Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

~TiuTalk~

[Resolvido!]  1° vírus/malware em 11 anos de pc!

Recommended Posts

Sim... trabalho em pc a 11 anos e nunca tinha pego nada, sempre tomei os devidos cuidados com proteção... mas dessa vez dei uma vacilada e cliquei num link que era tipo... se meu msn é thiago.belem@homail.com o link era thiagobelem.<site>, caiu numa espécie de site de relacionamentos.. resultado.. meu msn agora envia msgs pras pessoas com o <msndelas>.<site> e eu não vejo que estou enviando... (_(

 

Passei a últma versão do NOD32 atualizada e não achei nada... rodei o spybot e nada também...

 

O que faço? ^^

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:39:50, on 14/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

C:\Arquivos de programas\Calibrize\CalibrizeResume.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\xampp\apache\bin\apache.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\xampp\apache\bin\apache.exe

C:\xampp\mysql\bin\mysqld-nt.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Thunderbird\thunderbird.exe

C:\Arquivos de programas\DreaMule\emule.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

O4 - HKCU\..\Run: [CGFLoader] C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe

O4 - HKCU\..\Run: [CalibrizeResume] C:\Arquivos de programas\Calibrize\CalibrizeResume.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Arquivos de programas\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html

O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Arquivos de programas\Zend\bin\ZendIEToolbar.dll/DebugNext.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL

O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://correiojb.editorajb.com.br/iNotes.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe

O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Arquivos de programas\No-IP\DUC20.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 9517 bytes

 

StartupList report, 14/8/2008, 20:43:06

StartupList version: 1.52.2

Started from : C:\hijackthis\HijackThis.EXE

Detected: Windows XP SP3 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16705)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

C:\Arquivos de programas\Calibrize\CalibrizeResume.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\xampp\apache\bin\apache.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\xampp\apache\bin\apache.exe

C:\xampp\mysql\bin\mysqld-nt.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Thunderbird\thunderbird.exe

C:\Arquivos de programas\DreaMule\emule.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\hijackthis\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Thi&Cissa\Menu Iniciar\Programas\Inicializar]

No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

SoundMAXPnP = C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

nwiz = nwiz.exe /install

NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

egui = "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

LogMeIn GUI = "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

SpybotSD TeaTimer = C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

Rainlendar2 = C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

CGFLoader = C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe

CalibrizeResume = C:\Arquivos de programas\Calibrize\CalibrizeResume.exe

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

[Disabled (Auslogics Startup Manager)]

NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe

TkBellExe = "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

 

[OptionalComponents]

=

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

[AdobeUpdater]

=

 

[Disabled (Auslogics Startup Manager)]

msnmsgr = "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

Auslogics BoostSpeed 4 = C:\Arquivos de programas\Auslogics\AusLogics BoostSpeed\boostspeed.exe

DAEMON Tools Lite = "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}

(no name) - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

BitComet ClickCapture - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}

(no name) - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

(no name) - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

G-Buster Browser Defense CEF - C:\Arquivos de programas\GbPlugin\gbiehcef.dll - {C41A1C0E-EA6C-11D4-B1B8-444553540003}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

pen.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[iNotes Class]

InProcServer32 = C:\WINDOWS\DOWNLO~1\inotes.dll

CODEBASE = https://correiojb.editorajb.com.br/iNotes.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx

CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

 

[GbpDistObj Class]

InProcServer32 = C:\Arquivos de programas\GbPlugin\gbpdist.dll

CODEBASE = https://imagem.caixa.gov.br/cab/gbpdist.cab

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #4: C:\Arquivos de programas\Bonjour\mdnsNSP.dll

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

WebCheck: C:\WINDOWS\system32\webcheck.dll

WPDShServiceObj: C:\WINDOWS\system32\wpdshserviceobj.dll

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

SysTray: C:\WINDOWS\system32\stobject.dll

 

--------------------------------------------------

End of report, 7.456 bytes

Report generated in 0,015 seconds

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa ~TiuTalk~,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um log do Hijackthis.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tentei rodar o combofix 2 vezes e nas duas o log ficou assim:

ComboFix 08-08-14.02 - Thi&Cissa 2008-08-14 23:16:18.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1522 [GMT -3:00]

Executando de: C:\Documents and Settings\Thi&Cissa\Desktop\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

Error: Cfiles.dat

 

 

Segue o log do hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:19, on 2008-08-14

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

C:\Arquivos de programas\Calibrize\CalibrizeResume.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\xampp\apache\bin\apache.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\xampp\apache\bin\apache.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\xampp\mysql\bin\mysqld-nt.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

O4 - HKCU\..\Run: [CGFLoader] C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe

O4 - HKCU\..\Run: [CalibrizeResume] C:\Arquivos de programas\Calibrize\CalibrizeResume.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-515967899-1993962763-1417001333-1004\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LogMeInRemoteUser')

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Arquivos de programas\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html

O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Arquivos de programas\Zend\bin\ZendIEToolbar.dll/DebugNext.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL

O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://correiojb.editorajb.com.br/iNotes.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe

O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Arquivos de programas\No-IP\DUC20.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 9645 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa ~TiuTalk~,

 

Execute o ComboFix em Modo Seguro e retorne com o log gerado.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Já consegui resolver o problema... (Rodei aquele removedor de software mal-intencionado da MS, recomendado pra tirar esses probleminhas de MSN.. ele achou 1 infecção e removeu ela...)

 

Ainda acha bom rodar o combofix?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aí esta:

 

ComboFix 08-08-15.04 - Thi&Cissa 2008-08-16 17:48:42.1 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1758 [GMT -3:00]

Executando de: C:\Documents and Settings\Thi&Cissa\Desktop\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

Error: Cfiles.dat

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Thi&Cissa\Cookies\thi&cissa@real[2].txt

C:\Documents and Settings\Thi&Cissa\Cookies\thi&cissa@serving-sys[1].txt

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))))

.

 

2008-08-15 06:47 . 2008-08-16 16:12 <DIR> d-------- C:\Arquivos de programas\CABAL Online

2008-08-14 23:41 . 2008-08-15 01:58 <DIR> d----c--- C:\7357df7933718ad7fa0fffc3

2008-08-14 23:28 . 2008-08-14 23:29 <DIR> d----c--- C:\LinhaDefensiva

2008-08-14 18:52 . 2008-08-14 23:19 <DIR> d----c--- C:\hijackthis

2008-08-14 03:02 . 2008-04-14 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-08-13 06:25 . 2008-08-13 06:25 <DIR> d-------- C:\Arquivos de programas\Calibrize

2008-08-11 06:49 . 2008-08-16 12:23 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\.rainlendar2

2008-08-11 06:49 . 2008-08-11 06:49 <DIR> d-------- C:\Arquivos de programas\Rainlendar2

2008-08-11 06:25 . 2008-08-11 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-11 06:25 . 2008-08-11 06:25 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-09 02:16 . 2008-08-16 13:32 <DIR> d-------- C:\Arquivos de programas\DreaMule

2008-08-05 22:20 . 2008-08-05 22:33 <DIR> d-------- C:\Arquivos de programas\SecondLife

2008-08-05 03:57 . 2008-08-05 03:57 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\SmartFTP

2008-08-05 01:55 . 2008-08-05 01:55 286,720 --------- C:\WINDOWS\Setup1.exe

2008-08-05 01:55 . 2008-08-05 01:55 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-08-05 01:53 . 2008-08-05 01:53 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Borland Shared

2008-08-05 01:53 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL

2008-08-05 01:53 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL

2008-08-05 01:53 . 2008-08-05 01:55 13,030 --a--c--- C:\PDOXUSRS.NET

2008-08-05 01:52 . 2008-08-05 01:55 <DIR> d-------- C:\Arquivos de programas\Contas Pessoais 2

2008-08-03 21:59 . 2008-08-03 21:59 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Yahoo!

2008-08-03 04:24 . 2008-08-03 04:24 7,707 --a------ C:\scr

2008-08-03 00:37 . 2008-08-03 00:38 <DIR> d-------- C:\Arquivos de programas\MUSHclient

2008-08-02 18:07 . 2008-08-02 18:07 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-08-02 16:13 . 2008-08-02 16:13 <DIR> d-------- C:\Arquivos de programas\XP Codec Pack

2008-08-02 16:13 . 2008-07-09 05:05 421,888 --a------ C:\WINDOWS\system32\ac3filter.acm

2008-08-02 15:50 . 2008-08-02 15:50 25 --a------ C:\WINDOWS\cdplayer.ini

2008-08-01 06:46 . 2008-08-05 04:13 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-08-01 06:46 . 2008-08-01 06:46 <DIR> d-------- C:\Arquivos de programas\FLV Player

2008-08-01 03:56 . 2008-08-01 03:56 <DIR> d-------- C:\Arquivos de programas\Nova pasta

2008-07-31 17:24 . 2008-08-13 09:07 <DIR> d-------- C:\Arquivos de programas\DBConvert

2008-07-31 13:41 . 2008-07-31 15:01 <DIR> d-------- C:\Arquivos de programas\GbPlugin

2008-07-31 01:44 . 2008-07-31 01:44 1,744 --a------ C:\WINDOWS\sql.mif

2008-07-31 01:43 . 2000-08-06 01:51 192,569 --a------ C:\WINDOWS\system32\msrpjt40.dll

2008-07-31 01:42 . 2000-07-07 12:20 81,920 --a------ C:\WINDOWS\system32\mdt2fw95.dll

2008-07-31 01:42 . 2000-08-06 01:50 36,939 --a------ C:\WINDOWS\system32\insrepim.exe

2008-07-31 01:41 . 2000-08-06 01:51 274,489 --a------ C:\WINDOWS\system32\ntwdblib.dll

2008-07-31 01:41 . 2000-08-06 01:51 32,830 --a------ C:\WINDOWS\system32\dbmsshrn.dll

2008-07-31 01:41 . 2000-08-06 01:51 28,734 --a------ C:\WINDOWS\system32\dbmslpcn.dll

2008-07-31 01:40 . 2008-07-31 01:41 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server

2008-07-31 01:33 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-07-31 01:33 . 2008-07-31 01:44 1,278 --a------ C:\WINDOWS\setup.iss

2008-07-29 17:18 . 2008-08-01 06:52 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\MySQL

2008-07-29 17:02 . 2008-02-12 01:05 40,960 --a------ C:\WINDOWS\system32\php_mssql.dll

2008-07-29 16:59 . 2008-07-29 16:59 <DIR> d-------- C:\Arquivos de programas\MySQL

2008-07-29 16:35 . 2008-07-29 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-07-29 16:02 . 2008-07-29 16:02 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2008-07-29 15:05 . 2008-07-29 15:05 1,005 --a--c--- C:\BIOSLOCK.INI

2008-07-29 14:48 . 2008-07-16 03:54 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-07-29 14:48 . 2008-07-16 00:36 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-07-29 14:48 . 2008-07-16 00:36 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-07-29 14:48 . 2008-08-16 17:50 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-07-29 14:48 . 2008-08-11 08:17 <DIR> d-------- C:\Documents and Settings\Administrador

2008-07-29 10:24 . 2008-07-29 10:24 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-07-29 10:23 . 2008-07-29 10:23 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Blumentals

2008-07-28 08:40 . 2008-07-28 08:40 1,003,520 --a------ C:\WINDOWS\system32\VSFilter.dll

2008-07-27 05:35 . 2008-07-27 05:35 <DIR> d-------- C:\Arquivos de programas\PowerISO

2008-07-27 01:00 . 2008-08-06 18:34 24 --a--c--- C:\url_history.xml

2008-07-26 04:06 . 2008-07-26 04:06 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-07-26 01:15 . 2008-07-26 01:15 <DIR> d-------- C:\Arquivos de programas\Free SMTP Server

2008-07-25 23:47 . 2008-07-25 23:47 <DIR> d-------- C:\Arquivos de programas\No-IP

2008-07-23 22:53 . 2008-07-23 22:55 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\SecondLife

2008-07-23 17:45 . 2008-07-23 17:45 12,557 --a------ C:\WINDOWS\FontData.fdb

2008-07-23 17:07 . 2008-07-23 17:07 <DIR> d-------- C:\Arquivos de programas\Bonjour

2008-07-22 16:45 . 2008-07-22 16:45 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Corel

2008-07-22 16:45 . 2008-07-26 03:32 2,828 --ahs---- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-07-22 16:45 . 2008-07-22 16:45 8 -r-hs---- C:\Documents and Settings\All Users\Dados de aplicativos\A1D843D817.sys

2008-07-22 16:44 . 2008-07-22 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Corel

2008-07-22 16:44 . 2008-07-22 16:44 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Protexis

2008-07-22 16:42 . 2008-07-22 16:42 <DIR> d-------- C:\Arquivos de programas\Corel

2008-07-22 16:42 . 2008-07-22 16:42 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2008-07-22 16:21 . 2008-07-22 16:23 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-07-22 16:21 . 2001-07-06 14:41 569,344 --------- C:\WINDOWS\system32\imagr5.dll

2008-07-22 16:21 . 2001-07-06 12:44 544,768 --------- C:\WINDOWS\system32\imagx5.dll

2008-07-22 16:21 . 2001-07-06 18:24 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll

2008-07-22 16:21 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-07-22 16:21 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-07-22 16:21 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll

2008-07-22 16:20 . 2008-07-22 16:21 <DIR> d-------- C:\Arquivos de programas\Ahead

2008-07-22 03:35 . 2008-07-22 03:39 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2008-07-22 03:19 . 2008-07-22 03:19 421 --a------ C:\WINDOWS\ODBC.INI

2008-07-22 03:18 . 2008-07-22 03:18 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-07-22 03:18 . 2008-07-29 10:06 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-07-22 03:18 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll

2008-07-22 03:14 . 2008-07-22 03:14 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Toolbar

2008-07-22 03:13 . 2008-07-22 03:14 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-07-22 03:12 . 2008-07-22 03:12 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\DAEMON Tools

2008-07-22 03:12 . 2008-07-22 03:12 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-07-22 02:03 . 2008-07-22 02:03 <DIR> d-------- C:\Arquivos de programas\GameVicio

2008-07-21 21:14 . 2008-07-26 02:24 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-07-21 21:13 . 2008-07-21 21:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-07-21 21:13 . 2008-07-26 02:24 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-07-21 21:13 . 2008-07-21 21:13 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-07-21 21:02 . 2008-07-21 21:12 <DIR> d-------- C:\Arquivos de programas\Need for Speed ProStreet

2008-07-21 20:55 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2008-07-21 20:55 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-07-21 20:55 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2008-07-21 20:55 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-07-21 20:55 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2008-07-21 20:54 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll

2008-07-21 20:54 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll

2008-07-21 20:54 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll

2008-07-21 20:54 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll

2008-07-21 20:54 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2008-07-21 20:54 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2008-07-21 20:48 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-07-21 01:43 . 2008-07-21 01:43 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DirectX

2008-07-20 17:44 . 2008-07-20 17:44 <DIR> d----c--- C:\videooutput

2008-07-20 17:44 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll

2008-07-20 17:44 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll

2008-07-20 13:52 . 2008-07-21 01:25 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Graphisoft

2008-07-20 13:52 . 2008-07-20 13:52 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Graphisoft

2008-07-20 13:48 . 2008-07-20 13:48 <DIR> d-------- C:\Arquivos de programas\WIBU-SYSTEMS

2008-07-20 13:48 . 2007-05-09 06:00 516,096 --a------ C:\WINDOWS\system32\WibuXpm4J32.dll

2008-07-20 13:47 . 2008-07-22 03:30 0 --a------ C:\WINDOWS\vpd.properties

2008-07-20 13:46 . 2008-07-20 13:46 <DIR> d-------- C:\Arquivos de programas\Graphisoft

2008-07-19 12:18 . 2006-04-13 11:42 7,484,104 --a------ C:\WINDOWS\system32\osetup.dll

2008-07-19 01:35 . 2008-07-19 01:40 <DIR> d-------- C:\Arquivos de programas\Golden FTP Server Pro

2008-07-19 01:35 . 2008-07-19 01:35 20 --a------ C:\WINDOWS\system32\system.gfs

2008-07-19 01:31 . 2008-07-19 01:31 <DIR> d-------- C:\Arquivos de programas\GlobalSCAPE

2008-07-19 01:30 . 2008-07-19 01:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GlobalSCAPE

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-16 07:00 --------- d---a-w C:\Arquivos de programas\Windows Sidebar

2008-07-16 06:55 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-07-16 06:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-07-16 06:54 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-05 10:14 456,192 ----a-w C:\WINDOWS\system32\libmplayer.dll

2008-07-05 10:14 3,591,168 ----a-w C:\WINDOWS\system32\libavcodec.dll

2008-07-05 10:13 708,096 ----a-w C:\WINDOWS\system32\ff_x264.dll

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-22 16:34 177,664 ----a-w C:\WINDOWS\system32\ff_theora.dll

2008-06-20 17:48 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-13 10:39 23,552 ----a-w C:\WINDOWS\system32\ff_wmv9.dll

2008-06-12 17:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-06-11 23:24 3,127 ----a-w C:\WINDOWS\system32\presetup.cmd

2008-06-11 23:24 28,672 ----a-w C:\WINDOWS\system32\setupold.exe

2008-06-11 23:11 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll

2008-06-11 23:11 1,571,840 ----a-w C:\WINDOWS\system32\sfcfiles.dll

2008-06-11 23:11 1,003,008 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-06-11 23:09 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll

2008-06-11 21:55 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-05-28 15:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll

2008-05-28 15:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:00 15360]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

"Rainlendar2"="C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe" [2007-12-30 07:23 1365504]

"CGFLoader"="C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe" [2007-11-26 16:39 1961984]

"CalibrizeResume"="C:\Arquivos de programas\Calibrize\CalibrizeResume.exe" [2007-11-26 16:40 413696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 14:07 8491008]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 14:07 81920]

"egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]

"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]

"nwiz"="nwiz.exe" [2007-09-16 14:07 1626112 C:\WINDOWS\system32\nwiz.exe]

 

C:\Documents and Settings\Thi&Cissa\Menu Iniciar\Programas\Inicializar\

No-IP DUC.lnk - C:\Arquivos de programas\No-IP\DUC20.exe [2008-07-25 23:47:48 1172992]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"GreyMSIAds"= 0 (0x0)

"NoInstrumentation"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2008-07-23 15:12 366664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2008-07-23 15:12 366664 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^Thi&Cissa^Menu Iniciar^Programas^Inicializar^Sidebar.lnk]

path=C:\Documents and Settings\Thi&Cissa\Menu Iniciar\Programas\Inicializar\Sidebar.lnk

backup=C:\WINDOWS\pss\Sidebar.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]

--a------ 2008-07-07 13:12 675935 C:\Arquivos de programas\SAMSUNG\FW LiveUpdate\FWManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 C:\Arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

--a------ 2006-11-14 02:33 1249280 C:\Arquivos de programas\Windows Sidebar\sidebar_clear.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2004-09-23 12:41 860160 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 04:27 144784 C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-07-16 15:25 185896 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-07-09 18:33 36352 C:\Arquivos de programas\Winamp\winampa.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"19957:TCP"= 19957:TCP:BitCometBeta 19957 TCP

"19957:UDP"= 19957:UDP:BitCometBeta 19957 UDP

 

S2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-06-14 14:02]

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2008-04-14 08:00]

S2 PSI_SVC_2;Protexis Licensing V2;c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]

S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2008-02-28 15:31]

S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys []

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-08-15 C:\WINDOWS\Tasks\pen.job

- C:\Documents and Settings\Thi&Cissa\Desktop\Backup Pen\pen.bat [2008-08-14 06:50]

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Mozilla\Firefox\Profiles\j156pnhj.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank

FF -: plugin - C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Mozilla\Firefox\Profiles\j156pnhj.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-16 17:51:02

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-08-16 17:52:37

ComboFix-quarantined-files.txt 2008-08-16 20:52:30

 

Pre-Run: 14 pasta(s) 282,211,872,768 bytes disponíveis

Post-Run: 16 pasta(s) 283,139,428,352 bytes disponíveis

 

274 --- E O F --- 2008-08-16 10:15:37

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa ~TiuTalk~,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

C:\Documents and Settings\All Users\Dados de aplicativos\A1D843D817.sys

C:\WINDOWS\system32\WibuXpm4J32.dll

Folder::

C:\7357df7933718ad7fa0fffc3

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"GreyMSIAds"= 1 (0x1)

"NoInstrumentation"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x1)

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

  • 2. Salve o arquivo como CFScript.txt;
     
    3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
    645i642.gif
     
    4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites
ComboFix 08-08-18.01 - Thi&Cissa 2008-08-18 21:07:44.2 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1740 [GMT -3:00]

Executando de: C:\Documents and Settings\Thi&Cissa\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Thi&Cissa\Desktop\CFScript.txt

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

C:\Documents and Settings\All Users\Dados de aplicativos\A1D843D817.sys

C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

C:\WINDOWS\system32\WibuXpm4J32.dll

.

Error: Cfiles.dat

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\7357df7933718ad7fa0fffc3

C:\7357df7933718ad7fa0fffc3\mrt.exe

C:\7357df7933718ad7fa0fffc3\mrtstub.exe

C:\Documents and Settings\All Users\Dados de aplicativos\A1D843D817.sys

C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

C:\WINDOWS\system32\WibuXpm4J32.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-19 to 2008-08-19 ))))))))))))))))))))))))))))))))

.

 

2008-08-15 06:47 . 2008-08-16 18:12 <DIR> d-------- C:\Arquivos de programas\CABAL Online

2008-08-14 23:28 . 2008-08-14 23:29 <DIR> d----c--- C:\LinhaDefensiva

2008-08-14 18:52 . 2008-08-14 23:19 <DIR> d----c--- C:\hijackthis

2008-08-14 03:02 . 2008-04-14 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-08-13 06:25 . 2008-08-13 06:25 <DIR> d-------- C:\Arquivos de programas\Calibrize

2008-08-11 06:49 . 2008-08-16 17:56 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\.rainlendar2

2008-08-11 06:49 . 2008-08-11 06:49 <DIR> d-------- C:\Arquivos de programas\Rainlendar2

2008-08-11 06:25 . 2008-08-11 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-11 06:25 . 2008-08-11 06:25 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-09 02:16 . 2008-08-17 13:53 <DIR> d-------- C:\Arquivos de programas\DreaMule

2008-08-05 22:20 . 2008-08-05 22:33 <DIR> d-------- C:\Arquivos de programas\SecondLife

2008-08-05 03:57 . 2008-08-05 03:57 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\SmartFTP

2008-08-05 01:55 . 2008-08-05 01:55 286,720 --------- C:\WINDOWS\Setup1.exe

2008-08-05 01:55 . 2008-08-05 01:55 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-08-05 01:53 . 2008-08-05 01:53 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Borland Shared

2008-08-05 01:53 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL

2008-08-05 01:53 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL

2008-08-05 01:53 . 2008-08-05 01:55 13,030 --a--c--- C:\PDOXUSRS.NET

2008-08-05 01:52 . 2008-08-05 01:55 <DIR> d-------- C:\Arquivos de programas\Contas Pessoais 2

2008-08-03 21:59 . 2008-08-03 21:59 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Yahoo!

2008-08-03 04:24 . 2008-08-03 04:24 7,707 --a------ C:\scr

2008-08-03 00:37 . 2008-08-03 00:38 <DIR> d-------- C:\Arquivos de programas\MUSHclient

2008-08-02 18:07 . 2008-08-02 18:07 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-08-02 16:13 . 2008-08-02 16:13 <DIR> d-------- C:\Arquivos de programas\XP Codec Pack

2008-08-02 16:13 . 2008-07-09 05:05 421,888 --a------ C:\WINDOWS\system32\ac3filter.acm

2008-08-02 15:50 . 2008-08-02 15:50 25 --a------ C:\WINDOWS\cdplayer.ini

2008-08-01 06:46 . 2008-08-05 04:13 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-08-01 06:46 . 2008-08-01 06:46 <DIR> d-------- C:\Arquivos de programas\FLV Player

2008-08-01 03:56 . 2008-08-01 03:56 <DIR> d-------- C:\Arquivos de programas\Nova pasta

2008-07-31 17:24 . 2008-08-13 09:07 <DIR> d-------- C:\Arquivos de programas\DBConvert

2008-07-31 13:41 . 2008-07-31 15:01 <DIR> d-------- C:\Arquivos de programas\GbPlugin

2008-07-31 01:44 . 2008-07-31 01:44 1,744 --a------ C:\WINDOWS\sql.mif

2008-07-31 01:43 . 2000-08-06 01:51 192,569 --a------ C:\WINDOWS\system32\msrpjt40.dll

2008-07-31 01:42 . 2000-07-07 12:20 81,920 --a------ C:\WINDOWS\system32\mdt2fw95.dll

2008-07-31 01:42 . 2000-08-06 01:50 36,939 --a------ C:\WINDOWS\system32\insrepim.exe

2008-07-31 01:41 . 2000-08-06 01:51 274,489 --a------ C:\WINDOWS\system32\ntwdblib.dll

2008-07-31 01:41 . 2000-08-06 01:51 32,830 --a------ C:\WINDOWS\system32\dbmsshrn.dll

2008-07-31 01:41 . 2000-08-06 01:51 28,734 --a------ C:\WINDOWS\system32\dbmslpcn.dll

2008-07-31 01:40 . 2008-07-31 01:41 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server

2008-07-31 01:33 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-07-31 01:33 . 2008-07-31 01:44 1,278 --a------ C:\WINDOWS\setup.iss

2008-07-29 17:18 . 2008-08-01 06:52 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\MySQL

2008-07-29 17:02 . 2008-02-12 01:05 40,960 --a------ C:\WINDOWS\system32\php_mssql.dll

2008-07-29 16:59 . 2008-07-29 16:59 <DIR> d-------- C:\Arquivos de programas\MySQL

2008-07-29 16:35 . 2008-07-29 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-07-29 16:02 . 2008-07-29 16:02 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2008-07-29 15:05 . 2008-07-29 15:05 1,005 --a--c--- C:\BIOSLOCK.INI

2008-07-29 14:48 . 2008-07-16 03:54 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-07-29 14:48 . 2008-07-16 00:36 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-07-29 14:48 . 2008-07-16 00:36 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-07-29 14:48 . 2008-08-18 21:09 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-07-29 14:48 . 2008-08-11 08:17 <DIR> d-------- C:\Documents and Settings\Administrador

2008-07-29 10:24 . 2008-07-29 10:24 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-07-29 10:23 . 2008-07-29 10:23 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Blumentals

2008-07-28 08:40 . 2008-07-28 08:40 1,003,520 --a------ C:\WINDOWS\system32\VSFilter.dll

2008-07-27 05:35 . 2008-07-27 05:35 <DIR> d-------- C:\Arquivos de programas\PowerISO

2008-07-27 01:00 . 2008-08-06 18:34 24 --a--c--- C:\url_history.xml

2008-07-26 04:06 . 2008-07-26 04:06 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-07-26 01:15 . 2008-07-26 01:15 <DIR> d-------- C:\Arquivos de programas\Free SMTP Server

2008-07-25 23:47 . 2008-07-25 23:47 <DIR> d-------- C:\Arquivos de programas\No-IP

2008-07-23 22:53 . 2008-07-23 22:55 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\SecondLife

2008-07-23 17:45 . 2008-07-23 17:45 12,557 --a------ C:\WINDOWS\FontData.fdb

2008-07-23 17:07 . 2008-07-23 17:07 <DIR> d-------- C:\Arquivos de programas\Bonjour

2008-07-22 16:45 . 2008-07-22 16:45 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Corel

2008-07-22 16:44 . 2008-07-22 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Corel

2008-07-22 16:44 . 2008-07-22 16:44 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Protexis

2008-07-22 16:42 . 2008-07-22 16:42 <DIR> d-------- C:\Arquivos de programas\Corel

2008-07-22 16:42 . 2008-07-22 16:42 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2008-07-22 16:21 . 2008-07-22 16:23 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-07-22 16:21 . 2001-07-06 14:41 569,344 --------- C:\WINDOWS\system32\imagr5.dll

2008-07-22 16:21 . 2001-07-06 12:44 544,768 --------- C:\WINDOWS\system32\imagx5.dll

2008-07-22 16:21 . 2001-07-06 18:24 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll

2008-07-22 16:21 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-07-22 16:21 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-07-22 16:21 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll

2008-07-22 16:20 . 2008-07-22 16:21 <DIR> d-------- C:\Arquivos de programas\Ahead

2008-07-22 03:35 . 2008-07-22 03:39 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2008-07-22 03:19 . 2008-07-22 03:19 421 --a------ C:\WINDOWS\ODBC.INI

2008-07-22 03:18 . 2008-07-22 03:18 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-07-22 03:18 . 2008-07-29 10:06 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-07-22 03:18 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll

2008-07-22 03:14 . 2008-07-22 03:14 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Toolbar

2008-07-22 03:13 . 2008-07-22 03:14 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-07-22 03:12 . 2008-07-22 03:12 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\DAEMON Tools

2008-07-22 03:12 . 2008-07-22 03:12 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-07-22 02:03 . 2008-07-22 02:03 <DIR> d-------- C:\Arquivos de programas\GameVicio

2008-07-21 21:14 . 2008-07-26 02:24 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-07-21 21:13 . 2008-07-21 21:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-07-21 21:13 . 2008-07-26 02:24 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-07-21 21:13 . 2008-07-21 21:13 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-07-21 21:02 . 2008-07-21 21:12 <DIR> d-------- C:\Arquivos de programas\Need for Speed ProStreet

2008-07-21 20:55 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2008-07-21 20:55 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-07-21 20:55 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2008-07-21 20:55 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-07-21 20:55 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2008-07-21 20:54 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll

2008-07-21 20:54 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll

2008-07-21 20:54 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll

2008-07-21 20:54 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll

2008-07-21 20:54 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2008-07-21 20:54 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2008-07-21 20:48 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-07-21 01:43 . 2008-07-21 01:43 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DirectX

2008-07-20 17:44 . 2008-07-20 17:44 <DIR> d----c--- C:\videooutput

2008-07-20 17:44 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll

2008-07-20 17:44 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll

2008-07-20 13:52 . 2008-07-21 01:25 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Graphisoft

2008-07-20 13:52 . 2008-07-20 13:52 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Graphisoft

2008-07-20 13:48 . 2008-07-20 13:48 <DIR> d-------- C:\Arquivos de programas\WIBU-SYSTEMS

2008-07-20 13:47 . 2008-07-22 03:30 0 --a------ C:\WINDOWS\vpd.properties

2008-07-20 13:46 . 2008-07-20 13:46 <DIR> d-------- C:\Arquivos de programas\Graphisoft

2008-07-19 12:18 . 2006-04-13 11:42 7,484,104 --a------ C:\WINDOWS\system32\osetup.dll

2008-07-19 01:35 . 2008-07-19 01:40 <DIR> d-------- C:\Arquivos de programas\Golden FTP Server Pro

2008-07-19 01:35 . 2008-07-19 01:35 20 --a------ C:\WINDOWS\system32\system.gfs

2008-07-19 01:31 . 2008-07-19 01:31 <DIR> d-------- C:\Arquivos de programas\GlobalSCAPE

2008-07-19 01:30 . 2008-07-19 01:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GlobalSCAPE

2008-07-19 01:29 . 2008-07-19 01:29 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\GlobalSCAPE

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-18 23:38 --------- d-----w C:\Arquivos de programas\Mozilla Thunderbird

2008-08-18 03:55 --------- d-----w C:\Arquivos de programas\LogMeIn

2008-08-15 19:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-08-01 09:34 --------- d-----w C:\Arquivos de programas\Auslogics

2008-07-31 16:42 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-07-26 07:06 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-07-22 19:15 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Nero

2008-07-22 06:32 --------- d-----w C:\Arquivos de programas\Revo Uninstaller

2008-07-19 19:46 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-19 05:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-07-19 04:31 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-18 17:27 --------- d-----w C:\Arquivos de programas\Paint.NET

2008-07-18 10:05 --------- d-----w C:\Arquivos de programas\Reference Assemblies

2008-07-18 10:05 --------- d-----w C:\Arquivos de programas\MSBuild

2008-07-18 08:19 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-07-18 07:59 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Auslogics

2008-07-18 05:22 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2008-07-18 05:09 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-07-18 04:48 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Apple Computer

2008-07-18 04:01 --------- d-----w C:\Arquivos de programas\BitComet

2008-07-17 23:47 --------- d-----w C:\Arquivos de programas\Winamp

2008-07-17 22:42 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Winamp

2008-07-17 20:33 --------- d-----w C:\Arquivos de programas\Zend

2008-07-17 20:29 --------- d--h--w C:\Arquivos de programas\Zero G Registry

2008-07-16 20:50 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn

2008-07-16 18:28 --------- d-----w C:\Arquivos de programas\QuickTime

2008-07-16 18:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-07-16 18:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-07-16 18:27 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-07-16 18:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2008-07-16 18:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-07-16 18:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared

2008-07-16 18:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-07-16 15:49 --------- d-----w C:\Arquivos de programas\Windows Live

2008-07-16 15:37 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-07-16 15:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-07-16 10:21 --------- d-----w C:\Arquivos de programas\Java

2008-07-16 10:04 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-07-16 09:34 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Thunderbird

2008-07-16 09:27 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Talkback

2008-07-16 09:23 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\ESET

2008-07-16 09:22 --------- d-----w C:\Arquivos de programas\ESET

2008-07-16 09:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-07-16 07:21 --------- d-----w C:\Arquivos de programas\SAMSUNG

2008-07-16 07:09 --------- d-----w C:\Arquivos de programas\On-line Help Console

2008-07-16 07:09 --------- d-----w C:\Arquivos de programas\Analog Devices

2008-07-16 07:00 --------- d---a-w C:\Arquivos de programas\Windows Sidebar

2008-07-16 07:00 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-07-16 06:55 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-07-16 06:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-07-16 06:54 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-05 10:14 456,192 ----a-w C:\WINDOWS\system32\libmplayer.dll

2008-07-05 10:14 3,591,168 ----a-w C:\WINDOWS\system32\libavcodec.dll

2008-07-05 10:13 708,096 ----a-w C:\WINDOWS\system32\ff_x264.dll

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-22 16:34 177,664 ----a-w C:\WINDOWS\system32\ff_theora.dll

2008-06-20 17:48 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-13 10:39 23,552 ----a-w C:\WINDOWS\system32\ff_wmv9.dll

2008-06-12 17:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-06-11 23:24 3,127 ----a-w C:\WINDOWS\system32\presetup.cmd

2008-06-11 23:24 28,672 ----a-w C:\WINDOWS\system32\setupold.exe

2008-06-11 23:11 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll

2008-06-11 23:11 1,571,840 ----a-w C:\WINDOWS\system32\sfcfiles.dll

2008-06-11 23:11 1,003,008 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-06-11 23:09 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll

2008-06-11 21:55 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-05-28 15:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll

2008-05-28 15:33 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll

2008-05-28 15:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll

2008-05-28 15:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll

2008-05-28 15:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:00 15360]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

"Rainlendar2"="C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe" [2007-12-30 07:23 1365504]

"CGFLoader"="C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe" [2007-11-26 16:39 1961984]

"CalibrizeResume"="C:\Arquivos de programas\Calibrize\CalibrizeResume.exe" [2007-11-26 16:40 413696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 14:07 8491008]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 14:07 81920]

"egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]

"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]

"nwiz"="nwiz.exe" [2007-09-16 14:07 1626112 C:\WINDOWS\system32\nwiz.exe]

 

C:\Documents and Settings\Thi&Cissa\Menu Iniciar\Programas\Inicializar\

No-IP DUC.lnk - C:\Arquivos de programas\No-IP\DUC20.exe [2008-07-25 23:47:48 1172992]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"GreyMSIAds"= 0 (0x0)

"NoInstrumentation"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2008-07-23 15:12 366664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2008-07-23 15:12 366664 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^Thi&Cissa^Menu Iniciar^Programas^Inicializar^Sidebar.lnk]

path=C:\Documents and Settings\Thi&Cissa\Menu Iniciar\Programas\Inicializar\Sidebar.lnk

backup=C:\WINDOWS\pss\Sidebar.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]

--a------ 2008-07-07 13:12 675935 C:\Arquivos de programas\SAMSUNG\FW LiveUpdate\FWManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 C:\Arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

--a------ 2006-11-14 02:33 1249280 C:\Arquivos de programas\Windows Sidebar\sidebar_clear.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2004-09-23 12:41 860160 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 04:27 144784 C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-07-16 15:25 185896 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-07-09 18:33 36352 C:\Arquivos de programas\Winamp\winampa.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"19957:TCP"= 19957:TCP:BitCometBeta 19957 TCP

"19957:UDP"= 19957:UDP:BitCometBeta 19957 UDP

 

S2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-06-14 14:02]

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2008-04-14 08:00]

S2 PSI_SVC_2;Protexis Licensing V2;c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]

S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2008-02-28 15:31]

S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys []

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-08-18 C:\WINDOWS\Tasks\pen.job

- C:\Documents and Settings\Thi&Cissa\Desktop\Backup Pen\pen.bat [2008-08-14 06:50]

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-18 21:09:56

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-08-18 21:11:28

ComboFix-quarantined-files.txt 2008-08-19 00:11:18

ComboFix2.txt 2008-08-16 20:52:38

 

Pre-Run: 14 pasta(s) 283,128,967,168 bytes disponíveis

Post-Run: 15 pasta(s) 283,120,795,648 bytes disponíveis

 

320 --- E O F --- 2008-08-16 10:15:37

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:11:51, on 18/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

O4 - HKCU\..\Run: [CGFLoader] C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe

O4 - HKCU\..\Run: [CalibrizeResume] C:\Arquivos de programas\Calibrize\CalibrizeResume.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Arquivos de programas\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html

O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Arquivos de programas\Zend\bin\ZendIEToolbar.dll/DebugNext.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://correiojb.editorajb.com.br/iNotes.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe

O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Arquivos de programas\No-IP\DUC20.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 7575 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa ~TiuTalk~,

 

Submeta o arquivo abaixo ao site da Jotti:

 

C:\Documents and Settings\Thi&Cissa\Desktop\Backup Pen\pen.bat

 

... e retorne com o resultado.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Esse arquivo fui eu que criei pra fazer um backupzinho dos meus arquivos da pen.. =)

Ok. Assim sendo, o seu log está limpo. A sua máquina ainda está apresentado algum problema?

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.