~TiuTalk~ 7 Denunciar post Postado Agosto 14, 2008 Sim... trabalho em pc a 11 anos e nunca tinha pego nada, sempre tomei os devidos cuidados com proteção... mas dessa vez dei uma vacilada e cliquei num link que era tipo... se meu msn é thiago.belem@homail.com o link era thiagobelem.<site>, caiu numa espécie de site de relacionamentos.. resultado.. meu msn agora envia msgs pras pessoas com o <msndelas>.<site> e eu não vejo que estou enviando... (_( Passei a últma versão do NOD32 atualizada e não achei nada... rodei o spybot e nada também... O que faço? ^^ Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:39:50, on 14/8/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe C:\Arquivos de programas\Calibrize\CalibrizeResume.exe C:\Arquivos de programas\No-IP\DUC20.exe C:\xampp\apache\bin\apache.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\xampp\apache\bin\apache.exe C:\xampp\mysql\bin\mysqld-nt.exe C:\Arquivos de programas\No-IP\DUC20.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Thunderbird\thunderbird.exe C:\Arquivos de programas\DreaMule\emule.exe C:\Arquivos de programas\Winamp\winamp.exe C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [CGFLoader] C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe O4 - HKCU\..\Run: [CalibrizeResume] C:\Arquivos de programas\Calibrize\CalibrizeResume.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Arquivos de programas\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Arquivos de programas\Zend\bin\ZendIEToolbar.dll/DebugNext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://correiojb.editorajb.com.br/iNotes.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Arquivos de programas\No-IP\DUC20.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9517 bytes StartupList report, 14/8/2008, 20:43:06StartupList version: 1.52.2 Started from : C:\hijackthis\HijackThis.EXE Detected: Windows XP SP3 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16705) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe C:\Arquivos de programas\Calibrize\CalibrizeResume.exe C:\Arquivos de programas\No-IP\DUC20.exe C:\xampp\apache\bin\apache.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\xampp\apache\bin\apache.exe C:\xampp\mysql\bin\mysqld-nt.exe C:\Arquivos de programas\No-IP\DUC20.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Thunderbird\thunderbird.exe C:\Arquivos de programas\DreaMule\emule.exe C:\Arquivos de programas\Winamp\winamp.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Thi&Cissa\Menu Iniciar\Programas\Inicializar] No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SoundMAXPnP = C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit egui = "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice LogMeIn GUI = "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe SpybotSD TeaTimer = C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe Rainlendar2 = C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe CGFLoader = C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe CalibrizeResume = C:\Arquivos de programas\Calibrize\CalibrizeResume.exe -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [Disabled (Auslogics Startup Manager)] NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe TkBellExe = "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot [OptionalComponents] = -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AdobeUpdater] = [Disabled (Auslogics Startup Manager)] msnmsgr = "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background Auslogics BoostSpeed 4 = C:\Arquivos de programas\Auslogics\AusLogics BoostSpeed\boostspeed.exe DAEMON Tools Lite = "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670} (no name) - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BitComet ClickCapture - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (no name) - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} G-Buster Browser Defense CEF - C:\Arquivos de programas\GbPlugin\gbiehcef.dll - {C41A1C0E-EA6C-11D4-B1B8-444553540003} -------------------------------------------------- Enumerating Task Scheduler jobs: pen.job -------------------------------------------------- Enumerating Download Program Files: [iNotes Class] InProcServer32 = C:\WINDOWS\DOWNLO~1\inotes.dll CODEBASE = https://correiojb.editorajb.com.br/iNotes.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab [GbpDistObj Class] InProcServer32 = C:\Arquivos de programas\GbPlugin\gbpdist.dll CODEBASE = https://imagem.caixa.gov.br/cab/gbpdist.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #4: C:\Arquivos de programas\Bonjour\mdnsNSP.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\WINDOWS\system32\webcheck.dll WPDShServiceObj: C:\WINDOWS\system32\wpdshserviceobj.dll PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- End of report, 7.456 bytes Report generated in 0,015 seconds Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Agosto 15, 2008 Opa ~TiuTalk~, Baixe o ComboFix em: ComboFix 1) Desabilite o seu anti-vírus temporariamente; 2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos; 3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção); 4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt; 5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco); 6) Para parar ou sair do ComboFix, tecle "N"; 7) Reabilite o seu anti-vírus; 8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um log do Hijackthis. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
~TiuTalk~ 7 Denunciar post Postado Agosto 15, 2008 Tentei rodar o combofix 2 vezes e nas duas o log ficou assim: ComboFix 08-08-14.02 - Thi&Cissa 2008-08-14 23:16:18.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1522 [GMT -3:00] Executando de: C:\Documents and Settings\Thi&Cissa\Desktop\ComboFix.exe ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! . Error: Cfiles.dat Segue o log do hijack: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:19, on 2008-08-14 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe C:\Arquivos de programas\Calibrize\CalibrizeResume.exe C:\Arquivos de programas\No-IP\DUC20.exe C:\xampp\apache\bin\apache.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\xampp\apache\bin\apache.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\xampp\mysql\bin\mysqld-nt.exe C:\Arquivos de programas\No-IP\DUC20.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [CGFLoader] C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe O4 - HKCU\..\Run: [CalibrizeResume] C:\Arquivos de programas\Calibrize\CalibrizeResume.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-515967899-1993962763-1417001333-1004\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LogMeInRemoteUser') O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Arquivos de programas\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Arquivos de programas\Zend\bin\ZendIEToolbar.dll/DebugNext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://correiojb.editorajb.com.br/iNotes.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Arquivos de programas\No-IP\DUC20.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9645 bytes Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Agosto 15, 2008 Opa ~TiuTalk~, Execute o ComboFix em Modo Seguro e retorne com o log gerado. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
~TiuTalk~ 7 Denunciar post Postado Agosto 15, 2008 Já consegui resolver o problema... (Rodei aquele removedor de software mal-intencionado da MS, recomendado pra tirar esses probleminhas de MSN.. ele achou 1 infecção e removeu ela...) Ainda acha bom rodar o combofix? Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Agosto 16, 2008 Ainda acha bom rodar o combofix? Sim. Compartilhar este post Link para o post Compartilhar em outros sites
~TiuTalk~ 7 Denunciar post Postado Agosto 16, 2008 Aí esta: ComboFix 08-08-15.04 - Thi&Cissa 2008-08-16 17:48:42.1 - NTFSx86 NETWORKMicrosoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1758 [GMT -3:00] Executando de: C:\Documents and Settings\Thi&Cissa\Desktop\ComboFix.exe ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! . Error: Cfiles.dat ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Thi&Cissa\Cookies\thi&cissa@real[2].txt C:\Documents and Settings\Thi&Cissa\Cookies\thi&cissa@serving-sys[1].txt . ((((((((((((((((((((((( Ficheiros criados de 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))) . 2008-08-15 06:47 . 2008-08-16 16:12 <DIR> d-------- C:\Arquivos de programas\CABAL Online 2008-08-14 23:41 . 2008-08-15 01:58 <DIR> d----c--- C:\7357df7933718ad7fa0fffc3 2008-08-14 23:28 . 2008-08-14 23:29 <DIR> d----c--- C:\LinhaDefensiva 2008-08-14 18:52 . 2008-08-14 23:19 <DIR> d----c--- C:\hijackthis 2008-08-14 03:02 . 2008-04-14 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-08-13 06:25 . 2008-08-13 06:25 <DIR> d-------- C:\Arquivos de programas\Calibrize 2008-08-11 06:49 . 2008-08-16 12:23 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\.rainlendar2 2008-08-11 06:49 . 2008-08-11 06:49 <DIR> d-------- C:\Arquivos de programas\Rainlendar2 2008-08-11 06:25 . 2008-08-11 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-08-11 06:25 . 2008-08-11 06:25 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy 2008-08-09 02:16 . 2008-08-16 13:32 <DIR> d-------- C:\Arquivos de programas\DreaMule 2008-08-05 22:20 . 2008-08-05 22:33 <DIR> d-------- C:\Arquivos de programas\SecondLife 2008-08-05 03:57 . 2008-08-05 03:57 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\SmartFTP 2008-08-05 01:55 . 2008-08-05 01:55 286,720 --------- C:\WINDOWS\Setup1.exe 2008-08-05 01:55 . 2008-08-05 01:55 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-08-05 01:53 . 2008-08-05 01:53 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Borland Shared 2008-08-05 01:53 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL 2008-08-05 01:53 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL 2008-08-05 01:53 . 2008-08-05 01:55 13,030 --a--c--- C:\PDOXUSRS.NET 2008-08-05 01:52 . 2008-08-05 01:55 <DIR> d-------- C:\Arquivos de programas\Contas Pessoais 2 2008-08-03 21:59 . 2008-08-03 21:59 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Yahoo! 2008-08-03 04:24 . 2008-08-03 04:24 7,707 --a------ C:\scr 2008-08-03 00:37 . 2008-08-03 00:38 <DIR> d-------- C:\Arquivos de programas\MUSHclient 2008-08-02 18:07 . 2008-08-02 18:07 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-08-02 16:13 . 2008-08-02 16:13 <DIR> d-------- C:\Arquivos de programas\XP Codec Pack 2008-08-02 16:13 . 2008-07-09 05:05 421,888 --a------ C:\WINDOWS\system32\ac3filter.acm 2008-08-02 15:50 . 2008-08-02 15:50 25 --a------ C:\WINDOWS\cdplayer.ini 2008-08-01 06:46 . 2008-08-05 04:13 <DIR> d-------- C:\Arquivos de programas\Yahoo! 2008-08-01 06:46 . 2008-08-01 06:46 <DIR> d-------- C:\Arquivos de programas\FLV Player 2008-08-01 03:56 . 2008-08-01 03:56 <DIR> d-------- C:\Arquivos de programas\Nova pasta 2008-07-31 17:24 . 2008-08-13 09:07 <DIR> d-------- C:\Arquivos de programas\DBConvert 2008-07-31 13:41 . 2008-07-31 15:01 <DIR> d-------- C:\Arquivos de programas\GbPlugin 2008-07-31 01:44 . 2008-07-31 01:44 1,744 --a------ C:\WINDOWS\sql.mif 2008-07-31 01:43 . 2000-08-06 01:51 192,569 --a------ C:\WINDOWS\system32\msrpjt40.dll 2008-07-31 01:42 . 2000-07-07 12:20 81,920 --a------ C:\WINDOWS\system32\mdt2fw95.dll 2008-07-31 01:42 . 2000-08-06 01:50 36,939 --a------ C:\WINDOWS\system32\insrepim.exe 2008-07-31 01:41 . 2000-08-06 01:51 274,489 --a------ C:\WINDOWS\system32\ntwdblib.dll 2008-07-31 01:41 . 2000-08-06 01:51 32,830 --a------ C:\WINDOWS\system32\dbmsshrn.dll 2008-07-31 01:41 . 2000-08-06 01:51 28,734 --a------ C:\WINDOWS\system32\dbmslpcn.dll 2008-07-31 01:40 . 2008-07-31 01:41 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server 2008-07-31 01:33 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-07-31 01:33 . 2008-07-31 01:44 1,278 --a------ C:\WINDOWS\setup.iss 2008-07-29 17:18 . 2008-08-01 06:52 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\MySQL 2008-07-29 17:02 . 2008-02-12 01:05 40,960 --a------ C:\WINDOWS\system32\php_mssql.dll 2008-07-29 16:59 . 2008-07-29 16:59 <DIR> d-------- C:\Arquivos de programas\MySQL 2008-07-29 16:35 . 2008-07-29 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help 2008-07-29 16:02 . 2008-07-29 16:02 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0 2008-07-29 15:05 . 2008-07-29 15:05 1,005 --a--c--- C:\BIOSLOCK.INI 2008-07-29 14:48 . 2008-07-16 03:54 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos 2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos 2008-07-29 14:48 . 2008-07-16 00:36 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar 2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos 2008-07-29 14:48 . 2008-07-16 00:36 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos 2008-07-29 14:48 . 2008-08-16 17:50 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais 2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede 2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão 2008-07-29 14:48 . 2008-08-11 08:17 <DIR> d-------- C:\Documents and Settings\Administrador 2008-07-29 10:24 . 2008-07-29 10:24 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-07-29 10:23 . 2008-07-29 10:23 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Blumentals 2008-07-28 08:40 . 2008-07-28 08:40 1,003,520 --a------ C:\WINDOWS\system32\VSFilter.dll 2008-07-27 05:35 . 2008-07-27 05:35 <DIR> d-------- C:\Arquivos de programas\PowerISO 2008-07-27 01:00 . 2008-08-06 18:34 24 --a--c--- C:\url_history.xml 2008-07-26 04:06 . 2008-07-26 04:06 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared 2008-07-26 01:15 . 2008-07-26 01:15 <DIR> d-------- C:\Arquivos de programas\Free SMTP Server 2008-07-25 23:47 . 2008-07-25 23:47 <DIR> d-------- C:\Arquivos de programas\No-IP 2008-07-23 22:53 . 2008-07-23 22:55 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\SecondLife 2008-07-23 17:45 . 2008-07-23 17:45 12,557 --a------ C:\WINDOWS\FontData.fdb 2008-07-23 17:07 . 2008-07-23 17:07 <DIR> d-------- C:\Arquivos de programas\Bonjour 2008-07-22 16:45 . 2008-07-22 16:45 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Corel 2008-07-22 16:45 . 2008-07-26 03:32 2,828 --ahs---- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2008-07-22 16:45 . 2008-07-22 16:45 8 -r-hs---- C:\Documents and Settings\All Users\Dados de aplicativos\A1D843D817.sys 2008-07-22 16:44 . 2008-07-22 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Corel 2008-07-22 16:44 . 2008-07-22 16:44 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Protexis 2008-07-22 16:42 . 2008-07-22 16:42 <DIR> d-------- C:\Arquivos de programas\Corel 2008-07-22 16:42 . 2008-07-22 16:42 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel 2008-07-22 16:21 . 2008-07-22 16:23 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead 2008-07-22 16:21 . 2001-07-06 14:41 569,344 --------- C:\WINDOWS\system32\imagr5.dll 2008-07-22 16:21 . 2001-07-06 12:44 544,768 --------- C:\WINDOWS\system32\imagx5.dll 2008-07-22 16:21 . 2001-07-06 18:24 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll 2008-07-22 16:21 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-07-22 16:21 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-07-22 16:21 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll 2008-07-22 16:20 . 2008-07-22 16:21 <DIR> d-------- C:\Arquivos de programas\Ahead 2008-07-22 03:35 . 2008-07-22 03:39 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-07-22 03:19 . 2008-07-22 03:19 421 --a------ C:\WINDOWS\ODBC.INI 2008-07-22 03:18 . 2008-07-22 03:18 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-07-22 03:18 . 2008-07-29 10:06 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET 2008-07-22 03:18 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll 2008-07-22 03:14 . 2008-07-22 03:14 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Toolbar 2008-07-22 03:13 . 2008-07-22 03:14 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite 2008-07-22 03:12 . 2008-07-22 03:12 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\DAEMON Tools 2008-07-22 03:12 . 2008-07-22 03:12 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-22 02:03 . 2008-07-22 02:03 <DIR> d-------- C:\Arquivos de programas\GameVicio 2008-07-21 21:14 . 2008-07-26 02:24 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-07-21 21:13 . 2008-07-21 21:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-07-21 21:13 . 2008-07-26 02:24 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-07-21 21:13 . 2008-07-21 21:13 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-07-21 21:02 . 2008-07-21 21:12 <DIR> d-------- C:\Arquivos de programas\Need for Speed ProStreet 2008-07-21 20:55 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-07-21 20:55 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2008-07-21 20:55 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2008-07-21 20:55 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-07-21 20:55 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2008-07-21 20:54 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2008-07-21 20:54 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2008-07-21 20:54 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2008-07-21 20:54 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2008-07-21 20:54 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2008-07-21 20:54 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2008-07-21 20:48 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2008-07-21 01:43 . 2008-07-21 01:43 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DirectX 2008-07-20 17:44 . 2008-07-20 17:44 <DIR> d----c--- C:\videooutput 2008-07-20 17:44 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll 2008-07-20 17:44 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll 2008-07-20 13:52 . 2008-07-21 01:25 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Graphisoft 2008-07-20 13:52 . 2008-07-20 13:52 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Graphisoft 2008-07-20 13:48 . 2008-07-20 13:48 <DIR> d-------- C:\Arquivos de programas\WIBU-SYSTEMS 2008-07-20 13:48 . 2007-05-09 06:00 516,096 --a------ C:\WINDOWS\system32\WibuXpm4J32.dll 2008-07-20 13:47 . 2008-07-22 03:30 0 --a------ C:\WINDOWS\vpd.properties 2008-07-20 13:46 . 2008-07-20 13:46 <DIR> d-------- C:\Arquivos de programas\Graphisoft 2008-07-19 12:18 . 2006-04-13 11:42 7,484,104 --a------ C:\WINDOWS\system32\osetup.dll 2008-07-19 01:35 . 2008-07-19 01:40 <DIR> d-------- C:\Arquivos de programas\Golden FTP Server Pro 2008-07-19 01:35 . 2008-07-19 01:35 20 --a------ C:\WINDOWS\system32\system.gfs 2008-07-19 01:31 . 2008-07-19 01:31 <DIR> d-------- C:\Arquivos de programas\GlobalSCAPE 2008-07-19 01:30 . 2008-07-19 01:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GlobalSCAPE . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-16 07:00 --------- d---a-w C:\Arquivos de programas\Windows Sidebar 2008-07-16 06:55 --------- d-----w C:\Arquivos de programas\Serviços on-line 2008-07-16 06:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços 2008-07-16 06:54 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-05 10:14 456,192 ----a-w C:\WINDOWS\system32\libmplayer.dll 2008-07-05 10:14 3,591,168 ----a-w C:\WINDOWS\system32\libavcodec.dll 2008-07-05 10:13 708,096 ----a-w C:\WINDOWS\system32\ff_x264.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-22 16:34 177,664 ----a-w C:\WINDOWS\system32\ff_theora.dll 2008-06-20 17:48 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-13 10:39 23,552 ----a-w C:\WINDOWS\system32\ff_wmv9.dll 2008-06-12 17:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2008-06-11 23:24 3,127 ----a-w C:\WINDOWS\system32\presetup.cmd 2008-06-11 23:24 28,672 ----a-w C:\WINDOWS\system32\setupold.exe 2008-06-11 23:11 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll 2008-06-11 23:11 1,571,840 ----a-w C:\WINDOWS\system32\sfcfiles.dll 2008-06-11 23:11 1,003,008 ----a-w C:\WINDOWS\system32\syssetup.dll 2008-06-11 23:09 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll 2008-06-11 21:55 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-05-28 15:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll 2008-05-28 15:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:00 15360] "SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368] "Rainlendar2"="C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe" [2007-12-30 07:23 1365504] "CGFLoader"="C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe" [2007-11-26 16:39 1961984] "CalibrizeResume"="C:\Arquivos de programas\Calibrize\CalibrizeResume.exe" [2007-11-26 16:40 413696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 14:07 8491008] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 14:07 81920] "egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168] "LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048] "nwiz"="nwiz.exe" [2007-09-16 14:07 1626112 C:\WINDOWS\system32\nwiz.exe] C:\Documents and Settings\Thi&Cissa\Menu Iniciar\Programas\Inicializar\ No-IP DUC.lnk - C:\Arquivos de programas\No-IP\DUC20.exe [2008-07-25 23:47:48 1172992] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "GreyMSIAds"= 0 (0x0) "NoInstrumentation"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2008-07-23 15:12 366664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef] 2008-07-23 15:12 366664 C:\Arquivos de programas\GbPlugin\gbiehcef.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm [HKLM\~\startupfolder\C:^Documents and Settings^Thi&Cissa^Menu Iniciar^Programas^Inicializar^Sidebar.lnk] path=C:\Documents and Settings\Thi&Cissa\Menu Iniciar\Programas\Inicializar\Sidebar.lnk backup=C:\WINDOWS\pss\Sidebar.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 08:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App] --a------ 2008-07-07 13:12 675935 C:\Arquivos de programas\SAMSUNG\FW LiveUpdate\FWManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Arquivos de programas\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2006-11-14 02:33 1249280 C:\Arquivos de programas\Windows Sidebar\sidebar_clear.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-09-23 12:41 860160 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-07-16 15:25 185896 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-07-09 18:33 36352 C:\Arquivos de programas\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19957:TCP"= 19957:TCP:BitCometBeta 19957 TCP "19957:UDP"= 19957:UDP:BitCometBeta 19957 UDP S2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-06-14 14:02] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31] S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2008-04-14 08:00] S2 PSI_SVC_2;Protexis Licensing V2;c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15] S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2008-02-28 15:31] S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys [] *Newly Created Service* - CATCHME . Conteúdo da pasta 'Tarefas Agendadas' 2008-08-15 C:\WINDOWS\Tasks\pen.job - C:\Documents and Settings\Thi&Cissa\Desktop\Backup Pen\pen.bat [2008-08-14 06:50] . . ------- Ccan Suplementar ------- . FireFox -: Profile - C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Mozilla\Firefox\Profiles\j156pnhj.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank FF -: plugin - C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Mozilla\Firefox\Profiles\j156pnhj.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-16 17:51:02 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-08-16 17:52:37 ComboFix-quarantined-files.txt 2008-08-16 20:52:30 Pre-Run: 14 pasta(s) 282,211,872,768 bytes disponíveis Post-Run: 16 pasta(s) 283,139,428,352 bytes disponíveis 274 --- E O F --- 2008-08-16 10:15:37 Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Agosto 18, 2008 Opa ~TiuTalk~, Siga as instruções: 1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote": File::C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys C:\Documents and Settings\All Users\Dados de aplicativos\A1D843D817.sys C:\WINDOWS\system32\WibuXpm4J32.dll Folder:: C:\7357df7933718ad7fa0fffc3 Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "GreyMSIAds"= 1 (0x1) "NoInstrumentation"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 1 (0x1) ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário. 2. Salve o arquivo como CFScript.txt; 3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe. 4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
~TiuTalk~ 7 Denunciar post Postado Agosto 19, 2008 ComboFix 08-08-18.01 - Thi&Cissa 2008-08-18 21:07:44.2 - NTFSx86 NETWORKMicrosoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1740 [GMT -3:00] Executando de: C:\Documents and Settings\Thi&Cissa\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Thi&Cissa\Desktop\CFScript.txt ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! FILE :: C:\Documents and Settings\All Users\Dados de aplicativos\A1D843D817.sys C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys C:\WINDOWS\system32\WibuXpm4J32.dll . Error: Cfiles.dat ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\7357df7933718ad7fa0fffc3 C:\7357df7933718ad7fa0fffc3\mrt.exe C:\7357df7933718ad7fa0fffc3\mrtstub.exe C:\Documents and Settings\All Users\Dados de aplicativos\A1D843D817.sys C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys C:\WINDOWS\system32\WibuXpm4J32.dll . ((((((((((((((((((((((( Ficheiros criados de 2008-07-19 to 2008-08-19 )))))))))))))))))))))))))))))))) . 2008-08-15 06:47 . 2008-08-16 18:12 <DIR> d-------- C:\Arquivos de programas\CABAL Online 2008-08-14 23:28 . 2008-08-14 23:29 <DIR> d----c--- C:\LinhaDefensiva 2008-08-14 18:52 . 2008-08-14 23:19 <DIR> d----c--- C:\hijackthis 2008-08-14 03:02 . 2008-04-14 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-08-13 06:25 . 2008-08-13 06:25 <DIR> d-------- C:\Arquivos de programas\Calibrize 2008-08-11 06:49 . 2008-08-16 17:56 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\.rainlendar2 2008-08-11 06:49 . 2008-08-11 06:49 <DIR> d-------- C:\Arquivos de programas\Rainlendar2 2008-08-11 06:25 . 2008-08-11 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-08-11 06:25 . 2008-08-11 06:25 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy 2008-08-09 02:16 . 2008-08-17 13:53 <DIR> d-------- C:\Arquivos de programas\DreaMule 2008-08-05 22:20 . 2008-08-05 22:33 <DIR> d-------- C:\Arquivos de programas\SecondLife 2008-08-05 03:57 . 2008-08-05 03:57 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\SmartFTP 2008-08-05 01:55 . 2008-08-05 01:55 286,720 --------- C:\WINDOWS\Setup1.exe 2008-08-05 01:55 . 2008-08-05 01:55 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-08-05 01:53 . 2008-08-05 01:53 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Borland Shared 2008-08-05 01:53 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL 2008-08-05 01:53 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL 2008-08-05 01:53 . 2008-08-05 01:55 13,030 --a--c--- C:\PDOXUSRS.NET 2008-08-05 01:52 . 2008-08-05 01:55 <DIR> d-------- C:\Arquivos de programas\Contas Pessoais 2 2008-08-03 21:59 . 2008-08-03 21:59 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Yahoo! 2008-08-03 04:24 . 2008-08-03 04:24 7,707 --a------ C:\scr 2008-08-03 00:37 . 2008-08-03 00:38 <DIR> d-------- C:\Arquivos de programas\MUSHclient 2008-08-02 18:07 . 2008-08-02 18:07 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-08-02 16:13 . 2008-08-02 16:13 <DIR> d-------- C:\Arquivos de programas\XP Codec Pack 2008-08-02 16:13 . 2008-07-09 05:05 421,888 --a------ C:\WINDOWS\system32\ac3filter.acm 2008-08-02 15:50 . 2008-08-02 15:50 25 --a------ C:\WINDOWS\cdplayer.ini 2008-08-01 06:46 . 2008-08-05 04:13 <DIR> d-------- C:\Arquivos de programas\Yahoo! 2008-08-01 06:46 . 2008-08-01 06:46 <DIR> d-------- C:\Arquivos de programas\FLV Player 2008-08-01 03:56 . 2008-08-01 03:56 <DIR> d-------- C:\Arquivos de programas\Nova pasta 2008-07-31 17:24 . 2008-08-13 09:07 <DIR> d-------- C:\Arquivos de programas\DBConvert 2008-07-31 13:41 . 2008-07-31 15:01 <DIR> d-------- C:\Arquivos de programas\GbPlugin 2008-07-31 01:44 . 2008-07-31 01:44 1,744 --a------ C:\WINDOWS\sql.mif 2008-07-31 01:43 . 2000-08-06 01:51 192,569 --a------ C:\WINDOWS\system32\msrpjt40.dll 2008-07-31 01:42 . 2000-07-07 12:20 81,920 --a------ C:\WINDOWS\system32\mdt2fw95.dll 2008-07-31 01:42 . 2000-08-06 01:50 36,939 --a------ C:\WINDOWS\system32\insrepim.exe 2008-07-31 01:41 . 2000-08-06 01:51 274,489 --a------ C:\WINDOWS\system32\ntwdblib.dll 2008-07-31 01:41 . 2000-08-06 01:51 32,830 --a------ C:\WINDOWS\system32\dbmsshrn.dll 2008-07-31 01:41 . 2000-08-06 01:51 28,734 --a------ C:\WINDOWS\system32\dbmslpcn.dll 2008-07-31 01:40 . 2008-07-31 01:41 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server 2008-07-31 01:33 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-07-31 01:33 . 2008-07-31 01:44 1,278 --a------ C:\WINDOWS\setup.iss 2008-07-29 17:18 . 2008-08-01 06:52 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\MySQL 2008-07-29 17:02 . 2008-02-12 01:05 40,960 --a------ C:\WINDOWS\system32\php_mssql.dll 2008-07-29 16:59 . 2008-07-29 16:59 <DIR> d-------- C:\Arquivos de programas\MySQL 2008-07-29 16:35 . 2008-07-29 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help 2008-07-29 16:02 . 2008-07-29 16:02 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0 2008-07-29 15:05 . 2008-07-29 15:05 1,005 --a--c--- C:\BIOSLOCK.INI 2008-07-29 14:48 . 2008-07-16 03:54 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos 2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos 2008-07-29 14:48 . 2008-07-16 00:36 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar 2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos 2008-07-29 14:48 . 2008-07-16 00:36 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos 2008-07-29 14:48 . 2008-08-18 21:09 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais 2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede 2008-07-29 14:48 . 2008-07-16 00:36 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão 2008-07-29 14:48 . 2008-08-11 08:17 <DIR> d-------- C:\Documents and Settings\Administrador 2008-07-29 10:24 . 2008-07-29 10:24 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-07-29 10:23 . 2008-07-29 10:23 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Blumentals 2008-07-28 08:40 . 2008-07-28 08:40 1,003,520 --a------ C:\WINDOWS\system32\VSFilter.dll 2008-07-27 05:35 . 2008-07-27 05:35 <DIR> d-------- C:\Arquivos de programas\PowerISO 2008-07-27 01:00 . 2008-08-06 18:34 24 --a--c--- C:\url_history.xml 2008-07-26 04:06 . 2008-07-26 04:06 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared 2008-07-26 01:15 . 2008-07-26 01:15 <DIR> d-------- C:\Arquivos de programas\Free SMTP Server 2008-07-25 23:47 . 2008-07-25 23:47 <DIR> d-------- C:\Arquivos de programas\No-IP 2008-07-23 22:53 . 2008-07-23 22:55 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\SecondLife 2008-07-23 17:45 . 2008-07-23 17:45 12,557 --a------ C:\WINDOWS\FontData.fdb 2008-07-23 17:07 . 2008-07-23 17:07 <DIR> d-------- C:\Arquivos de programas\Bonjour 2008-07-22 16:45 . 2008-07-22 16:45 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Corel 2008-07-22 16:44 . 2008-07-22 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Corel 2008-07-22 16:44 . 2008-07-22 16:44 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Protexis 2008-07-22 16:42 . 2008-07-22 16:42 <DIR> d-------- C:\Arquivos de programas\Corel 2008-07-22 16:42 . 2008-07-22 16:42 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel 2008-07-22 16:21 . 2008-07-22 16:23 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead 2008-07-22 16:21 . 2001-07-06 14:41 569,344 --------- C:\WINDOWS\system32\imagr5.dll 2008-07-22 16:21 . 2001-07-06 12:44 544,768 --------- C:\WINDOWS\system32\imagx5.dll 2008-07-22 16:21 . 2001-07-06 18:24 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll 2008-07-22 16:21 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-07-22 16:21 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-07-22 16:21 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll 2008-07-22 16:20 . 2008-07-22 16:21 <DIR> d-------- C:\Arquivos de programas\Ahead 2008-07-22 03:35 . 2008-07-22 03:39 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-07-22 03:19 . 2008-07-22 03:19 421 --a------ C:\WINDOWS\ODBC.INI 2008-07-22 03:18 . 2008-07-22 03:18 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-07-22 03:18 . 2008-07-29 10:06 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET 2008-07-22 03:18 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll 2008-07-22 03:14 . 2008-07-22 03:14 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Toolbar 2008-07-22 03:13 . 2008-07-22 03:14 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite 2008-07-22 03:12 . 2008-07-22 03:12 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\DAEMON Tools 2008-07-22 03:12 . 2008-07-22 03:12 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-22 02:03 . 2008-07-22 02:03 <DIR> d-------- C:\Arquivos de programas\GameVicio 2008-07-21 21:14 . 2008-07-26 02:24 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-07-21 21:13 . 2008-07-21 21:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-07-21 21:13 . 2008-07-26 02:24 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-07-21 21:13 . 2008-07-21 21:13 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-07-21 21:02 . 2008-07-21 21:12 <DIR> d-------- C:\Arquivos de programas\Need for Speed ProStreet 2008-07-21 20:55 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-07-21 20:55 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2008-07-21 20:55 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2008-07-21 20:55 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-07-21 20:55 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2008-07-21 20:54 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2008-07-21 20:54 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2008-07-21 20:54 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2008-07-21 20:54 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2008-07-21 20:54 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2008-07-21 20:54 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2008-07-21 20:48 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2008-07-21 01:43 . 2008-07-21 01:43 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DirectX 2008-07-20 17:44 . 2008-07-20 17:44 <DIR> d----c--- C:\videooutput 2008-07-20 17:44 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll 2008-07-20 17:44 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll 2008-07-20 13:52 . 2008-07-21 01:25 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Graphisoft 2008-07-20 13:52 . 2008-07-20 13:52 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Graphisoft 2008-07-20 13:48 . 2008-07-20 13:48 <DIR> d-------- C:\Arquivos de programas\WIBU-SYSTEMS 2008-07-20 13:47 . 2008-07-22 03:30 0 --a------ C:\WINDOWS\vpd.properties 2008-07-20 13:46 . 2008-07-20 13:46 <DIR> d-------- C:\Arquivos de programas\Graphisoft 2008-07-19 12:18 . 2006-04-13 11:42 7,484,104 --a------ C:\WINDOWS\system32\osetup.dll 2008-07-19 01:35 . 2008-07-19 01:40 <DIR> d-------- C:\Arquivos de programas\Golden FTP Server Pro 2008-07-19 01:35 . 2008-07-19 01:35 20 --a------ C:\WINDOWS\system32\system.gfs 2008-07-19 01:31 . 2008-07-19 01:31 <DIR> d-------- C:\Arquivos de programas\GlobalSCAPE 2008-07-19 01:30 . 2008-07-19 01:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GlobalSCAPE 2008-07-19 01:29 . 2008-07-19 01:29 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\GlobalSCAPE . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-18 23:38 --------- d-----w C:\Arquivos de programas\Mozilla Thunderbird 2008-08-18 03:55 --------- d-----w C:\Arquivos de programas\LogMeIn 2008-08-15 19:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus! 2008-08-01 09:34 --------- d-----w C:\Arquivos de programas\Auslogics 2008-07-31 16:42 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2008-07-26 07:06 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe 2008-07-22 19:15 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Nero 2008-07-22 06:32 --------- d-----w C:\Arquivos de programas\Revo Uninstaller 2008-07-19 19:46 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield 2008-07-19 05:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet 2008-07-19 04:31 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-07-18 17:27 --------- d-----w C:\Arquivos de programas\Paint.NET 2008-07-18 10:05 --------- d-----w C:\Arquivos de programas\Reference Assemblies 2008-07-18 10:05 --------- d-----w C:\Arquivos de programas\MSBuild 2008-07-18 08:19 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live 2008-07-18 07:59 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Auslogics 2008-07-18 05:22 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio 2008-07-18 05:09 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack 2008-07-18 04:48 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Apple Computer 2008-07-18 04:01 --------- d-----w C:\Arquivos de programas\BitComet 2008-07-17 23:47 --------- d-----w C:\Arquivos de programas\Winamp 2008-07-17 22:42 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Winamp 2008-07-17 20:33 --------- d-----w C:\Arquivos de programas\Zend 2008-07-17 20:29 --------- d--h--w C:\Arquivos de programas\Zero G Registry 2008-07-16 20:50 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn 2008-07-16 18:28 --------- d-----w C:\Arquivos de programas\QuickTime 2008-07-16 18:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer 2008-07-16 18:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple 2008-07-16 18:27 --------- d-----w C:\Arquivos de programas\Apple Software Update 2008-07-16 18:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-07-16 18:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-07-16 18:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared 2008-07-16 18:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real 2008-07-16 15:49 --------- d-----w C:\Arquivos de programas\Windows Live 2008-07-16 15:37 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2008-07-16 15:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller 2008-07-16 10:21 --------- d-----w C:\Arquivos de programas\Java 2008-07-16 10:04 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java 2008-07-16 09:34 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Thunderbird 2008-07-16 09:27 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Talkback 2008-07-16 09:23 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\ESET 2008-07-16 09:22 --------- d-----w C:\Arquivos de programas\ESET 2008-07-16 09:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ESET 2008-07-16 07:21 --------- d-----w C:\Arquivos de programas\SAMSUNG 2008-07-16 07:09 --------- d-----w C:\Arquivos de programas\On-line Help Console 2008-07-16 07:09 --------- d-----w C:\Arquivos de programas\Analog Devices 2008-07-16 07:00 --------- d---a-w C:\Arquivos de programas\Windows Sidebar 2008-07-16 07:00 --------- d-----w C:\Arquivos de programas\microsoft frontpage 2008-07-16 06:55 --------- d-----w C:\Arquivos de programas\Serviços on-line 2008-07-16 06:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços 2008-07-16 06:54 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-05 10:14 456,192 ----a-w C:\WINDOWS\system32\libmplayer.dll 2008-07-05 10:14 3,591,168 ----a-w C:\WINDOWS\system32\libavcodec.dll 2008-07-05 10:13 708,096 ----a-w C:\WINDOWS\system32\ff_x264.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-22 16:34 177,664 ----a-w C:\WINDOWS\system32\ff_theora.dll 2008-06-20 17:48 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-13 10:39 23,552 ----a-w C:\WINDOWS\system32\ff_wmv9.dll 2008-06-12 17:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2008-06-11 23:24 3,127 ----a-w C:\WINDOWS\system32\presetup.cmd 2008-06-11 23:24 28,672 ----a-w C:\WINDOWS\system32\setupold.exe 2008-06-11 23:11 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll 2008-06-11 23:11 1,571,840 ----a-w C:\WINDOWS\system32\sfcfiles.dll 2008-06-11 23:11 1,003,008 ----a-w C:\WINDOWS\system32\syssetup.dll 2008-06-11 23:09 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll 2008-06-11 21:55 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-05-28 15:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll 2008-05-28 15:33 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll 2008-05-28 15:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll 2008-05-28 15:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll 2008-05-28 15:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:00 15360] "SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368] "Rainlendar2"="C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe" [2007-12-30 07:23 1365504] "CGFLoader"="C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe" [2007-11-26 16:39 1961984] "CalibrizeResume"="C:\Arquivos de programas\Calibrize\CalibrizeResume.exe" [2007-11-26 16:40 413696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 14:07 8491008] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 14:07 81920] "egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168] "LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048] "nwiz"="nwiz.exe" [2007-09-16 14:07 1626112 C:\WINDOWS\system32\nwiz.exe] C:\Documents and Settings\Thi&Cissa\Menu Iniciar\Programas\Inicializar\ No-IP DUC.lnk - C:\Arquivos de programas\No-IP\DUC20.exe [2008-07-25 23:47:48 1172992] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "GreyMSIAds"= 0 (0x0) "NoInstrumentation"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2008-07-23 15:12 366664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef] 2008-07-23 15:12 366664 C:\Arquivos de programas\GbPlugin\gbiehcef.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm [HKLM\~\startupfolder\C:^Documents and Settings^Thi&Cissa^Menu Iniciar^Programas^Inicializar^Sidebar.lnk] path=C:\Documents and Settings\Thi&Cissa\Menu Iniciar\Programas\Inicializar\Sidebar.lnk backup=C:\WINDOWS\pss\Sidebar.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 08:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App] --a------ 2008-07-07 13:12 675935 C:\Arquivos de programas\SAMSUNG\FW LiveUpdate\FWManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Arquivos de programas\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2006-11-14 02:33 1249280 C:\Arquivos de programas\Windows Sidebar\sidebar_clear.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-09-23 12:41 860160 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-07-16 15:25 185896 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-07-09 18:33 36352 C:\Arquivos de programas\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19957:TCP"= 19957:TCP:BitCometBeta 19957 TCP "19957:UDP"= 19957:UDP:BitCometBeta 19957 UDP S2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-06-14 14:02] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31] S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2008-04-14 08:00] S2 PSI_SVC_2;Protexis Licensing V2;c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15] S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2008-02-28 15:31] S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys [] . Conteúdo da pasta 'Tarefas Agendadas' 2008-08-18 C:\WINDOWS\Tasks\pen.job - C:\Documents and Settings\Thi&Cissa\Desktop\Backup Pen\pen.bat [2008-08-14 06:50] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-18 21:09:56 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-08-18 21:11:28 ComboFix-quarantined-files.txt 2008-08-19 00:11:18 ComboFix2.txt 2008-08-16 20:52:38 Pre-Run: 14 pasta(s) 283,128,967,168 bytes disponíveis Post-Run: 15 pasta(s) 283,120,795,648 bytes disponíveis 320 --- E O F --- 2008-08-16 10:15:37 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:11:51, on 18/8/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\ARQUIV~1\Zend\bin\ZENDIE~1.DLL O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [CGFLoader] C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe O4 - HKCU\..\Run: [CalibrizeResume] C:\Arquivos de programas\Calibrize\CalibrizeResume.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Arquivos de programas\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Arquivos de programas\Zend\bin\ZendIEToolbar.dll/DebugNext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://correiojb.editorajb.com.br/iNotes.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Arquivos de programas\No-IP\DUC20.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 7575 bytes Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Agosto 19, 2008 Opa ~TiuTalk~, Submeta o arquivo abaixo ao site da Jotti: C:\Documents and Settings\Thi&Cissa\Desktop\Backup Pen\pen.bat ... e retorne com o resultado. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
~TiuTalk~ 7 Denunciar post Postado Agosto 19, 2008 Esse arquivo fui eu que criei pra fazer um backupzinho dos meus arquivos da pen.. =) Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Agosto 21, 2008 Esse arquivo fui eu que criei pra fazer um backupzinho dos meus arquivos da pen.. =) Ok. Assim sendo, o seu log está limpo. A sua máquina ainda está apresentado algum problema? Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Setembro 22, 2008 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
