Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

anahii

[Resolvido!]  log hijackthis

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

anahii    0

anahii
Postado

ola olhe meu logo por favor e veja se está limpo log do hijackthis

 

obrigada

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:09:07, on 28/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\DAP\DAP.EXE

C:\WINDOWS\PixArt\PAC207\Monitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Arquivos de programas\Shareaza\Plugins\RazaWebHook.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [igndlm.exe] C:\Arquivos de programas\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKCU\..\Run: [shareaza] "C:\Arquivos de programas\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\ARQUIV~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: Registration Assassin's Creed.LNK = C:\Arquivos de programas\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: Download with &Shareaza - res://C:\Arquivos de programas\Shareaza\Plugins\RazaWebHook.dll/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5BD5E09-847D-412E-B1E3-812F792C4931}: NameServer = 200.165.132.147 200.149.55.140

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg

 

--

End of file - 7781 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

- Faça o download do Malwarebytes Anti-Malware

http://www.besttechie.net/tools/mbam-setup.exe

 

◘ Faça a instalação dando um duplo clique em "mbam-setup.exe";

◘ Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;

◘ Marque "Verificação Rápida" e depois clique em Verificar;

◘ Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

◘ Se algo for detectado, veja se tudo está marcado e clique em "Remover";

◘ O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

◘ Copie e cole o conteúdo desse log na sua próxima resposta.

 

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

anahii    0

anahii
Postado

log do hijackthis

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:24:36, on 28/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\PixArt\PAC207\Monitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Arquivos de programas\Shareaza\Plugins\RazaWebHook.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [igndlm.exe] C:\Arquivos de programas\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKCU\..\Run: [shareaza] "C:\Arquivos de programas\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\ARQUIV~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: Registration Assassin's Creed.LNK = C:\Arquivos de programas\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: Download with &Shareaza - res://C:\Arquivos de programas\Shareaza\Plugins\RazaWebHook.dll/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5BD5E09-847D-412E-B1E3-812F792C4931}: NameServer = 200.165.132.147 200.149.55.140

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg

 

--

End of file - 7642 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

anahii    0

anahii
Postado

log do mbam

 

 

 

Malwarebytes' Anti-Malware 1.25

Versão do banco de dados: 1090

Windows 5.1.2600 Service Pack 2

 

01:14:50 28/8/2008

mbam-log-08-28-2008 (01-14-50).txt

 

Tipo de Verificação: Completa (A:\|C:\|D:\|E:\|)

Objetos verificados: 86863

Tempo decorrido: 54 minute(s), 7 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Baixe o Combofix e salve no seu desktop.

 

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

 

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

 

Para parar ou sair do ComboFix, tecle "2" e Enter.

 

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

Compartilhar este post

Link para o post
Compartilhar em outros sites

anahii    0

anahii
Postado

Log do Combofix

 

 

ComboFix 08-08-27.05 - Administrador 2008-08-28 2:08:52.8 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.645 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Meus documentos\Minhas imagens\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\copy.exe

C:\Documents and Settings\Administrador\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\WWMREYQ8\bin.clearspring.com

C:\Documents and Settings\Administrador\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\WWMREYQ8\bin.clearspring.com\clearspring.sol

C:\Documents and Settings\Administrador\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\WWMREYQ8\interclick.com

C:\Documents and Settings\Administrador\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\WWMREYQ8\interclick.com\ud.sol

C:\Documents and Settings\Administrador\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com

C:\Documents and Settings\Administrador\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol

C:\Documents and Settings\Administrador\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com

C:\Documents and Settings\Administrador\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

C:\host.exe

C:\WINDOWS\system32\temp1.exe

C:\WINDOWS\system32\temp2.exe

C:\WINDOWS\xcopy.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))

.

 

2008-08-28 00:17 . 2008-08-28 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-08-28 00:17 . 2008-08-28 00:17 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes

2008-08-28 00:17 . 2008-08-28 00:17 <DIR> d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-08-28 00:17 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-28 00:17 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-27 22:47 . 2008-08-27 22:47 <DIR> d-------- C:\WINDOWS\LastGood

2008-08-27 00:31 . 2008-08-27 00:31 <DIR> d-------- C:\WINDOWS\ERUNT

2008-08-27 00:28 . 2008-08-27 00:43 <DIR> d-------- C:\SDFix

2008-08-25 22:37 . 2008-08-25 22:37 25 --a------ C:\WINDOWS\icad.INI

2008-08-25 22:23 . 2008-08-26 18:37 <DIR> d-------- C:\Arquivos de programas\CADian2008 Trial

2008-08-24 21:02 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll

2008-08-24 21:01 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

2008-08-24 21:00 . 2008-08-24 21:00 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers

2008-08-24 21:00 . 2008-08-24 21:00 <DIR> d-------- C:\Arquivos de programas\Samsung

2008-08-24 21:00 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-08-22 01:34 . 2008-08-22 01:34 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-08-15 01:20 . 2008-08-15 02:32 584 --a------ C:\WINDOWS\imsins.BAK

2008-08-15 00:31 . 2008-08-15 00:31 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Snapfish

2008-08-14 23:45 . 2008-05-01 11:32 331,776 --------- C:\WINDOWS\system32\DllCache\msadce.dll

2008-07-31 10:46 . 2008-07-31 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-07-30 21:34 . 2008-07-30 21:34 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-07-30 21:34 . 2008-07-30 21:34 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-07-29 23:40 . 2008-07-29 23:40 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2008-07-29 23:40 . 2004-03-09 00:00 609,824 --a------ C:\WINDOWS\system32\COMCTL32.ocx

2008-07-29 23:40 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.OCX

2008-07-29 23:40 . 2004-03-08 22:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.OCX

2008-07-29 23:40 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.ocx

2008-07-29 22:58 . 2008-07-29 22:58 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-07-29 22:58 . 2008-07-29 22:58 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-07-29 22:58 . 2008-07-29 22:58 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-07-29 22:58 . 2008-07-29 22:58 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

2008-07-29 22:47 . 2008-07-29 22:47 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-07-29 22:47 . 2008-07-29 22:47 <DIR> d-------- C:\WINDOWS\system32\oobe

2008-07-29 22:47 . 2008-07-29 22:47 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2008-07-28 23:57 . 2008-07-29 04:06 <DIR> d-------- C:\LinhaDefensiva

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-28 03:16 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-08-26 21:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ubisoft

2008-08-26 21:10 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-26 21:10 --------- d-----w C:\Arquivos de programas\Ubisoft

2008-08-26 14:08 --------- d-----w C:\Arquivos de programas\UltraISO

2008-08-25 00:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-17 03:23 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\AdobeUM

2008-08-15 03:32 304,160 ----a-w C:\PA207.DAT

2008-07-23 21:55 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Ahead

2008-07-22 13:21 --------- d-----w C:\Arquivos de programas\Ahead

2008-07-22 13:20 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

2008-07-22 13:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2008-07-22 13:18 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Simple Star

2008-07-22 13:08 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-07-10 03:44 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-07-09 00:41 --------- d-----w C:\Arquivos de programas\Microsoft Games

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\DllCache\es.dll

2008-06-30 09:25 --------- d-----w C:\Arquivos de programas\GTA você - NFS Undeground

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:24 74,240 ------w C:\WINDOWS\system32\DllCache\mscms.dll

2008-06-24 13:29 3,592,192 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll

2008-06-23 09:24 70,656 ------w C:\WINDOWS\system32\DllCache\ie4uinit.exe

2008-06-23 09:24 625,664 ------w C:\WINDOWS\system32\DllCache\iexplore.exe

2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\DllCache\ieudinit.exe

2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\DllCache\ieakui.dll

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\DllCache\mswsock.dll

2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\DllCache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\DllCache\tcpip.sys

2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\DllCache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\DllCache\tcpip6.sys

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\DllCache\bthport.sys

2008-05-30 21:14 988,160 ----a-w C:\WINDOWS\winhelp.dll

2008-05-30 21:14 236,544 ----a-w C:\WINDOWS\MSXML.exe

2008-04-14 16:44 22,328 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\PnkBstrK.sys

2007-10-29 18:56 19,755,376 ----a-w C:\Arquivos de programas\aaw2007.exe

2007-10-27 02:53 3,067 ----a-w C:\Arquivos de programas\Trabalho Final.doc

2007-10-21 02:02 6,567,714 ----a-w C:\Arquivos de programas\firefox-3.0a8.en-US.win32.installer.exe

2007-10-15 02:40 3,954,000 ----a-w C:\Arquivos de programas\MsgPlusLive-423.exe

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

 

------- Sigcheck -------

 

2005-08-30 23:13 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\system32\spoolsv.exe

.

((((((((((((((((((((((((((((( snapshot@2008-08-22_ 1.31.39.54 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-09 00:48:21 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2008-08-28 01:55:45 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

- 2008-07-09 00:48:22 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

+ 2008-08-28 01:55:45 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2008-07-09 00:48:22 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2008-08-28 01:55:45 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

- 2008-07-02 00:50:32 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-26 21:27:08 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-07-02 00:50:33 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-26 21:27:09 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-07-02 00:50:34 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-26 21:27:09 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-07-09 00:48:14 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-28 01:55:41 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-07-09 00:48:22 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-28 01:55:46 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-07-02 00:50:37 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-26 21:27:11 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-07-02 00:50:38 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-26 21:27:11 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-07-02 00:50:39 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-26 21:27:12 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-07-02 00:50:40 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-26 21:27:12 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-07-02 00:50:44 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-08-26 21:27:15 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-07-09 00:48:23 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2008-08-28 01:55:46 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

- 2008-07-09 00:48:23 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

+ 2008-08-28 01:55:46 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

- 2008-07-09 00:48:24 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2008-08-28 01:55:47 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

- 2008-07-09 00:48:24 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2008-08-28 01:55:47 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

- 2008-07-09 00:48:20 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2008-08-28 01:55:43 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2007-08-02 14:31:32 360,320 ----a-w C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll

+ 2007-08-02 14:31:32 67,456 ----a-w C:\WINDOWS\Downloaded Program Files\PURen-us.dll

+ 2007-08-06 15:10:34 68,480 ----a-w C:\WINDOWS\Downloaded Program Files\PURpt-br.dll

+ 2008-08-07 19:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-08-27 03:31:33 5,992,448 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2008-08-27 03:31:33 106,496 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-08-07 19:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-08-27 03:31:23 5,992,448 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2008-08-27 03:31:23 106,496 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2005-03-18 20:19:58 2,337,488 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_25.dll

+ 2005-05-26 18:34:52 2,297,552 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_26.dll

+ 2005-08-30 20:57:18 58,320 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_bus.sys

+ 2005-08-30 20:58:50 6,144 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_cmnt.sys

+ 2005-08-30 20:58:56 8,304 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_mdfl.sys

+ 2005-08-30 20:59:00 94,000 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_mdm.sys

+ 2005-08-26 21:07:28 81,920 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

+ 2005-08-30 20:57:14 5,808 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_whnt.sys

+ 2005-08-30 04:47:38 58,320 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_bus.sys

+ 2005-08-30 04:49:28 6,176 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_cmnt.sys

+ 2005-08-30 04:49:34 8,336 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_mdfl.sys

+ 2005-08-30 04:49:38 94,000 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_mdm.sys

+ 2005-08-30 04:46:16 81,920 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

+ 2005-08-30 04:47:34 5,840 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_whnt.sys

+ 2005-12-22 15:24:50 80,272 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdbus.sys

+ 2005-12-22 15:24:52 11,877 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdcmnt.sys

+ 2005-12-22 15:24:52 10,864 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdmdfl.sys

+ 2005-12-22 15:24:52 137,884 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdmdm.sys

+ 2005-12-22 15:24:52 108,003 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdserd.sys

+ 2005-12-22 15:24:52 65,536 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

+ 2005-12-22 15:24:54 11,188 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdwhnt.sys

+ 2006-07-21 15:12:56 66,672 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdbus.sys

+ 2006-07-21 15:15:26 6,208 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdcmnt.sys

+ 2006-07-21 15:13:48 9,232 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmdfl.sys

+ 2006-07-21 15:13:52 100,304 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmdm.sys

+ 2006-07-21 15:14:40 91,744 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmgmt.sys

+ 2006-07-21 15:15:28 89,584 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdobex.sys

+ 2006-07-21 15:15:56 53,760 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe

+ 2006-07-21 15:12:52 5,872 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdwhnt.sys

+ 2007-01-07 21:10:28 66,880 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcbus.sys

+ 2007-01-07 21:11:16 6,272 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbccmnt.sys

+ 2007-01-07 21:11:18 9,360 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcmdfl.sys

+ 2007-01-07 21:11:22 100,864 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcmdm.sys

+ 2007-01-07 21:11:48 55,296 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe

+ 2007-01-07 21:10:24 5,936 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcwhnt.sys

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:45 15360]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"PowerBar"="C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26 86016]

"igndlm.exe"="C:\Arquivos de programas\Download Manager\DLM.exe" [2007-03-05 18:57 1103480]

"Shareaza"="C:\Arquivos de programas\Shareaza\Shareaza.exe" [2008-01-01 17:49 4739072]

"PhotoShow Deluxe Media Manager"="C:\ARQUIV~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe" [2005-02-25 21:28 212992]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DownloadAccelerator"="C:\Arquivos de programas\DAP\DAP.EXE" [2007-12-15 09:56 4576768]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2002-03-18 18:27 4554752]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2002-03-18 18:27 86016]

"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 10:01 319488]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 18:45 15360]

 

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

Registration Assassin's Creed.LNK - C:\Arquivos de programas\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [2008-08-26 18:26:27 967304]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

R1 remplug;Driver de Controle de Interface;c:\windows\system32\remplug.sys [2008-03-28 09:45]

R3 PAC207;PC Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 12:30]

S3 dump_wmimmc;dump_wmimmc;C:\Arquivos de programas\Lineage II\system\GameGuard\dump_wmimmc.sys []

S3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-08-13 23:51]

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\n5zdbvq6.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Arquivos de programas\Gran Paradiso\plugins\npnul32.dll

FF -: plugin - C:\Arquivos de programas\Gran Paradiso\plugins\nppdf32.dll

FF -: plugin - C:\Arquivos de programas\Gran Paradiso\plugins\NPSWF32.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_04\bin\NPJava11.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_04\bin\NPJava12.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_04\bin\NPJava13.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_04\bin\NPJava14.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_04\bin\NPJava32.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_04\bin\NPJPI150_04.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_04\bin\NPOJI610.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 02:10:48

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-08-28 2:13:19

ComboFix-quarantined-files.txt 2008-08-28 05:12:35

ComboFix2.txt 2008-08-23 10:58:42

ComboFix3.txt 2008-08-22 12:36:42

ComboFix4.txt 2008-08-22 12:29:29

ComboFix5.txt 2008-08-28 05:08:27

 

Pre-Run: 4,299,472,896 bytes disponíveis

Post-Run: 4,365,197,312 bytes disponíveis

 

281 --- E O F --- 2008-08-15 05:32:07

 

 

 

 

log do hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:21:44, on 28/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\PixArt\PAC207\Monitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Arquivos de programas\Shareaza\Plugins\RazaWebHook.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [igndlm.exe] C:\Arquivos de programas\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKCU\..\Run: [shareaza] "C:\Arquivos de programas\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\ARQUIV~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: Registration Assassin's Creed.LNK = C:\Arquivos de programas\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: Download with &Shareaza - res://C:\Arquivos de programas\Shareaza\Plugins\RazaWebHook.dll/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5BD5E09-847D-412E-B1E3-812F792C4931}: NameServer = 200.165.132.147 200.149.55.140

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg

 

--

End of file - 7553 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Ok, o log estar limpo algum problema?

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Registration Backup irá manter um backup de todas as senhas de registro dos seus softwares num único lugar. Seus dados ficarão seguros criptografados por algoritmo Blowfish e protegidos por senhas.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito