Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

almenes

[Arquivado] Explorer.EXE reiniciando

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

almenes    0

almenes
Postado

OLÁ, MEU EXPLORER FICA REINICIANDO O TEMPO TODO. CONSEGUI REMOVER UM ARQUIVO, QUE, SEGUNDO A PESQUISA QUE FIZ, PODERIA ESTAR CAUSANDO O PROBLEMA. PORÉM, MESMO APÓS REMOVÊ-LO O PROBLEMA CONTINUA. O PROGRAMA QUE REMOVI FOI SFDHOST.EXE. REMOVI O ARQUIVO DA PASTA SYSTEM32 E ALGUMAS ENTRADAS RELACIONADAS AO ARQUIVO NO REGISTRO. SEGUE MEU LOG PARA VERIFICAÇÃO.

 

AGRADEÇO A COLABORAÇÃO.

ABRAÇO A TODOS.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:55:11, on 23/1/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\rundll32.exe

C:\HiJack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

 

&http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

 

*.local

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos

 

de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} -

 

C:\WINDOWS\7SP_Files\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL

 

SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx

 

nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK

 

SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx

 

nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx

 

nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx

 

nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel -

 

res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de

 

programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer -

 

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows

 

Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

 

C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

 

C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

 

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

 

Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

 

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de

 

programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

 

http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{73715C78-1C25-4144-9A65-CDE4BD8BAA95}: NameServer =

 

192.168.254.254

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

 

C:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Arquivos de

 

programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple

 

Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de

 

programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero

 

BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de

 

programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

 

C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Arquivos de

 

programas\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de

 

programas\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de

 

programas\RealVNC\VNC4\WinVNC4.exe

 

--

End of file - 6332 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa almenes,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

almenes    0

almenes
Postado

ComboFix 09-01-21.04 - Allan 2009-01-31 0:53:42.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.511.145 [GMT -2:00]

Executando de: c:\documents and settings\Allan\Desktop\KomboFix.exe

AV: avast! antivirus 4.8.1296 [VPS 090130-0] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

- MODO DE FUNCIONALIDADE REDUZIDA -

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

c:\windows\msvrc20.dll

c:\windows\system32\Cache

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-28 to 2009-01-31 ))))))))))))))))))))))))))))

.

 

2009-01-31 00:50 . 2009-01-31 00:50 <DIR> d-------- C:\32788R22FWJFW

2009-01-28 16:55 . 2009-01-28 16:55 <DIR> d-------- c:\arquivos de programas\AnalogX

2009-01-27 16:50 . 2009-01-27 16:50 <DIR> d-------- C:\Wanted

2009-01-27 16:33 . 2009-01-27 16:33 <DIR> d-------- C:\O Senhor dos ladrões

2009-01-27 16:19 . 2009-01-27 16:19 <DIR> d-------- C:\Resident Evil - Extinction

2009-01-27 08:47 . 2009-01-27 08:47 <DIR> d-------- c:\arquivos de programas\Ares

2009-01-24 23:02 . 2009-01-24 23:02 <DIR> d-------- c:\arquivos de programas\Alwil Software

2009-01-23 14:57 . 2009-01-23 14:57 <DIR> d-------- c:\arquivos de programas\Calibrize

2009-01-22 13:02 . 2009-01-23 13:55 <DIR> d-------- C:\HiJack

2009-01-21 13:18 . 2009-01-26 10:56 368 --ahs---- c:\windows\system32\OWaIknmp.ini2

2009-01-21 13:18 . 2009-01-26 10:56 368 --ahs---- c:\windows\system32\OWaIknmp.ini

2009-01-21 13:13 . 2009-01-21 13:13 <DIR> d-------- c:\documents and settings\Allan\Dados de aplicativos\Babylon

2009-01-21 13:13 . 2009-01-21 13:13 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Babylon

2009-01-21 11:43 . 2009-01-21 11:43 <DIR> d-------- c:\arquivos de programas\DVDVideoSoft

2009-01-21 11:43 . 2009-01-21 11:43 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2009-01-19 08:03 . 2009-01-27 23:27 0 --a------ C:\dump_dvd.vob

2009-01-18 20:41 . 2009-01-18 20:41 <DIR> d-------- c:\documents and settings\Allan\Dados de aplicativos\Styler

2009-01-18 16:46 . 2006-11-03 00:21 8,269,824 --a------ c:\windows\system32\wmploc.backup

2009-01-18 16:42 . 2008-04-14 00:20 1,710,592 --a------ c:\windows\system32\netshell.backup

2009-01-18 16:41 . 2008-04-14 00:21 1,219,072 --a------ c:\windows\system32\ntbackup.backup

2009-01-18 16:40 . 2008-08-14 11:24 2,193,408 --a------ c:\windows\system32\ntoskrnl.backup

2009-01-18 16:39 . 2008-04-14 00:20 1,287,168 --a------ c:\windows\system32\ole32.backup

2009-01-18 16:38 . 2008-04-14 00:20 1,876,992 --a------ c:\windows\system32\mmcndmgr.backup

2009-01-18 16:37 . 2008-04-14 00:20 617,472 --a------ c:\windows\system32\comctl32.backup

2009-01-18 16:31 . 2009-01-18 16:46 <DIR> d-------- c:\windows\7SP_Files

2009-01-16 19:45 . 2008-04-14 00:20 159,232 --a------ c:\windows\system32\ptpusd.dll

2009-01-16 19:45 . 2001-09-05 23:50 5,632 --a------ c:\windows\system32\ptpusb.dll

2009-01-16 11:32 . 2009-01-23 12:48 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-01-16 11:32 . 2009-01-16 11:32 240,240 --a------ c:\windows\system32\wpcap.dll

2009-01-16 11:32 . 2009-01-16 11:32 88,704 --a------ c:\windows\system32\packet.dll

2009-01-16 11:32 . 2009-01-16 11:32 42,512 --a------ c:\windows\system32\drivers\npf.sys

2009-01-14 07:59 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll

2009-01-14 07:59 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll

2009-01-14 07:59 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll

2009-01-14 07:59 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll

2009-01-14 07:59 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll

2009-01-14 07:59 . 2007-07-19 18:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll

2009-01-14 07:59 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll

2009-01-14 07:59 . 2007-07-20 00:57 267,112 --a------ c:\windows\system32\xactengine2_9.dll

2009-01-14 07:59 . 2007-06-20 20:46 266,088 --a------ c:\windows\system32\xactengine2_8.dll

2009-01-14 07:59 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll

2009-01-14 07:59 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll

2009-01-14 07:59 . 2007-10-22 03:37 17,928 --a------ c:\windows\system32\X3DAudio1_2.dll

2009-01-14 07:57 . 2009-01-14 07:57 <DIR> d-------- c:\windows\Logs

2009-01-14 07:56 . 2009-01-14 08:01 <DIR> d-------- c:\arquivos de programas\Euro Truck Simulator

2009-01-12 09:49 . 2009-01-12 09:50 <DIR> d-------- c:\windows\speech

2009-01-12 09:49 . 2009-01-12 12:21 <DIR> d-------- c:\windows\Lhsp

2009-01-12 09:48 . 2009-01-12 09:50 <DIR> d-------- C:\falador

2009-01-11 13:46 . 2009-01-21 17:36 5,120 --ahs---- c:\windows\Thumbs.db

2009-01-09 07:26 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-01-09 07:26 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-01-09 07:26 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-01-08 19:41 . 2009-01-08 19:41 <DIR> d-------- c:\arquivos de programas\Microsoft Office Outlook Connector

2009-01-08 19:39 . 2009-01-08 19:39 <DIR> d-------- c:\arquivos de programas\Microsoft Sync Framework

2009-01-08 19:37 . 2009-01-08 19:37 <DIR> d-------- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-01-08 19:37 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll

2009-01-08 19:35 . 2009-01-08 19:41 <DIR> d-------- c:\arquivos de programas\Microsoft

2009-01-08 19:34 . 2009-01-08 19:34 <DIR> d-------- c:\arquivos de programas\Windows Live SkyDrive

2009-01-06 12:11 . 2009-01-06 12:11 <DIR> d-------- c:\documents and settings\Allan\Dados de aplicativos\ID3 renamer

2009-01-06 12:11 . 2009-01-06 12:11 <DIR> d-------- c:\arquivos de programas\ID3 renamer

2009-01-06 12:07 . 2009-01-06 12:19 <DIR> d-------- c:\arquivos de programas\Organizer Mp3

2009-01-06 11:12 . 2000-12-06 00:00 209,608 --a------ c:\windows\system32\TabCtl32.ocx

2008-12-30 12:54 . 2008-12-30 12:54 <DIR> d--h----- c:\windows\system32\GroupPolicy

2008-12-30 10:56 . 2008-05-09 08:55 512,000 -----c--- c:\windows\system32\dllcache\jscript.dll

2008-12-30 10:56 . 2008-05-09 08:55 430,080 -----c--- c:\windows\system32\dllcache\vbscript.dll

2008-12-30 10:56 . 2008-05-09 08:55 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll

2008-12-30 10:56 . 2008-05-09 08:55 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll

2008-12-30 10:56 . 2008-05-08 09:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe

2008-12-30 10:56 . 2008-05-09 06:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe

2008-12-30 10:56 . 2008-05-09 08:55 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll

2008-12-29 14:46 . 2008-12-29 14:46 38 --a------ c:\windows\avisplitter.INI

2008-12-28 23:27 . 2008-12-28 23:27 <DIR> d-------- c:\arquivos de programas\Microsoft Games

2008-12-25 16:45 . 2008-12-25 16:45 <DIR> d-------- c:\arquivos de programas\Smart Projects

2008-12-25 12:52 . 2008-05-10 14:43 316,973,608 --a------ c:\windows\system32\WindowsXP-KB936929-SP3-x86-PTB.exe

2008-12-25 12:40 . 2009-01-21 17:37 <DIR> d-------- C:\Win

2008-12-24 21:56 . 2008-12-24 21:56 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA

2008-12-24 01:09 . 2008-10-16 18:23 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll

2008-12-24 01:09 . 2007-04-17 07:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2008-12-24 01:09 . 2007-03-08 03:12 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2008-12-24 01:09 . 2008-10-16 18:23 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2008-12-24 01:09 . 2008-10-16 18:23 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2008-12-24 01:09 . 2008-10-16 18:23 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2008-12-24 01:09 . 2008-10-16 18:23 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2008-12-24 01:09 . 2008-10-16 18:23 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2008-12-24 01:09 . 2008-10-16 11:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2008-12-24 00:05 . 2008-09-09 23:15 1,307,648 -----c--- c:\windows\system32\dllcache\msxml6.dll

2008-12-24 00:05 . 2007-06-26 04:00 457,607 -----c--- c:\windows\system32\dllcache\mdlib.wmv

2008-12-24 00:05 . 2007-06-26 04:00 375,519 -----c--- c:\windows\system32\dllcache\nuskin.wmv

2008-12-24 00:05 . 2008-04-14 00:18 294,912 -----c--- c:\windows\system32\dllcache\msaud32.acm

2008-12-24 00:05 . 2008-04-14 00:18 290,816 -----c--- c:\windows\system32\dllcache\l3codeca.acm

2008-12-24 00:05 . 2007-06-26 03:59 97,117 -----c--- c:\windows\system32\dllcache\mplayer2.hlp

2008-12-24 00:05 . 2008-04-13 18:58 86,016 -----c--- c:\windows\system32\dllcache\msxml6r.dll

2008-12-24 00:05 . 2004-08-04 01:41 36,690 -----c--- c:\windows\system32\dllcache\mplayer2.inf

2008-12-24 00:05 . 2001-09-06 07:00 22,060 -----c--- c:\windows\system32\dllcache\npds.zip

2008-12-24 00:05 . 2007-06-25 23:00 2,778 -----c--- c:\windows\system32\dllcache\mplogoh.gif

2008-12-24 00:05 . 2007-06-25 23:00 2,545 -----c--- c:\windows\system32\dllcache\mplogo.gif

2008-12-24 00:05 . 2007-06-26 03:59 1,885 -----c--- c:\windows\system32\dllcache\mplayer2.cnt

2008-12-24 00:05 . 2001-09-06 07:00 403 -----c--- c:\windows\system32\dllcache\npdrmv2.zip

2008-12-24 00:04 . 2008-04-13 19:20 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe

2008-12-24 00:04 . 2008-04-14 00:19 102,912 -----c--- c:\windows\system32\dllcache\dpcdll.dll

2008-12-24 00:04 . 2008-04-14 00:18 24,064 -----c--- c:\windows\system32\dllcache\pidgen.dll

2008-12-24 00:04 . 2006-12-28 17:01 19,569 --a------ c:\windows\003305_.tmp

2008-12-24 00:04 . 2007-06-25 23:00 5,971 -----c--- c:\windows\system32\dllcache\events.js

2008-12-24 00:03 . 2007-06-26 04:00 381,425 -----c--- c:\windows\system32\dllcache\copycd.wmv

2008-12-24 00:03 . 2004-07-17 09:35 184,126 -----c--- c:\windows\system32\dllcache\compact.wmz

2008-12-24 00:03 . 2007-06-25 23:00 9,585 -----c--- c:\windows\system32\dllcache\controls.css

2008-12-24 00:03 . 2007-06-26 04:00 8,298 -----c--- c:\windows\system32\dllcache\contents.htm

2008-12-24 00:03 . 2007-06-26 04:00 6,878 -----c--- c:\windows\system32\dllcache\controls.js

2008-12-24 00:03 . 2007-06-25 23:00 999 -----c--- c:\windows\system32\dllcache\bktrh.gif

2008-12-24 00:03 . 2007-06-25 23:00 773 -----c--- c:\windows\system32\dllcache\cnth.gif

2008-12-24 00:03 . 2007-06-25 23:00 773 -----c--- c:\windows\system32\dllcache\cnt.gif

2008-12-24 00:03 . 2007-06-25 23:00 772 -----c--- c:\windows\system32\dllcache\cntd.gif

2008-12-24 00:03 . 2007-06-25 23:00 760 -----c--- c:\windows\system32\dllcache\cloapph.gif

2008-12-24 00:03 . 2007-06-25 23:00 717 -----c--- c:\windows\system32\dllcache\cloapp.gif

2008-12-23 02:40 . 2009-01-17 21:09 230,454 --a------ C:\StiImg.dat

2008-12-22 19:12 . 2008-12-22 19:12 <DIR> d-------- c:\arquivos de programas\DVD Decrypter

2008-12-22 15:00 . 2009-01-21 17:37 <DIR> d-------- C:\Downloads

2008-12-21 14:15 . 2008-08-14 08:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys

2008-12-21 14:14 . 2008-06-14 15:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2008-12-21 14:12 . 2008-12-11 08:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys

2008-12-21 14:11 . 2008-09-15 13:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

2008-12-21 14:10 . 2008-11-08 19:23 2,312,832 --a--c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-12-21 14:10 . 2008-08-14 11:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-12-21 14:10 . 2008-08-14 11:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-12-21 14:10 . 2008-08-14 11:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-31 02:25 --------- d-----w c:\arquivos de programas\eMule

2009-01-27 18:49 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2009-01-25 02:15 --------- d-----w c:\arquivos de programas\ESET

2009-01-19 01:52 --------- d-----w c:\arquivos de programas\CCleaner

2009-01-18 01:17 --------- d-----w c:\documents and settings\Allan\Dados de aplicativos\Skype

2009-01-11 13:19 --------- d-----w c:\arquivos de programas\Microsoft Works

2009-01-08 21:39 --------- d-----w c:\arquivos de programas\Windows Live

2008-12-22 18:05 --------- d-----w c:\documents and settings\Allan\Dados de aplicativos\skypePM

2008-12-21 16:06 --------- d-----w c:\arquivos de programas\PowerISO

2008-12-21 12:37 --------- d-----w c:\arquivos de programas\Nero

2008-12-21 12:37 --------- d-----w c:\arquivos de programas\Marcos Velasco Security

2008-12-21 12:28 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2008-12-16 16:18 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-12-14 17:25 --------- d-----w c:\arquivos de programas\VIA

2008-12-11 17:40 --------- d-----w c:\arquivos de programas\IObit

2008-12-11 17:35 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-05 10:39 --------- d-----w c:\arquivos de programas\Unlocker

2008-12-04 02:40 --------- d-----w c:\documents and settings\Allan\Dados de aplicativos\Ahead

2008-11-30 15:10 --------- d-----w c:\arquivos de programas\WorldUnlock Codes Calculator

2008-11-28 15:44 --------- d-----w c:\documents and settings\Allan\Dados de aplicativos\HP

2008-11-28 15:44 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\HP

2008-11-28 15:43 --------- d-----w c:\arquivos de programas\HP

2008-11-28 15:43 --------- d-----w c:\arquivos de programas\Arquivos comuns\HP

2008-11-28 15:41 --------- d-----w c:\arquivos de programas\Hewlett-Packard

2008-11-28 15:40 --------- d-----w c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-11-16 00:55 6,192,128 ----a-w c:\windows\system32\logonui.exe

2008-11-08 21:23 2,312,832 ----a-w c:\windows\system32\ntoskrnl.exe

2008-11-07 22:12 298,104 ----a-w c:\windows\system32\imon.dll

2008-10-23 12:37 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:23 927,744 ----a-w c:\windows\system32\wininet.dll

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 498,200 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 77,336 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll

.

 

------- Sigcheck -------

 

2004-08-04 01:45 577536 e0ff28447d1038de106d1f2fdf851647 c:\windows\$NtServicePackUninstall$\user32.dll

2008-04-14 00:20 649728 96e31dc5fdaa9495eaad177e4a319ce7 c:\windows\7SP_Files\user32.dll

2008-04-14 00:20 579072 54907db28872a7a6d3ee2b4747a23828 c:\windows\7SP_Files\backup\user32.dll

2008-04-14 00:20 649728 96e31dc5fdaa9495eaad177e4a319ce7 c:\windows\ServicePackFiles\i386\user32.dll

2008-04-14 00:20 649728 96e31dc5fdaa9495eaad177e4a319ce7 c:\windows\system32\user32.dll

 

2008-08-26 07:10 827904 cc9cd001ae0ff30d0e16a172bf39576a c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

2008-10-16 08:23 669696 abec7b8444b02d494c7780bc8bcdf44b c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll

2008-10-15 23:02 668160 5ed4af2ad048b1afb5a92e0e9ef42011 c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll

2008-10-15 23:04 669184 a6506d61159aae4bc72406aae4779538 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll

2008-10-16 17:33 827904 4bcd45d77bd42a5e9c2dd2e847a5467e c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

2008-10-16 18:23 927744 a0b2a86e353212ac75aefa0fc4cae186 c:\windows\7SP_Files\wininet.dll

2008-10-16 18:23 826368 779479e6f38bc77831f26bd9aae3fad3 c:\windows\7SP_Files\backup\wininet.dll

2008-10-16 08:39 661504 28faee723326e23de40278c99e635ff4 c:\windows\ie7\wininet.dll

2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB956390-IE7\wininet.dll

2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB958215-IE7\wininet.dll

2008-10-16 18:23 927744 a0b2a86e353212ac75aefa0fc4cae186 c:\windows\ServicePackFiles\i386\wininet.dll

2008-08-20 03:09 668160 89360a12db77d411b2873e130923f6b9 c:\windows\SoftwareDistribution\Download\8a2922b12b3175a3d641a503fd891792\sp3gdr\wininet.dll

2008-08-20 03:07 668672 6c73c1a54e445c5687ad6b721ee27ebc c:\windows\SoftwareDistribution\Download\8a2922b12b3175a3d641a503fd891792\sp3qfe\wininet.dll

2008-10-16 18:23 927744 a0b2a86e353212ac75aefa0fc4cae186 c:\windows\system32\wininet.dll

2008-10-16 18:23 927744 a0b2a86e353212ac75aefa0fc4cae186 c:\windows\system32\dllcache\wininet.dll

 

2008-08-14 11:39 2190208 b72a025a758683552c4fec7eabcb0661 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

2008-08-14 11:24 2193408 04ba43b0d2a13bd6b06d707299243cfc c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

2008-08-14 19:26 2193408 a42cc3cfc02a7b2baec7b0d45808b257 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

2008-08-14 11:45 2184576 837fcf2a885b4cf3f28475d8376b4fd2 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

2008-11-08 19:23 2312832 c77b5dacde435b4fbbdc01d2df82e63b c:\windows\7SP_Files\ntoskrnl.exe

2008-08-14 11:24 2193408 04ba43b0d2a13bd6b06d707299243cfc c:\windows\7SP_Files\backup\ntoskrnl.exe

2008-11-08 19:23 2312832 c77b5dacde435b4fbbdc01d2df82e63b c:\windows\Driver Cache\i386\ntoskrnl.exe

2008-11-08 19:23 2312832 c77b5dacde435b4fbbdc01d2df82e63b c:\windows\ServicePackFiles\i386\ntoskrnl.exe

2008-11-08 19:23 2312832 c77b5dacde435b4fbbdc01d2df82e63b c:\windows\system32\ntoskrnl.exe

2008-11-08 19:23 2312832 c77b5dacde435b4fbbdc01d2df82e63b c:\windows\system32\dllcache\ntoskrnl.exe

 

2008-04-14 00:20 1514496 06151c4b4c7c2d47c349189c6dd5f577 c:\windows\explorer.exe

2004-08-04 01:45 1034240 fa61a19050ae14bec1a26de82390dd65 c:\windows\$NtServicePackUninstall$\explorer.exe

2008-04-14 00:20 1514496 06151c4b4c7c2d47c349189c6dd5f577 c:\windows\7SP_Files\explorer.exe

2008-04-14 00:20 1035776 064ec7ff5f58b928c3e119402977fa6d c:\windows\7SP_Files\backup\explorer.exe

2008-04-14 00:20 1514496 06151c4b4c7c2d47c349189c6dd5f577 c:\windows\ServicePackFiles\i386\explorer.exe

 

2008-10-16 14:09 77336 fc861eb38777c5752867c554009d5ee5 c:\windows\7SP_Files\wuauclt.exe

2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\7SP_Files\backup\wuauclt.exe

2008-10-16 14:09 77336 fc861eb38777c5752867c554009d5ee5 c:\windows\ServicePackFiles\i386\wuauclt.exe

2008-10-16 14:09 77336 fc861eb38777c5752867c554009d5ee5 c:\windows\system32\wuauclt.exe

2008-10-16 14:09 77336 fc861eb38777c5752867c554009d5ee5 c:\windows\system32\dllcache\wuauclt.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"CGFLoader"="c:\arquivos de programas\Calibrize\CalibrizeLoader.exe" [2007-11-26 1961984]

"CalibrizeResume"="c:\arquivos de programas\Calibrize\CalibrizeResume.exe" [2007-11-26 413696]

"eMuleAutoStart"="c:\arquivos de programas\eMule\eMule.exe" [2008-08-01 5480448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]

"avast!"="c:\arquivos de programas\Alwil Software\Avast4\ashDisp.exe" [2008-11-26 81000]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

"nltide_3"="advpack.dll" [2008-10-16 c:\windows\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideRunAsVerb"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\pmnkIaWO

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 00:20 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2007-04-09 10:23 200704 c:\arquivos de programas\PowerISO\PWRISOVM.EXE

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=

"c:\\Arquivos de programas\\RealVNC\\VNC4\\winvnc4.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Arquivos de programas\\MotoGP2\\motogp2.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\AnalogX\\Proxy\\proxy.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-24 111184]

R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-24 20560]

R4 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]

S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2009-01-16 42512]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\setup.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-01-31 c:\windows\Tasks\wcfgoqei.job

- c:\windows\system32\opnlIyXn.dll []

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Notify-nnnlmNHx - nnnlmNHx.dll

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = 192.168.10.2:6588

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {73715C78-1C25-4144-9A65-CDE4BD8BAA95} = 192.168.254.254

FF - ProfilePath - c:\documents and settings\Allan\Dados de aplicativos\Mozilla\Firefox\Profiles\jq8tfqar.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Opera 10 Preview\program\plugins\npdsplay.dll

FF - plugin: c:\arquivos de programas\Opera 10 Preview\program\plugins\npfdm.dll

FF - plugin: c:\arquivos de programas\Opera 10 Preview\program\plugins\NPOFFICE.DLL

FF - plugin: c:\arquivos de programas\Opera 10 Preview\program\plugins\npqtplugin.dll

FF - plugin: c:\arquivos de programas\Opera 10 Preview\program\plugins\npqtplugin2.dll

FF - plugin: c:\arquivos de programas\Opera 10 Preview\program\plugins\npqtplugin3.dll

FF - plugin: c:\arquivos de programas\Opera 10 Preview\program\plugins\npqtplugin4.dll

FF - plugin: c:\arquivos de programas\Opera 10 Preview\program\plugins\npqtplugin5.dll

FF - plugin: c:\arquivos de programas\Opera 10 Preview\program\plugins\npqtplugin6.dll

FF - plugin: c:\arquivos de programas\Opera 10 Preview\program\plugins\npqtplugin7.dll

FF - plugin: c:\arquivos de programas\Opera 10 Preview\program\plugins\npwmsdrm.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-31 00:54:03

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(736)

c:\windows\system32\sxs.dll

c:\windows\system32\cscui.dll

c:\windows\system32\COMRes.dll

.

Tempo para conclusão: 2009-01-31 0:56:08

ComboFix-quarantined-files.txt 2009-01-31 02:56:04

 

Pré-execução: 20 pasta(s) 19.826.569.216 bytes disponíveis

Pós execução: 20 pasta(s) 19,843,424,256 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

388 --- E O F --- 2009-01-16 10:43:55

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa almenes,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

c:\windows\system32\OWaIknmp.ini

c:\windows\system32\OWaIknmp.ini2

c:\windows\Tasks\wcfgoqei.job

c:\windows\system32\opnlIyXn.dll

c:\windows\Thumbs.db

c:\windows\003305_.tmp

C:\dump_dvd.vob

F:\setup.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

  • 2. Salve o arquivo como CFScript.txt;
     
    3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
    cfscript.gif
     
    4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

 

PS.: Execute a ação com o seu pendrive conectado ao PC.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito