Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

JSL

[Arquivado] Área de trabalho sumindo

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

JSL    0

JSL
Postado

Olá!..

O "explorer.exe" fecha e abre direto... no gerenciador de tarefas quando executo ele duas vezes seguidas, dura um bom tempo... até que chega uma hora que fecha denovo(geralmente trava o pc, e so reiniciando..) :blink:

 

Desde já agradeço :grin:

 

log do Hijack..

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:55:34, on 12/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20861)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\Awc.exe

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

C:\hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: explorer.lnk = C:\WINDOWS\explorer.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1223175770093

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1220716606750

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 7710 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

- Abrirá a janela Auto Scan. Aguarde!

- Digite a opção para continuar! >> Enter

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix,tecle "N".

----------------------

- Terminando,poste o relatório: C:\ComboFix.txt

Compartilhar este post

Link para o post
Compartilhar em outros sites

JSL    0

JSL
Postado

ComboFix 08-10-11.04 - G&M 2008-10-12 21:51:56.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.482 [GMT -2:00]

Executando de: C:\Documents and Settings\G&M\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\msvrc20.dll

C:\WINDOWS\system32\iRAyyccf.ini

C:\WINDOWS\system32\iRAyyccf.ini2

C:\WINDOWS\system32\MonVyccf.ini

C:\WINDOWS\system32\MonVyccf.ini2

C:\WINDOWS\system32\RqrYayay.ini

C:\WINDOWS\system32\RqrYayay.ini2

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-13 to 2008-10-13 ))))))))))))))))))))))))))))

.

 

2008-10-12 16:50 . 2008-10-12 16:55 <DIR> d-------- C:\hijack

2008-10-12 13:07 . 2008-10-12 13:08 313,856 --------- C:\WINDOWS\system32\yayaYrqR.dll

2008-10-12 12:03 . 2008-10-12 16:46 <DIR> d-------- C:\Arquivos de programas\EsetOnlineScanner

2008-10-12 01:10 . 2008-10-12 01:10 313,856 --------- C:\WINDOWS\system32\fccyyARi.dll

2008-10-12 00:12 . 2008-10-12 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Installations

2008-10-11 22:05 . 2008-10-11 22:05 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-10-11 22:01 . 2008-10-12 21:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-10-11 21:36 . 2008-10-11 21:36 <DIR> d-------- C:\Arquivos de programas\Panda Security

2008-10-11 21:36 . 2008-06-19 18:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-10-11 18:07 . 2008-10-12 00:54 346 --ahs---- C:\WINDOWS\system32\fMStDfii.ini

2008-10-11 18:04 . 2008-10-11 18:04 <DIR> d-------- C:\Arquivos de programas\Arquivos de programas

2008-10-11 17:00 . 2008-10-11 17:00 313,792 --a------ C:\WINDOWS\system32\khfDUkjg.dll

2008-10-11 14:25 . 2008-10-11 14:25 95 --a------ C:\WINDOWS\wininit.ini

2008-10-11 13:30 . 2008-10-12 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-10-11 13:30 . 2008-10-11 15:54 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-10-10 23:23 . 2008-10-10 23:23 198,696 --a------ C:\WINDOWS\system32\qoMcyYoM.dll

2008-10-10 20:24 . 2008-10-10 23:09 <DIR> d-------- C:\Arquivos de programas\Applications

2008-10-10 20:24 . 2008-10-10 20:24 34,304 --a------ C:\WINDOWS\system32\vtUomnMe.dll

2008-10-10 20:24 . 2008-10-10 20:24 34,304 --a------ C:\WINDOWS\system32\pmnkHYSK.dll

2008-10-05 15:23 . 2008-10-05 15:53 <DIR> d-------- C:\Arquivos de programas\Tibia

2008-10-05 13:49 . 2008-10-05 13:49 <DIR> d-------- C:\Documents and Settings\J.Leandro\Dados de aplicativos\IObit

2008-10-05 13:48 . 2008-10-05 13:48 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DirectX

2008-10-04 22:08 . 2008-10-05 12:24 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-10-03 14:13 . 2008-10-03 14:14 <DIR> d-------- C:\Documents and Settings\G&M\Dados de aplicativos\Ahead

2008-10-03 01:41 . 2008-10-03 01:41 <DIR> d-------- C:\Arquivos de programas\SystemRequirementsLab

2008-10-03 01:03 . 2008-10-03 01:05 <DIR> d-------- C:\Documents and Settings\J.Leandro\Dados de aplicativos\sqlitestudio

2008-10-02 22:06 . 2008-10-02 22:07 <DIR> d-------- C:\LinhaDefensiva

2008-10-02 21:40 . 2008-10-02 21:40 <DIR> d-------- C:\Arquivos de programas\eRightSoft

2008-10-02 19:19 . 2008-10-05 15:24 <DIR> d-------- C:\Documents and Settings\J.Leandro\Dados de aplicativos\Tibia

2008-10-02 10:59 . 2008-10-02 12:32 <DIR> d-------- C:\Documents and Settings\J.Leandro\Dados de aplicativos\fretsonfire

2008-10-02 01:35 . 2008-10-02 10:59 <DIR> d-------- C:\Arquivos de programas\NetScream

2008-10-01 01:40 . 2008-10-02 10:59 <DIR> d-------- C:\Documents and Settings\J.Leandro\Dados de aplicativos\fretsonfire(2)

2008-09-30 11:04 . 2008-10-02 10:59 <DIR> d-------- C:\Arquivos de programas\Cópia de Frets on Fire

2008-09-30 01:34 . 2008-10-02 19:37 <DIR> d-------- C:\Arquivos de programas\Frets on Fire

2008-09-30 01:15 . 2008-09-30 01:15 <DIR> d-------- C:\Arquivos de programas\Parallel Port Joystick

2008-09-29 23:09 . 2008-09-29 23:09 236 --a------ C:\sqmdata19.sqm

2008-09-29 23:09 . 2008-09-29 23:09 200 --a------ C:\sqmnoopt19.sqm

2008-09-29 10:22 . 2008-09-29 10:22 236 --a------ C:\sqmdata18.sqm

2008-09-29 10:22 . 2008-09-29 10:22 200 --a------ C:\sqmnoopt18.sqm

2008-09-28 18:22 . 2008-09-28 18:22 236 --a------ C:\sqmdata17.sqm

2008-09-28 18:22 . 2008-09-28 18:22 200 --a------ C:\sqmnoopt17.sqm

2008-09-28 16:37 . 2008-09-28 16:37 <DIR> d-------- C:\Arquivos de programas\WinAVI MP4 Converter

2008-09-28 15:24 . 2008-09-28 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-09-28 15:24 . 2008-09-28 15:24 <DIR> d-------- C:\Arquivos de programas\DVD Shrink

2008-09-28 15:07 . 2008-09-28 15:07 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter

2008-09-28 07:45 . 2008-09-28 07:45 <DIR> d-------- C:\Temp\VIDEO_TS

2008-09-28 07:45 . 2008-09-28 07:45 <DIR> d-------- C:\Temp

2008-09-28 07:43 . 2005-11-21 03:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL

2008-09-28 07:43 . 2005-11-21 03:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS

2008-09-28 07:39 . 2008-09-28 07:39 <DIR> d-------- C:\maxdvd23gp_OUTPUT

2008-09-28 07:39 . 2008-09-28 07:58 180 --a------ C:\WINDOWS\system32\maxdvd23gp.fmt

2008-09-28 07:32 . 2008-09-28 07:32 <DIR> d-------- C:\ConvertedDVD

2008-09-28 07:31 . 2008-09-28 07:31 <DIR> d-------- C:\Documents and Settings\J.Leandro\Dados de aplicativos\dvdcss

2008-09-28 07:30 . 2008-09-28 07:30 <DIR> d-------- C:\Arquivos de programas\Xvid

2008-09-28 07:30 . 2008-09-28 07:33 <DIR> d-------- C:\Arquivos de programas\123 DVD Converter

2008-09-28 07:30 . 2007-06-28 19:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax

2008-09-28 07:30 . 2008-09-28 07:32 81 --a------ C:\WINDOWS\DVDConverter.INI

2008-09-27 23:16 . 2008-09-28 07:30 <DIR> d-------- C:\dvd2avi

2008-09-27 23:16 . 2008-09-27 23:16 <DIR> d-------- C:\Documents and Settings\J.Leandro\Dados de aplicativos\DVD2AVI Ripper

2008-09-27 23:13 . 2008-09-27 23:13 236 --a------ C:\sqmdata16.sqm

2008-09-27 23:13 . 2008-09-27 23:13 200 --a------ C:\sqmnoopt16.sqm

2008-09-27 11:37 . 2008-09-27 11:37 236 --a------ C:\sqmdata15.sqm

2008-09-27 11:37 . 2008-09-27 11:37 200 --a------ C:\sqmnoopt15.sqm

2008-09-26 23:06 . 2008-09-26 23:06 236 --a------ C:\sqmdata14.sqm

2008-09-26 23:06 . 2008-09-26 23:06 200 --a------ C:\sqmnoopt14.sqm

2008-09-26 12:26 . 2008-09-26 12:26 <DIR> d-------- C:\Arquivos de programas\Goland

2008-09-26 12:26 . 2008-09-26 12:26 39,264 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys

2008-09-26 12:26 . 2008-09-26 12:26 0 --a------ C:\WINDOWS\AudioDVD.INI

2008-09-26 12:22 . 2008-09-26 12:22 <DIR> d-------- C:\apollotmp

2008-09-26 12:19 . 2008-09-26 12:19 93 --a------ C:\WINDOWS\Cdplayer.ini

2008-09-26 12:17 . 2008-09-26 12:17 <DIR> d-------- C:\Arquivos de programas\Apollo Audio DVD Creator

2008-09-26 12:17 . 2008-09-26 12:20 67 --a------ C:\WINDOWS\Apollo Audio DVD Creator.INI

2008-09-26 11:08 . 2008-10-08 00:42 <DIR> d-------- C:\Arquivos de programas\bmoworld

2008-09-25 22:59 . 2008-09-25 22:59 0 --a------ C:\WINDOWS\oodcnt.INI

2008-09-25 22:58 . 2008-09-25 22:58 <DIR> d-------- C:\WINDOWS\system32\oodag

2008-09-25 21:18 . 2008-09-25 21:18 <DIR> d-------- C:\Documents and Settings\J.Leandro\Dados de aplicativos\Auslogics

2008-09-25 15:42 . 2008-09-25 15:42 236 --a------ C:\sqmdata13.sqm

2008-09-25 15:42 . 2008-09-25 15:42 200 --a------ C:\sqmnoopt13.sqm

2008-09-24 21:24 . 2008-09-24 21:24 236 --a------ C:\sqmdata12.sqm

2008-09-24 21:24 . 2008-09-24 21:24 200 --a------ C:\sqmnoopt12.sqm

2008-09-23 12:27 . 2008-09-23 12:27 <DIR> d-------- C:\Documents and Settings\J.Leandro\Dados de aplicativos\CyberLink

2008-09-23 12:27 . 2008-10-05 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-09-22 23:52 . 2008-09-22 23:52 236 --a------ C:\sqmdata11.sqm

2008-09-22 23:52 . 2008-09-22 23:52 200 --a------ C:\sqmnoopt11.sqm

2008-09-22 21:50 . 2008-09-22 21:50 236 --a------ C:\sqmdata10.sqm

2008-09-22 21:50 . 2008-09-22 21:50 200 --a------ C:\sqmnoopt10.sqm

2008-09-22 20:55 . 2008-09-22 20:55 <DIR> d-------- C:\Arquivos de programas\Google

2008-09-22 13:11 . 2008-10-12 21:41 <DIR> d-------- C:\Documents and Settings\G&M\Tracing

2008-09-21 20:40 . 2008-09-26 01:00 <DIR> d-------- C:\Documents and Settings\J.Leandro\Dados de aplicativos\Megacubo

2008-09-21 20:40 . 2008-09-28 17:55 <DIR> d-------- C:\Arquivos de programas\SopCast

2008-09-21 20:40 . 2008-10-11 20:41 <DIR> d-------- C:\Arquivos de programas\Megacubo

2008-09-20 23:45 . 2008-09-20 23:45 248 --a------ C:\sqmdata09.sqm

2008-09-20 23:45 . 2008-09-20 23:45 212 --a------ C:\sqmnoopt09.sqm

2008-09-20 12:00 . 2008-10-10 00:44 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-09-20 12:00 . 2008-10-10 00:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit

2008-09-20 11:48 . 2008-09-20 11:48 236 --a------ C:\sqmdata08.sqm

2008-09-20 11:48 . 2008-09-20 11:48 200 --a------ C:\sqmnoopt08.sqm

2008-09-19 13:02 . 2008-09-19 13:05 <DIR> d-------- C:\Documents and Settings\G&M\Dados de aplicativos\Winamp

2008-09-19 13:00 . 2008-09-06 13:24 <DIR> d--h----- C:\Documents and Settings\G&M\Modelos

2008-09-19 13:00 . 2008-10-10 22:59 <DIR> dr------- C:\Documents and Settings\G&M\Meus documentos

2008-09-19 13:00 . 2008-09-06 10:07 <DIR> dr------- C:\Documents and Settings\G&M\Menu Iniciar

2008-09-19 13:00 . 2008-09-19 13:01 <DIR> dr------- C:\Documents and Settings\G&M\Favoritos

2008-09-19 13:00 . 2008-10-03 14:13 <DIR> dr-h----- C:\Documents and Settings\G&M\Dados de aplicativos

2008-09-19 13:00 . 2008-10-12 21:57 <DIR> d--h----- C:\Documents and Settings\G&M\Configurações locais

2008-09-19 13:00 . 2008-09-06 10:07 <DIR> d--h----- C:\Documents and Settings\G&M\Ambiente de rede

2008-09-19 13:00 . 2008-09-06 10:07 <DIR> d--h----- C:\Documents and Settings\G&M\Ambiente de impressão

2008-09-19 13:00 . 2008-10-10 20:52 <DIR> d-------- C:\Documents and Settings\G&M

2008-09-19 12:12 . 2008-09-19 12:12 <DIR> d-------- C:\WINDOWS\speech

2008-09-19 12:12 . 2008-09-19 12:12 <DIR> d-------- C:\Arquivos de programas\Rodrigo Bytes

2008-09-19 12:12 . 2005-01-25 01:20 229,376 --a------ C:\WINDOWS\system32\XTAB.ocx

2008-09-19 12:12 . 2004-03-09 01:00 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX

2008-09-19 00:56 . 2008-09-19 00:23 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup

2008-09-19 00:27 . 2008-09-19 00:27 236 --a------ C:\sqmdata07.sqm

2008-09-19 00:27 . 2008-09-19 00:27 200 --a------ C:\sqmnoopt07.sqm

2008-09-19 00:22 . 2008-04-14 00:20 219,648 --a------ C:\WINDOWS\system32\uxtheme.uxtender

2008-09-18 22:19 . 2008-10-12 20:40 <DIR> d-------- C:\Documents and Settings\J.Leandro\Tracing

2008-09-18 22:17 . 2008-09-18 22:17 <DIR> d-------- C:\Arquivos de programas\Microsoft

2008-09-18 21:53 . 2008-09-18 21:53 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Windows Live

2008-09-17 21:15 . 2008-09-17 22:34 <DIR> d-------- C:\Arquivos de programas\Asprate

2008-09-17 12:41 . 2008-09-17 12:41 <DIR> d--h----- C:\WINDOWS\PIF

2008-09-16 20:08 . 2008-09-16 20:55 <DIR> d-------- C:\Documents and Settings\J.Leandro\Dados de aplicativos\Mp3tag

2008-09-16 20:08 . 2008-09-16 20:08 <DIR> d-------- C:\Arquivos de programas\Mp3tag

2008-09-15 19:12 . 2008-09-15 19:12 <DIR> d-------- C:\Documents and Settings\J.Leandro\Dados de aplicativos\Apple Computer

2008-09-14 17:55 . 2008-09-14 17:55 <DIR> d-------- C:\Arquivos de programas\Twin Shock GamePad

2008-09-14 01:12 . 2008-09-14 01:12 <DIR> d-------- C:\WINDOWS\Eurobattle.net Installer

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-12 00:19 --------- d-----w C:\Arquivos de programas\CCleaner

2008-10-10 02:44 --------- d-----w C:\Arquivos de programas\Flash-SWF to AVI-GIF

2008-09-29 00:52 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-09-28 18:32 --------- d-----w C:\Documents and Settings\J.Leandro\Dados de aplicativos\Ahead

2008-09-26 02:34 --------- d-----w C:\Arquivos de programas\Winamp

2008-09-25 21:49 --------- d-----w C:\Documents and Settings\J.Leandro\Dados de aplicativos\Eq comp byte

2008-09-23 02:19 --------- d-----w C:\Arquivos de programas\Windows Live

2008-09-19 02:23 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-09-15 00:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-09-13 17:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Bags Plus Online Chin

2008-09-13 17:52 --------- d-----w C:\Arquivos de programas\Circle Developement

2008-09-13 02:31 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-09-13 02:00 --------- d-----w C:\Documents and Settings\J.Leandro\Dados de aplicativos\Winamp

2008-09-13 01:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2008-09-12 12:22 --------- d-----w C:\Arquivos de programas\MSBuild

2008-09-12 12:21 --------- d-----w C:\Arquivos de programas\Reference Assemblies

2008-09-12 10:44 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-09-12 10:04 --------- d-----w C:\Arquivos de programas\Positivo

2008-09-12 10:04 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-09-11 22:34 --------- d-----w C:\Arquivos de programas\VIAudioi

2008-09-11 17:02 --------- d-----w C:\Arquivos de programas\lg_fwupdate

2008-09-11 16:05 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-09-09 03:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll

2008-09-07 21:44 --------- d-----w C:\Arquivos de programas\Mozilla Firefox(2)

2008-09-07 16:19 --------- d-----w C:\Documents and Settings\J.Leandro\Dados de aplicativos\Media Player Classic

2008-09-06 22:09 --------- d-----w C:\Arquivos de programas\SourceTec

2008-09-06 16:55 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-09-06 16:39 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-09-06 16:36 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-06 16:32 --------- d-----w C:\Arquivos de programas\CyberLink

2008-09-06 16:24 --------- d-----w C:\Arquivos de programas\IObit

2008-09-06 16:13 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-09-06 16:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-09-06 15:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2008-09-06 15:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-09-06 15:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-09-06 15:53 --------- d-----w C:\Arquivos de programas\Nero

2008-09-06 15:30 --------- d-----w C:\Arquivos de programas\MSXML 6.0

2008-09-06 15:30 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-09-06 15:27 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-09-06 15:27 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-09-06 15:25 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll

2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

2008-07-19 01:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

2008-03-16 12:30 216,064 --sh--r C:\WINDOWS\system32\nbDX.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-10-10_22.23.02.67 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-06-30 13:39:58 128,256 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll

- 2005-10-20 23:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2005-10-20 22:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

- 2005-10-20 23:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

+ 2005-10-20 22:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

- 2000-08-31 11:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe

+ 2000-08-31 10:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe

- 2000-08-31 11:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe

+ 2000-08-31 10:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe

- 2008-09-15 01:19:50 280,536 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-10-12 02:40:54 1,569,200 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2007-07-27 16:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll

+ 2007-07-27 16:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll

+ 2005-12-05 21:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll

+ 2005-12-05 14:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll

+ 2008-02-11 11:39:26 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll

+ 2008-02-11 11:39:18 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll

+ 2008-02-08 15:53:46 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll

+ 2008-02-05 10:48:04 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe

- 2008-09-12 22:11:16 67,560 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-10-12 03:08:12 67,560 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-09-12 22:11:16 76,196 ----a-w C:\WINDOWS\system32\perfc016.dat

+ 2008-10-12 03:08:12 76,196 ----a-w C:\WINDOWS\system32\perfc016.dat

- 2008-09-12 22:11:16 432,856 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-10-12 03:08:12 432,856 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-09-12 22:11:16 465,632 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2008-10-12 03:08:12 465,632 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2004-12-07 12:11:34 258,352 ----a-w C:\WINDOWS\system32\unicows.dll

+ 2008-10-13 00:09:33 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_560.dat

+ 2006-06-05 17:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll

+ 2006-06-05 17:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll

+ 2006-06-05 17:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D2D34CB-9E4D-453F-AD36-29CA8468A473}]

2008-10-10 20:24 34304 --a------ C:\WINDOWS\system32\pmnkHYSK.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2008-09-09 3513344]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

C:\Documents and Settings\J.Leandro\Menu Iniciar\Programas\Inicializar\

explorer.lnk - C:\WINDOWS\explorer.exe [2007-09-02 1035776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{9D2D34CB-9E4D-453F-AD36-29CA8468A473}"= "C:\WINDOWS\system32\pmnkHYSK.dll" [2008-10-10 34304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkHYSK]

2008-10-10 20:24 34304 C:\WINDOWS\system32\pmnkHYSK.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"VIDC.YV12"= yv12vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 00:20 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-07-24 13:02 490952 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2008-09-09 01:05 3513344 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-05-03 06:46 13529088 C:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-05-03 06:46 86016 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-09-16 13:16 1833296 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-08-03 21:02 36352 C:\Arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-05-03 06:46 1630208 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\bmoworld\\BomberMan.exe"=

"C:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

 

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 13952]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-10-12 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job

- C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe [2006-09-12 18:49]

 

2008-10-12 C:\WINDOWS\Tasks\AwcProUpdate.job

- C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.exe [2008-09-22 12:44]

 

2008-10-12 C:\WINDOWS\Tasks\AwcProUpdate.job

- C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\ [2008-10-12 20:00]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{6D4FA774-18E7-4CBE-B0C6-255CF9EAB931} - C:\WINDOWS\system32\fccyVnoM.dll

 

 

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\G&M\Dados de aplicativos\Mozilla\Firefox\Profiles\6pa3pece.default\

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-12 22:11:06

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\verclsid.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-12 22:19:00 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-10-13 00:18:52

ComboFix2.txt 2008-10-11 19:01:00

ComboFix3.txt 2008-10-11 03:43:32

ComboFix4.txt 2008-10-11 01:24:00

ComboFix5.txt 2008-10-12 23:47:31

 

Pré-execução: 4.812.550.144 bytes disponíveis

Pós execução: 4,813,402,112 bytes disponíveis

 

364 --- E O F --- 2008-09-15 00:37:08

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\Documents and Settings\J.Leandro\Menu Iniciar\Programas\Inicializar\explorer.lnk

C:\WINDOWS\system32\qoMcyYoM.dll

C:\WINDOWS\system32\vtUomnMe.dll

C:\WINDOWS\system32\pmnkHYSK.dll

C:\WINDOWS\system32\khfDUkjg.dll

C:\WINDOWS\system32\fMStDfii.ini

C:\WINDOWS\system32\yayaYrqR.dll

C:\WINDOWS\system32\fccyyARi.dll

C:\sqmdata19.sqm

C:\sqmnoopt19.sqm

C:\sqmdata18.sqm

C:\sqmnoopt18.sqm

C:\sqmdata17.sqm

C:\sqmnoopt17.sqm

C:\sqmdata16.sqm

C:\sqmnoopt16.sqm

C:\sqmdata15.sqm

C:\sqmnoopt15.sqm

C:\sqmdata14.sqm

C:\sqmnoopt14.sqm

C:\sqmdata13.sqm

C:\sqmnoopt13.sqm

C:\sqmdata12.sqm

C:\sqmnoopt12.sqm

C:\sqmdata11.sqm

C:\sqmnoopt11.sqm

C:\sqmdata10.sqm

C:\sqmnoopt10.sqm

C:\sqmdata09.sqm

C:\sqmnoopt09.sqm

C:\sqmdata08.sqm

C:\sqmnoopt08.sqm

C:\sqmdata07.sqm

C:\sqmnoopt07.sqm

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D2D34CB-9E4D-453F-AD36-29CA8468A473}]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{9D2D34CB-9E4D-453F-AD36-29CA8468A473}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkHYSK]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

Dirlook::

C:\Arquivos de programas\Applications

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

--------------------------

Abra o HijackThis --> Clique: Do a system scan only

 

O4 - Startup: explorer.lnk = C:\WINDOWS\explorer.exe

Marque,àcima,esta entrada! --> Clique em Fix checked.

Poste: ComboFix.txt,junto com um novo log do hijackthis.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito