:16 217088]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2008-06-02 20:36 201984]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2008-06-02 20:36 201984]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"C:\\Arquivos de programas\\7-Zip\\7zFM.exe"=

 

R3 Cap7134;AVerMedia, AVerTV WDM Video Capture (Silicon);C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2005-02-16 14:19]

R3 PhTVTune;Cap7134 TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2005-02-16 14:03]

R3 VIASens;Vinyl Sensaura WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\viasens.sys [2003-11-07 07:07]

S3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 09:57]

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-06-05 21:58:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-05 23:42:18

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-06-05 23:45:20

ComboFix-quarantined-files.txt 2008-06-06 02:45:17

 

Pre-Run: 30,660,382,720 bytes disponíveis

Post-Run: 31,418,232,832 bytes disponíveis

 

105 --- E O F --- 2008-06-05 22:03:41

[Silas Martins 0]

Log Limpo

O problema persiste?

[Édipo Lino Ferreira 0]

Tudo ok. Quis somente confirmar.

 

Obrigado novamente.

[Silas Martins 0]

Caso Resolvido

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.