Celle 0 Denunciar post Postado Janeiro 28, 2009 Olá, gostaria de uma ajudinha, vou usar o combofix aqui no meu pc, e preciso de alguém que possa analisar o log depois que eu o fizer... Obrigada, :D Compartilhar este post Link para o post Compartilhar em outros sites
Celle 0 Denunciar post Postado Janeiro 28, 2009 ComboFix 09-01-21.04 - Particular 2009-01-28 13:27:20.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1023.604 [GMT -2:00] Executando de: c:\documents and settings\Particular\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\heap41a c:\heap41a\2.mp3 c:\heap41a\drivelist.txt c:\heap41a\Icon.ico c:\heap41a\svchost.exe c:\windows\KB8888239.log c:\windows\system32\1.htm . (((((((((((((((( Arquivos/Ficheiros criados de 2008-12-28 to 2009-01-28 )))))))))))))))))))))))))))) . 2009-01-28 12:10 . 2006-01-14 07:25 81,920 --a------ c:\windows\system32\ImageDrive.cpl 2009-01-24 16:52 . 2009-01-24 16:52 <DIR> d-------- c:\documents and settings\Particular\Dados de aplicativos\DAEMON Tools Pro 2009-01-24 16:52 . 2009-01-24 16:52 <DIR> d-------- c:\documents and settings\Particular\Dados de aplicativos\DAEMON Tools 2009-01-24 16:52 . 2009-01-24 16:52 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite 2009-01-24 16:52 . 2009-01-24 16:52 <DIR> d-------- c:\arquivos de programas\DAEMON Tools Toolbar 2009-01-24 09:11 . 2009-01-28 11:58 <DIR> d-------- c:\windows\system32\NtmsData 2009-01-24 05:50 . 2009-01-24 06:01 <DIR> d-------- c:\documents and settings\Particular\Dados de aplicativos\DAEMON Tools Lite 2009-01-20 03:58 . 2008-10-24 09:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-01-20 03:53 . 2008-10-15 14:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-01-20 03:52 . 2008-09-04 15:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2009-01-19 23:56 . 2009-01-19 23:56 92,544 --a------ c:\windows\system32\drivers\av5flt.sys 2009-01-19 23:18 . 2009-01-19 23:18 117 --a------ c:\windows\wininit.ini 2009-01-19 22:36 . 2009-01-19 22:36 <DIR> d-------- c:\arquivos de programas\VS Revo Group 2009-01-19 16:03 . 2009-01-28 10:14 <DIR> d-------- c:\arquivos de programas\eMule 2009-01-16 02:35 . 2009-01-19 20:12 <DIR> d-------- C:\LinhaDefensiva . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-28 14:32 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-01-28 14:28 --------- d-----w c:\arquivos de programas\SpeedBit Video Accelerator 2009-01-25 22:56 --------- d-----w c:\documents and settings\Particular\Dados de aplicativos\Skype 2009-01-25 21:58 --------- d-----w c:\documents and settings\Particular\Dados de aplicativos\skypePM 2009-01-24 18:50 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2009-01-24 18:50 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy 2009-01-24 11:58 --------- d-----w c:\arquivos de programas\Java 2009-01-20 02:06 --------- d-----w c:\arquivos de programas\Arquivos comuns\Panda Software 2009-01-20 01:18 --------- d-----w c:\arquivos de programas\AskTBar 2009-01-19 22:33 --------- d-----w c:\arquivos de programas\HP 2009-01-19 22:17 --------- dc----w c:\documents and settings\All Users\Dados de aplicativos\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2009-01-19 22:16 --------- d-----w c:\arquivos de programas\Windows Live Safety Center 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-08 23:55 --------- d-----w c:\arquivos de programas\CoreCodec 2008-02-13 19:24 32 ----a-w c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat 2008-09-18 18:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008091820080919\index.dat . ------- Sigcheck ------- 2004-08-04 01:45 14336 5de3e7b6f7624552f2f06664f110820d c:\windows\$NtServicePackUninstall$\svchost.exe 2008-04-14 00:21 14336 ed2d69cd4b0ebe37efe11d4dc4abc68f c:\windows\ServicePackFiles\i386\svchost.exe 2008-04-14 00:21 14336 ed2d69cd4b0ebe37efe11d4dc4abc68f c:\windows\system32\svchost.exe 2005-03-02 16:20 577536 3ed0a4d74efd5aaf8408095f452e2613 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 13:50 578560 f86d3e5c8fe13297e1c2d662f9e2d59d c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll 2004-08-04 01:45 577536 e0ff28447d1038de106d1f2fdf851647 c:\windows\$NtServicePackUninstall$\user32.dll 2008-04-14 00:20 579072 54907db28872a7a6d3ee2b4747a23828 c:\windows\ServicePackFiles\i386\user32.dll 2008-04-14 00:20 579072 54907db28872a7a6d3ee2b4747a23828 c:\windows\system32\user32.dll 2004-08-04 01:45 82944 a5163442377d3c305bbff612f80047d7 c:\windows\$NtServicePackUninstall$\ws2_32.dll 2008-04-14 00:20 82432 1fa3c4b2d7e35176e65fb69ab597b0f0 c:\windows\ServicePackFiles\i386\ws2_32.dll 2008-04-14 00:20 82432 1fa3c4b2d7e35176e65fb69ab597b0f0 c:\windows\system32\ws2_32.dll 2007-01-04 12:02 667136 b8b6a731fc318e2fb4e7f689b6f92631 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll 2007-03-07 15:32 823296 a397b8bd7f2bf08accd0c5d4a6157b70 c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll 2007-04-25 06:24 823808 1e01e09dbf1b60188b83f1c56c81760d c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll 2007-06-27 12:13 824320 4508cbb1cbbc15975bee6e74246fd26a c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll 2007-10-10 21:22 825344 7bd056001a1794ae58ac1e6a431e0ed9 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll 2007-12-06 23:42 825344 6edae22e39820d235d43c53d1d7af6fd c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll 2008-03-01 10:35 827392 b7d78ddc9bdb7ce9e70cb97a142b160c c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll 2008-04-21 04:57 668672 10e93d1903bc15dc94fdf5a97994b120 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll 2008-04-21 04:44 668160 1aaf9f5394ab45664147e9cd6bd58eb4 c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll 2008-04-21 04:30 668672 c72070f8a201f0dde3f4a6e7a0297261 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll 2008-04-23 02:20 827392 7282f35cba5770795325f4b55e992f8f c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll 2008-06-23 14:15 669184 c4fc92ee25942192a8bf7fe8d17c284e c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll 2008-06-23 13:11 668160 4e6461ec1c5296ee5f4a9f0581569563 c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll 2008-06-23 12:56 668672 e1640d81ca8d86691e3d3c5319628aae c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll 2008-06-23 13:40 827904 8cfd66cc90f966333cfa8d8161e185df c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll 2004-08-04 01:45 658432 398a619ce60090303042d1f8cc68f712 c:\windows\$NtUninstallKB950759$\wininet.dll 2008-04-21 05:02 661504 1425bf9f5c667f54f684991a15e2dbd2 c:\windows\$NtUninstallKB953838$\wininet.dll 2008-06-23 13:40 661504 2532fe667e74219ce5b61ed67e23f435 c:\windows\ie7\wininet.dll 2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB950759-IE7\wininet.dll 2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB953838-IE7\wininet.dll 2008-06-23 14:29 826368 fb820c977c8249358d54fa9324b5e92b c:\windows\ie8\wininet.dll 2008-04-14 00:20 668160 df6d0f37a71883be3505dd517eb8ad83 c:\windows\ServicePackFiles\i386\wininet.dll 2008-04-23 05:14 826368 dd01bde9ca09b53c50f67e932181cb7e c:\windows\SoftwareDistribution\Download\1060f8730c14a5fe64de22dd82def958\SP2GDR\wininet.dll 2008-04-23 02:20 827392 7282f35cba5770795325f4b55e992f8f c:\windows\SoftwareDistribution\Download\1060f8730c14a5fe64de22dd82def958\SP2QFE\wininet.dll 2008-08-22 04:08 878592 df1cb456ed1e038b276123365a1a93c4 c:\windows\system32\wininet.dll 2008-08-22 04:08 878592 df1cb456ed1e038b276123365a1a93c4 c:\windows\system32\dllcache\wininet.dll 2006-04-20 10:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 14:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 08:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 09:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 09:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2008-06-20 08:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys 2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB951748$\tcpip.sys 2008-04-13 17:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys 2008-06-20 09:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys 2008-06-20 09:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys 2004-08-04 01:45 504320 6f7bde7a1126debf0cc359a54953efc1 c:\windows\$NtServicePackUninstall$\winlogon.exe 2008-04-14 00:21 509952 71d440f79b711627b12b567fb2eadb42 c:\windows\ServicePackFiles\i386\winlogon.exe 2008-04-14 00:21 509952 71d440f79b711627b12b567fb2eadb42 c:\windows\system32\winlogon.exe 2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys 2008-04-13 17:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys 2008-04-13 17:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys 2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys 2008-04-13 16:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys 2008-04-13 16:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys 2005-03-02 16:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2007-02-28 14:08 2063616 d027f0097b8f099c09369b8cc97d7c32 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe 2008-08-14 19:26 2070272 586a93e0c23f6a1893f6706f36b22598 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe 2004-08-04 01:55 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe 2008-04-14 00:00 2070144 f84054bfd1d688b901ad907499879bbd c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe 2008-08-14 11:24 2070272 a62251c7c1f0dbc3241abf1985ede75e c:\windows\Driver Cache\i386\ntkrnlpa.exe 2008-04-14 00:00 2070144 f84054bfd1d688b901ad907499879bbd c:\windows\ServicePackFiles\i386\ntkrnlpa.exe 2008-08-14 11:24 2070272 a62251c7c1f0dbc3241abf1985ede75e c:\windows\system32\ntkrnlpa.exe 2008-08-14 11:24 2070272 a62251c7c1f0dbc3241abf1985ede75e c:\windows\system32\dllcache\ntkrnlpa.exe 2005-03-02 16:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2007-02-28 14:08 2186368 bfb4c8761976cce0b544d557b4c70825 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2008-08-14 19:26 2193408 a42cc3cfc02a7b2baec7b0d45808b257 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe 2004-08-04 01:40 2185216 3b72a63f230dfb276fc96a99173a81be c:\windows\$NtServicePackUninstall$\ntoskrnl.exe 2008-04-14 00:01 2193280 185f6c64734019e7e9f626e53cc37fb4 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe 2008-08-14 11:24 2193408 04ba43b0d2a13bd6b06d707299243cfc c:\windows\Driver Cache\i386\ntoskrnl.exe 2008-04-14 00:01 2193280 185f6c64734019e7e9f626e53cc37fb4 c:\windows\ServicePackFiles\i386\ntoskrnl.exe 2008-08-14 11:24 2193408 04ba43b0d2a13bd6b06d707299243cfc c:\windows\system32\ntoskrnl.exe 2008-08-14 11:24 2193408 04ba43b0d2a13bd6b06d707299243cfc c:\windows\system32\dllcache\ntoskrnl.exe 2008-04-14 00:20 1035776 064ec7ff5f58b928c3e119402977fa6d c:\windows\explorer.exe 2007-06-13 11:10 1035264 45d521506825a10b80833b4e9621ccf6 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 01:45 1034240 fa61a19050ae14bec1a26de82390dd65 c:\windows\$NtServicePackUninstall$\explorer.exe 2008-04-14 00:20 1035776 064ec7ff5f58b928c3e119402977fa6d c:\windows\ServicePackFiles\i386\explorer.exe 2004-08-04 01:45 108544 cc73c4430c2fc27fde16a0a4e3678148 c:\windows\$NtServicePackUninstall$\services.exe 2008-04-14 00:21 109056 ee7999baaca84cfaa03726e677ee2a33 c:\windows\ServicePackFiles\i386\services.exe 2008-04-14 00:21 109056 ee7999baaca84cfaa03726e677ee2a33 c:\windows\system32\services.exe 2004-08-04 01:45 13312 35c6463b3c5f62d2b20c953b6e1538e9 c:\windows\$NtServicePackUninstall$\lsass.exe 2008-04-14 00:21 13312 9607142710d3b64ab7fcce4be4e30d37 c:\windows\ServicePackFiles\i386\lsass.exe 2008-04-14 00:21 13312 9607142710d3b64ab7fcce4be4e30d37 c:\windows\system32\lsass.exe 2004-08-04 01:45 15360 f40bc97996b8e53799eef1d63996674b c:\windows\$NtServicePackUninstall$\ctfmon.exe 2008-04-14 00:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f c:\windows\ServicePackFiles\i386\ctfmon.exe 2008-04-14 00:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f c:\windows\system32\ctfmon.exe 2005-06-10 22:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-04 01:45 57856 3971289fa7072812caf4d053bbc6352b c:\windows\$NtServicePackUninstall$\spoolsv.exe 2008-04-14 00:21 57856 af1d9ae15c11163f576df6ed6194b53c c:\windows\ServicePackFiles\i386\spoolsv.exe 2008-04-14 00:21 57856 af1d9ae15c11163f576df6ed6194b53c c:\windows\system32\spoolsv.exe 2004-08-04 01:45 24576 4ca695ec1ee4c7cf2144dfa00ea0e1f7 c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 00:21 26112 a7ea40f680163808d96f89b4ff991876 c:\windows\ServicePackFiles\i386\userinit.exe 2008-04-14 00:21 26112 a7ea40f680163808d96f89b4ff991876 c:\windows\system32\userinit.exe 2004-08-04 01:45 296960 23dff6daa7565cc5802e057a6b9f585e c:\windows\$NtServicePackUninstall$\termsrv.dll 2008-04-14 00:20 296960 0f4db70dce17b9dc1a5d835b1a5ee469 c:\windows\ServicePackFiles\i386\termsrv.dll 2008-04-14 00:20 296960 0f4db70dce17b9dc1a5d835b1a5ee469 c:\windows\system32\termsrv.dll 2006-07-05 08:58 1024000 05d638d8e7b98dbc6d0aae74e3cfd096 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll 2007-04-16 14:11 1025024 631a6f8b57f800e4b55f8539f76e7274 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll 2004-08-04 01:45 1022464 ad72a244955e89ebbb8fabf02f8041c6 c:\windows\$NtServicePackUninstall$\kernel32.dll 2008-04-14 00:20 1028608 68ecdad8ae2768de61c20c41a28cc0b0 c:\windows\ServicePackFiles\i386\kernel32.dll 2008-04-14 00:20 1028608 68ecdad8ae2768de61c20c41a28cc0b0 c:\windows\system32\kernel32.dll 2004-08-04 01:45 17408 0f81eb414de1d77dd315f4a3d324bc1e c:\windows\$NtServicePackUninstall$\powrprof.dll 2008-04-14 00:20 17408 c008bbc88156e0ee109c7ff445cd9555 c:\windows\ServicePackFiles\i386\powrprof.dll 2008-04-14 00:20 17408 c008bbc88156e0ee109c7ff445cd9555 c:\windows\system32\powrprof.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\arquivos de programas\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TelExtreme"="c:\arquivos de programas\TelExtreme\TelExtreme" [X] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2008-08-03 36352] "AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "nwiz"="nwiz.exe" [2005-07-20 c:\windows\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2006-06-21 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\Particular\Menu Iniciar\Programas\Inicializar\ Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-11 113664] Ferramenta de Verifica‡Æo de M¡dia do Cyber-shot Viewer.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-05-08 155648] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *sprestrt\0PGUNNT c:\arquiv~1\INSTAL~1\{98032~1\SMCL\PAVSMCL.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] -ra------ 2004-07-01 12:58 118784 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] -ra------ 2004-07-01 13:02 155648 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2005-07-20 11:07 7110656 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2005-07-20 11:07 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2005-07-20 11:07 1519616 c:\windows\system32\nwiz.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312] R4 BT848;CxVCap, WDM Video Capture;c:\windows\system32\drivers\cxvcap.sys [2007-05-06 115712] R4 ekrn;Eset Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224] R4 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-04-30 17920] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-04-30 7680] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-04-30 42112] S3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;c:\windows\system32\DRIVERS\netimflt.sys --> c:\windows\system32\DRIVERS\netimflt.sys [?] S4 CXTUNER;CxTuner, WDM TvTuner;c:\windows\system32\drivers\cxtuner.sys [2007-05-06 28831] S4 CXXBAR;CxBar, WDM Crossbar;c:\windows\system32\drivers\cxxbar.sys [2007-05-06 9728] S4 sbbotdi;sbbotdi;\??\c:\arquiv~1\SPEEDB~1\sbbotdi.sys --> c:\arquiv~1\SPEEDB~1\sbbotdi.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05ab7137-21cd-11dc-98a8-000fead250c8}] \Shell\Auto\command - fun.xls.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16c42b6c-9861-11dd-bca3-000fead250c8}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3578c6d0-4618-11dd-bba1-000fead250c8}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e8dc196-6e16-11dc-ba1b-000fead250c8}] \Shell\Auto\command - MicrosoftPowerPoint.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e2390d9-3626-11dd-bb7c-000fead250c8}] \Shell\AutoRun\command - pendrive.exe \Shell\open\command - pendrive.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c06135e-096e-11dd-bafc-000fead250c8}] \Shell\AutoRun\command - G:\pendrive.exe \Shell\open\command - G:\pendrive.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69fb7964-2ccb-11dc-98ca-000fead250c8}] \Shell\AutoRun\command - pendrive.exe \Shell\open\command - pendrive.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81c4a246-2f0d-11dc-b912-000fead250c8}] \Shell\Auto\command - fun.xls.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8536bc68-fc40-11db-97ff-000fead250c8}] \Shell\Auto\command - F:\fun.xls.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af744b36-fc39-11db-97fe-000fead250c8}] \Shell\AutoRun\command - pendrive.exe \Shell\open\command - pendrive.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4fae071-71ef-11dd-bc27-000fead250c8}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4fae073-71ef-11dd-bc27-000fead250c8}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4fae074-71ef-11dd-bc27-000fead250c8}] \Shell\AutoRun\command - F:\AutoRun.exe . Conteúdo da pasta 'Tarefas Agendadas' 2009-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-01-28 c:\windows\Tasks\SpeedOptimizer Startup.job - c:\arquiv~1\speedo~1\SPO.exe [] . - - - - ORFÃOS REMOVIDOS - - - - URLSearchHooks-{0A94B116-4504-4e26-AB05-E61E474AA38B} - c:\arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL HKCU-Run-BitTorrent - c:\arquivos de programas\BitTorrent\bittorrent.exe HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe HKCU-Run-CoolSMS - (no file) HKLM-Run-Adobe Photo Downloader - c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe HKLM-Run-NBKeyScan - c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe HKLM-Run-SpeedBitVideoAccelerator - c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe HKU-Default-Run-Picasa Media Detector - c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe Notify-avldr - avldr.dll MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe . ------- Scan Suplementar ------- . uStart Page = hxxp://www.daemon-search.com/startpage uDefault_Search_URL = hxxp://www.google.com/ie IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: &Winamp Search - c:\documents and settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: arbtinformatica.com.br TCP: {BE9A3F90-5337-4A8A-A2A6-03AC81A61434} = 200.165.132.154 200.165.132.148 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquivos de programas\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquivos de programas\DAP\dapie.dll DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab FF - ProfilePath - c:\documents and settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\lklr7zv4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://forum.imasters.com.br/index.php?showuser=96996 FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-28 13:30:21 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?????????????? Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\DefaultPreset] @DACL=(02 0000) @="DV - NTSC\\Standard 48kHz.prpreset" [HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\Help] @DACL=(02 0000) "Support"="http://www.adobe.com/support/products/premiere.html" "Search"="c:\\Arquivos de programas\\Adobe\\Adobe Premiere Pro 2.0\\Help\\search.html" "Keyboard"="c:\\Arquivos de programas\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_21_0_0.html" "HowToUse"="c:\\Arquivos de programas\\Adobe\\Adobe Premiere Pro 2.0\\Help\\0_0_0_0.html" "ExportToDVD"="c:\\Arquivos de programas\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_19_2_0.html" "AdobeMediaEncoder"="c:\\Arquivos de programas\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html" "Contents"="c:\\Arquivos de programas\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html" "Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\"" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(544) c:\arquivos de programas\GbPlugin\gbieh.dll . Tempo para conclusão: 2009-01-28 13:33:04 ComboFix-quarantined-files.txt 2009-01-28 15:32:45 Pré-execução: 9.271.255.040 bytes disponíveis Pós execução: 18 pasta(s) 13,742,448,640 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 368 --- E O F --- 2009-01-20 11:34:33 Tá aí o log.. ^^ Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Janeiro 29, 2009 Nota: Se tiver um pen drive, MP3, MP4, ou qualquer tipo de mídia removível, conecte-o(s) ao computador. Selecione e copie todo este conteúdo abaixo dentro do code (começando de Folder). Cole-o no Bloco de Notas de seu PC e salve-o no desktop como CFScript.txt Folder::c:\arquivos de programas\AskTBarFile::c:\documents and settings\All Users\Dados de aplicativos\ezsid.datc:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exec:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exeF:\AutoRun.exeG:\pendrive.exeRegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05ab7137-21cd-11dc-98a8-000fead250c8}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16c42b6c-9861-11dd-bca3-000fead250c8}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3578c6d0-4618-11dd-bba1-000fead250c8}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e8dc196-6e16-11dc-ba1b-000fead250c8}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e2390d9-3626-11dd-bb7c-000fead250c8}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c06135e-096e-11dd-bafc-000fead250c8}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69fb7964-2ccb-11dc-98ca-000fead250c8}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81c4a246-2f0d-11dc-b912-000fead250c8}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8536bc68-fc40-11db-97ff-000fead250c8}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af744b36-fc39-11db-97fe-000fead250c8}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4fae071-71ef-11dd-bc27-000fead250c8}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4fae073-71ef-11dd-bc27-000fead250c8}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4fae074-71ef-11dd-bc27-000fead250c8}] Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta: ● Se for solicitado à você, pressione Enter para iniciar o processo de remoção; ● Não use o mouse nem o teclado quando o ComboFix estiver rodando; ● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt; ● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente. Na sua próxima resposta, cole o ComboFix.txt e cole também um log do HijackThis. Compartilhar este post Link para o post Compartilhar em outros sites
Celle 0 Denunciar post Postado Janeiro 30, 2009 Humm... Obrigada! ^_^ Aqui estão os logs do Combofix e Hijackthis respectivamente: ComboFix 09-01-21.04 - Particular 2009-01-30 1:51:58.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1023.573 [GMT -2:00] Executando de: c:\documents and settings\Particular\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Particular\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) * Criado um novo ponto de restauro FILE :: c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe F:\AutoRun.exe G:\pendrive.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\arquivos de programas\AskTBar c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat . (((((((((((((((( Arquivos/Ficheiros criados de 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))) . 2009-01-30 01:47 . 2009-01-30 01:47 <DIR> d-------- C:\Hijack 2009-01-28 23:56 . 2009-01-29 11:34 678,746 --a------ c:\windows\unins000.exe 2009-01-28 23:56 . 2009-01-29 11:34 4,255 --a------ c:\windows\unins000.dat 2009-01-28 16:54 . 2009-01-28 16:54 <DIR> d-------- c:\arquivos de programas\DaemonTools_WhenUSave_Installer 2009-01-28 16:53 . 2009-01-28 16:53 <DIR> d-------- c:\arquivos de programas\DAEMON Tools 2009-01-28 15:33 . 2009-01-28 15:33 <DIR> d-------- c:\arquivos de programas\free-downloads.net 2009-01-28 15:33 . 2009-01-28 15:33 <DIR> d-------- c:\arquivos de programas\Conduit 2009-01-28 15:33 . 2009-01-28 15:33 <DIR> d-------- c:\arquivos de programas\Alcohol Soft 2009-01-28 15:30 . 2009-01-28 15:30 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-01-28 14:37 . 2009-01-29 21:35 <DIR> d-------- c:\arquivos de programas\EA GAMES 2009-01-28 12:10 . 2006-01-14 07:25 81,920 --a------ c:\windows\system32\ImageDrive.cpl 2009-01-24 16:52 . 2009-01-24 16:52 <DIR> d-------- c:\documents and settings\Particular\Dados de aplicativos\DAEMON Tools Pro 2009-01-24 16:52 . 2009-01-24 16:52 <DIR> d-------- c:\documents and settings\Particular\Dados de aplicativos\DAEMON Tools 2009-01-24 16:52 . 2009-01-24 16:52 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite 2009-01-24 16:52 . 2009-01-24 16:52 <DIR> d-------- c:\arquivos de programas\DAEMON Tools Toolbar 2009-01-24 09:11 . 2009-01-28 11:58 <DIR> d-------- c:\windows\system32\NtmsData 2009-01-24 05:50 . 2009-01-24 06:01 <DIR> d-------- c:\documents and settings\Particular\Dados de aplicativos\DAEMON Tools Lite 2009-01-20 03:58 . 2008-10-24 09:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-01-20 03:53 . 2008-10-15 14:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-01-20 03:52 . 2008-09-04 15:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2009-01-19 23:56 . 2009-01-19 23:56 92,544 --a------ c:\windows\system32\drivers\av5flt.sys 2009-01-19 23:18 . 2009-01-19 23:18 117 --a------ c:\windows\wininit.ini 2009-01-19 22:36 . 2009-01-19 22:36 <DIR> d-------- c:\arquivos de programas\VS Revo Group 2009-01-19 16:03 . 2009-01-29 13:28 <DIR> d-------- c:\arquivos de programas\eMule 2009-01-16 02:35 . 2009-01-19 20:12 <DIR> d-------- C:\LinhaDefensiva 2008-12-18 07:51 . 2008-12-18 07:51 <DIR> d-------- c:\windows\ie8updates 2008-12-08 21:55 . 2008-12-08 21:55 <DIR> d-------- c:\arquivos de programas\CoreCodec . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-30 03:50 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-01-29 19:10 --------- d-----w c:\arquivos de programas\SpeedBit Video Accelerator 2009-01-25 22:56 --------- d-----w c:\documents and settings\Particular\Dados de aplicativos\Skype 2009-01-25 21:58 --------- d-----w c:\documents and settings\Particular\Dados de aplicativos\skypePM 2009-01-24 18:50 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2009-01-24 18:50 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy 2009-01-24 11:58 --------- d-----w c:\arquivos de programas\Java 2009-01-20 02:06 --------- d-----w c:\arquivos de programas\Arquivos comuns\Panda Software 2009-01-19 22:33 --------- d-----w c:\arquivos de programas\HP 2009-01-19 22:17 --------- dc----w c:\documents and settings\All Users\Dados de aplicativos\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2009-01-19 22:16 --------- d-----w c:\arquivos de programas\Windows Live Safety Center 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-10-23 12:37 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:37 286,720 ----a-w c:\windows\system32\gdi32(2).dll 2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-18 18:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008091820080919\index.dat . ------- Sigcheck ------- 2004-08-04 01:45 14336 5de3e7b6f7624552f2f06664f110820d c:\windows\$NtServicePackUninstall$\svchost.exe 2008-04-14 00:21 14336 ed2d69cd4b0ebe37efe11d4dc4abc68f c:\windows\ServicePackFiles\i386\svchost.exe 2008-04-14 00:21 14336 ed2d69cd4b0ebe37efe11d4dc4abc68f c:\windows\system32\svchost.exe 2005-03-02 16:20 577536 3ed0a4d74efd5aaf8408095f452e2613 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 13:50 578560 f86d3e5c8fe13297e1c2d662f9e2d59d c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll 2004-08-04 01:45 577536 e0ff28447d1038de106d1f2fdf851647 c:\windows\$NtServicePackUninstall$\user32.dll 2008-04-14 00:20 579072 54907db28872a7a6d3ee2b4747a23828 c:\windows\ServicePackFiles\i386\user32.dll 2008-04-14 00:20 579072 54907db28872a7a6d3ee2b4747a23828 c:\windows\system32\user32.dll 2004-08-04 01:45 82944 a5163442377d3c305bbff612f80047d7 c:\windows\$NtServicePackUninstall$\ws2_32.dll 2008-04-14 00:20 82432 1fa3c4b2d7e35176e65fb69ab597b0f0 c:\windows\ServicePackFiles\i386\ws2_32.dll 2008-04-14 00:20 82432 1fa3c4b2d7e35176e65fb69ab597b0f0 c:\windows\system32\ws2_32.dll 2007-01-04 12:02 667136 b8b6a731fc318e2fb4e7f689b6f92631 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll 2007-03-07 15:32 823296 a397b8bd7f2bf08accd0c5d4a6157b70 c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll 2007-04-25 06:24 823808 1e01e09dbf1b60188b83f1c56c81760d c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll 2007-06-27 12:13 824320 4508cbb1cbbc15975bee6e74246fd26a c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll 2007-10-10 21:22 825344 7bd056001a1794ae58ac1e6a431e0ed9 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll 2007-12-06 23:42 825344 6edae22e39820d235d43c53d1d7af6fd c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll 2008-03-01 10:35 827392 b7d78ddc9bdb7ce9e70cb97a142b160c c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll 2008-04-21 04:57 668672 10e93d1903bc15dc94fdf5a97994b120 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll 2008-04-21 04:44 668160 1aaf9f5394ab45664147e9cd6bd58eb4 c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll 2008-04-21 04:30 668672 c72070f8a201f0dde3f4a6e7a0297261 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll 2008-04-23 02:20 827392 7282f35cba5770795325f4b55e992f8f c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll 2008-06-23 14:15 669184 c4fc92ee25942192a8bf7fe8d17c284e c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll 2008-06-23 13:11 668160 4e6461ec1c5296ee5f4a9f0581569563 c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll 2008-06-23 12:56 668672 e1640d81ca8d86691e3d3c5319628aae c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll 2008-06-23 13:40 827904 8cfd66cc90f966333cfa8d8161e185df c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll 2004-08-04 01:45 658432 398a619ce60090303042d1f8cc68f712 c:\windows\$NtUninstallKB950759$\wininet.dll 2008-04-21 05:02 661504 1425bf9f5c667f54f684991a15e2dbd2 c:\windows\$NtUninstallKB953838$\wininet.dll 2008-06-23 13:40 661504 2532fe667e74219ce5b61ed67e23f435 c:\windows\ie7\wininet.dll 2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB950759-IE7\wininet.dll 2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB953838-IE7\wininet.dll 2008-06-23 14:29 826368 fb820c977c8249358d54fa9324b5e92b c:\windows\ie8\wininet.dll 2008-04-14 00:20 668160 df6d0f37a71883be3505dd517eb8ad83 c:\windows\ServicePackFiles\i386\wininet.dll 2008-04-23 05:14 826368 dd01bde9ca09b53c50f67e932181cb7e c:\windows\SoftwareDistribution\Download\1060f8730c14a5fe64de22dd82def958\SP2GDR\wininet.dll 2008-04-23 02:20 827392 7282f35cba5770795325f4b55e992f8f c:\windows\SoftwareDistribution\Download\1060f8730c14a5fe64de22dd82def958\SP2QFE\wininet.dll 2008-08-22 04:08 878592 df1cb456ed1e038b276123365a1a93c4 c:\windows\system32\wininet.dll 2008-08-22 04:08 878592 df1cb456ed1e038b276123365a1a93c4 c:\windows\system32\dllcache\wininet.dll 2006-04-20 10:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 14:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 08:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 09:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 09:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2008-06-20 08:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys 2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB951748$\tcpip.sys 2008-04-13 17:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys 2008-06-20 09:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys 2008-06-20 09:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys 2004-08-04 01:45 504320 6f7bde7a1126debf0cc359a54953efc1 c:\windows\$NtServicePackUninstall$\winlogon.exe 2008-04-14 00:21 509952 71d440f79b711627b12b567fb2eadb42 c:\windows\ServicePackFiles\i386\winlogon.exe 2008-04-14 00:21 509952 71d440f79b711627b12b567fb2eadb42 c:\windows\system32\winlogon.exe 2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys 2008-04-13 17:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys 2008-04-13 17:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys 2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys 2008-04-13 16:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys 2008-04-13 16:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys 2005-03-02 16:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2007-02-28 14:08 2063616 d027f0097b8f099c09369b8cc97d7c32 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe 2008-08-14 19:26 2070272 586a93e0c23f6a1893f6706f36b22598 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe 2004-08-04 01:55 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe 2008-04-14 00:00 2070144 f84054bfd1d688b901ad907499879bbd c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe 2008-08-14 11:24 2070272 a62251c7c1f0dbc3241abf1985ede75e c:\windows\Driver Cache\i386\ntkrnlpa.exe 2008-04-14 00:00 2070144 f84054bfd1d688b901ad907499879bbd c:\windows\ServicePackFiles\i386\ntkrnlpa.exe 2008-08-14 11:24 2070272 a62251c7c1f0dbc3241abf1985ede75e c:\windows\system32\ntkrnlpa.exe 2008-08-14 11:24 2070272 a62251c7c1f0dbc3241abf1985ede75e c:\windows\system32\dllcache\ntkrnlpa.exe 2005-03-02 16:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2007-02-28 14:08 2186368 bfb4c8761976cce0b544d557b4c70825 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2008-08-14 19:26 2193408 a42cc3cfc02a7b2baec7b0d45808b257 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe 2004-08-04 01:40 2185216 3b72a63f230dfb276fc96a99173a81be c:\windows\$NtServicePackUninstall$\ntoskrnl.exe 2008-04-14 00:01 2193280 185f6c64734019e7e9f626e53cc37fb4 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe 2008-08-14 11:24 2193408 04ba43b0d2a13bd6b06d707299243cfc c:\windows\Driver Cache\i386\ntoskrnl.exe 2008-04-14 00:01 2193280 185f6c64734019e7e9f626e53cc37fb4 c:\windows\ServicePackFiles\i386\ntoskrnl.exe 2008-08-14 11:24 2193408 04ba43b0d2a13bd6b06d707299243cfc c:\windows\system32\ntoskrnl.exe 2008-08-14 11:24 2193408 04ba43b0d2a13bd6b06d707299243cfc c:\windows\system32\dllcache\ntoskrnl.exe 2008-04-14 00:20 1035776 064ec7ff5f58b928c3e119402977fa6d c:\windows\explorer.exe 2007-06-13 11:10 1035264 45d521506825a10b80833b4e9621ccf6 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 01:45 1034240 fa61a19050ae14bec1a26de82390dd65 c:\windows\$NtServicePackUninstall$\explorer.exe 2008-04-14 00:20 1035776 064ec7ff5f58b928c3e119402977fa6d c:\windows\ServicePackFiles\i386\explorer.exe 2004-08-04 01:45 108544 cc73c4430c2fc27fde16a0a4e3678148 c:\windows\$NtServicePackUninstall$\services.exe 2008-04-14 00:21 109056 ee7999baaca84cfaa03726e677ee2a33 c:\windows\ServicePackFiles\i386\services.exe 2008-04-14 00:21 109056 ee7999baaca84cfaa03726e677ee2a33 c:\windows\system32\services.exe 2004-08-04 01:45 13312 35c6463b3c5f62d2b20c953b6e1538e9 c:\windows\$NtServicePackUninstall$\lsass.exe 2008-04-14 00:21 13312 9607142710d3b64ab7fcce4be4e30d37 c:\windows\ServicePackFiles\i386\lsass.exe 2008-04-14 00:21 13312 9607142710d3b64ab7fcce4be4e30d37 c:\windows\system32\lsass.exe 2004-08-04 01:45 15360 f40bc97996b8e53799eef1d63996674b c:\windows\$NtServicePackUninstall$\ctfmon.exe 2008-04-14 00:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f c:\windows\ServicePackFiles\i386\ctfmon.exe 2008-04-14 00:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f c:\windows\system32\ctfmon.exe 2005-06-10 22:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-04 01:45 57856 3971289fa7072812caf4d053bbc6352b c:\windows\$NtServicePackUninstall$\spoolsv.exe 2008-04-14 00:21 57856 af1d9ae15c11163f576df6ed6194b53c c:\windows\ServicePackFiles\i386\spoolsv.exe 2008-04-14 00:21 57856 af1d9ae15c11163f576df6ed6194b53c c:\windows\system32\spoolsv.exe 2004-08-04 01:45 24576 4ca695ec1ee4c7cf2144dfa00ea0e1f7 c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 00:21 26112 a7ea40f680163808d96f89b4ff991876 c:\windows\ServicePackFiles\i386\userinit.exe 2008-04-14 00:21 26112 a7ea40f680163808d96f89b4ff991876 c:\windows\system32\userinit.exe 2004-08-04 01:45 296960 23dff6daa7565cc5802e057a6b9f585e c:\windows\$NtServicePackUninstall$\termsrv.dll 2008-04-14 00:20 296960 0f4db70dce17b9dc1a5d835b1a5ee469 c:\windows\ServicePackFiles\i386\termsrv.dll 2008-04-14 00:20 296960 0f4db70dce17b9dc1a5d835b1a5ee469 c:\windows\system32\termsrv.dll 2006-07-05 08:58 1024000 05d638d8e7b98dbc6d0aae74e3cfd096 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll 2007-04-16 14:11 1025024 631a6f8b57f800e4b55f8539f76e7274 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll 2004-08-04 01:45 1022464 ad72a244955e89ebbb8fabf02f8041c6 c:\windows\$NtServicePackUninstall$\kernel32.dll 2008-04-14 00:20 1028608 68ecdad8ae2768de61c20c41a28cc0b0 c:\windows\ServicePackFiles\i386\kernel32.dll 2008-04-14 00:20 1028608 68ecdad8ae2768de61c20c41a28cc0b0 c:\windows\system32\kernel32.dll 2004-08-04 01:45 17408 0f81eb414de1d77dd315f4a3d324bc1e c:\windows\$NtServicePackUninstall$\powrprof.dll 2008-04-14 00:20 17408 c008bbc88156e0ee109c7ff445cd9555 c:\windows\ServicePackFiles\i386\powrprof.dll 2008-04-14 00:20 17408 c008bbc88156e0ee109c7ff445cd9555 c:\windows\system32\powrprof.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\arquivos de programas\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\arquivos de programas\free-downloads.net\tbfree.dll" [2008-09-15 1784856] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2008-09-15 06:47 1784856 --a------ c:\arquivos de programas\free-downloads.net\tbfree.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\arquivos de programas\free-downloads.net\tbfree.dll" [2008-09-15 1784856] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TelExtreme"="c:\arquivos de programas\TelExtreme\TelExtreme" [X] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2008-08-03 36352] "AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "DAEMON Tools"="c:\arquivos de programas\DAEMON Tools\daemon.exe" [2006-11-12 157592] "nwiz"="nwiz.exe" [2005-07-20 c:\windows\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2006-06-21 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\Particular\Menu Iniciar\Programas\Inicializar\ Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-11 113664] Ferramenta de Verifica‡Æo de M¡dia do Cyber-shot Viewer.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-05-08 155648] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *sprestrt\0PGUNNT c:\arquiv~1\INSTAL~1\{98032~1\SMCL\PAVSMCL.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] -ra------ 2004-07-01 12:58 118784 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] -ra------ 2004-07-01 13:02 155648 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2005-07-20 11:07 7110656 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2005-07-20 11:07 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2005-07-20 11:07 1519616 c:\windows\system32\nwiz.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312] R4 BT848;CxVCap, WDM Video Capture;c:\windows\system32\drivers\cxvcap.sys [2007-05-06 115712] R4 ekrn;Eset Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224] R4 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-04-30 17920] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-04-30 7680] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-04-30 42112] S3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;c:\windows\system32\DRIVERS\netimflt.sys --> c:\windows\system32\DRIVERS\netimflt.sys [?] S4 CXTUNER;CxTuner, WDM TvTuner;c:\windows\system32\drivers\cxtuner.sys [2007-05-06 28831] S4 CXXBAR;CxBar, WDM Crossbar;c:\windows\system32\drivers\cxxbar.sys [2007-05-06 9728] S4 sbbotdi;sbbotdi;\??\c:\arquiv~1\SPEEDB~1\sbbotdi.sys --> c:\arquiv~1\SPEEDB~1\sbbotdi.sys [?] . Conteúdo da pasta 'Tarefas Agendadas' 2009-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-01-29 c:\windows\Tasks\SpeedOptimizer Startup.job - c:\arquiv~1\speedo~1\SPO.exe [] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.daemon-search.com/startpage uDefault_Search_URL = hxxp://www.google.com/ie IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: &Winamp Search - c:\documents and settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: arbtinformatica.com.br TCP: {BE9A3F90-5337-4A8A-A2A6-03AC81A61434} = 200.165.132.154 200.165.132.148 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab FF - ProfilePath - c:\documents and settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\lklr7zv4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://forum.imasters.com.br/index.php?showuser=96996 FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-30 01:54:11 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?????????????? Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\DefaultPreset] @DACL=(02 0000) @="DV - NTSC\\Standard 48kHz.prpreset" [HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\Help] @DACL=(02 0000) "Support"="http://www.adobe.com/support/products/premiere.html" "Search"="c:\\Arquivos de programas\\Adobe\\Adobe Premiere Pro 2.0\\Help\\search.html" "Keyboard"="c:\\Arquivos de programas\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_21_0_0.html" "HowToUse"="c:\\Arquivos de programas\\Adobe\\Adobe Premiere Pro 2.0\\Help\\0_0_0_0.html" "ExportToDVD"="c:\\Arquivos de programas\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_19_2_0.html" "AdobeMediaEncoder"="c:\\Arquivos de programas\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html" "Contents"="c:\\Arquivos de programas\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html" "Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\"" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(548) c:\windows\system32\COMRes.dll c:\arquivos de programas\GbPlugin\gbieh.dll . Tempo para conclusão: 2009-01-30 1:57:01 ComboFix-quarantined-files.txt 2009-01-30 03:56:42 ComboFix2.txt 2009-01-28 15:33:05 Pré-execução: 8.429.658.112 bytes disponíveis Pós execução: 8,428,154,880 bytes disponíveis Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 348 --- E O F --- 2009-01-20 11:34:33 Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:04:44, on 30/1/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\VM303_STI.EXE C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe C:\Arquivos de programas\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Hijack\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file) O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing) O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing) O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing) O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TelExtreme] C:\Arquivos de programas\TelExtreme\TelExtreme O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: velox3.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173455070718 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BE9A3F90-5337-4A8A-A2A6-03AC81A61434}: NameServer = 200.165.132.154 200.165.132.148 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe O24 - Desktop Component 0: (no name) - http://images.orkut.com/orkut/albums2/ATgA...SsUpGLbQLTA.jpg -- End of file - 12434 bytes Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Janeiro 30, 2009 1ª Etapa Execute o HijackThis e clique em Do a system scan only. Marque as entradas abaixo no log e clique no botão Fix checked. O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing) O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing) O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing) O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing) Clique em Sim na mensagem que aparecer e feche o HijackThis. 2ª Etapa - Faça o download do Malwarebytes Anti-Malware e salve-o no desktop; ● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil); ● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir; ● Após a instalação execute o programa; ● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação; ● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você; ● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover. OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente; ● O log pode ser consultado clicando em Logs do menu principal também; Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis. Compartilhar este post Link para o post Compartilhar em outros sites
Celle 0 Denunciar post Postado Fevereiro 6, 2009 Oie, desculpa a demora, não tive como responder antes :s Muito obrigada pela atenção! ^^ Aqui estão os logs pedidos: Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:50:06, on 6/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\VM303_STI.EXE C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe C:\Arquivos de programas\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\Hijack\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TelExtreme] C:\Arquivos de programas\TelExtreme\TelExtreme O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: velox3.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173455070718 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BE9A3F90-5337-4A8A-A2A6-03AC81A61434}: NameServer = 200.165.132.154 200.165.132.148 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe O24 - Desktop Component 0: (no name) - http://images.orkut.com/orkut/albums2/ATgA...SsUpGLbQLTA.jpg -- End of file - 12143 bytes Malwarebytes Anti-Malware: Malwarebytes' Anti-Malware 1.33 Versão do banco de dados: 1732 Windows 5.1.2600 Service Pack 3 5/2/2009 21:33:16 mbam-log-2009-02-05 (21-33-16).txt Tipo de Verificação: Completa (C:\|) Objetos verificados: 177706 Tempo decorrido: 1 hour(s), 21 minute(s), 16 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 3 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\Arquivos de programas\free-downloads.net\free-downloads.netToolbarHelper.exe (Adware.NetPumper) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\heap41a\svchost.exe.vir (Worm.Muha) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{5FB84506-F733-4607-A3AD-8F84606CD Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Fevereiro 8, 2009 Vá em Iniciar > Executar, digite combofix /u e dê um OK para remover a ferramenta. Caso fiquem as pastas do programa, delete-as em: C:\Qoobox e C:\ComboFix. Vá em Painel de Controle > Adicionar ou Remover Programas. Encontre na lista o item abaixo e desinstale-o: free-downloads.net Retorne um novo log do HijackThis por favor. Compartilhar este post Link para o post Compartilhar em outros sites
Celle 0 Denunciar post Postado Fevereiro 9, 2009 Oii.... Desinstalei o Combofix, e aqui está o log do Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:03:35, on 8/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\VM303_STI.EXE C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe C:\Arquivos de programas\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Hijack\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TelExtreme] C:\Arquivos de programas\TelExtreme\TelExtreme O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: velox3.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173455070718 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BE9A3F90-5337-4A8A-A2A6-03AC81A61434}: NameServer = 200.165.132.154 200.165.132.148 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe O24 - Desktop Component 0: (no name) - http://images.orkut.com/orkut/albums2/ATgA...SsUpGLbQLTA.jpg -- End of file - 11528 bytes Obrigada pela atenção! Abraços Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Fevereiro 9, 2009 O log não apresenta mais entradas maliciosas. Algum problema com o PC ainda Celle? Compartilhar este post Link para o post Compartilhar em outros sites
Celle 0 Denunciar post Postado Fevereiro 10, 2009 Não, não, nenhum problema! :joia: Muito obrigada viu? bjs :] Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Fevereiro 12, 2009 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
