[Arquivado] Explorer.exe fechando sozinho ¬¬

[The XeoN 0]

Meu explorer.exe fecha sozinho =/

 

da uma mensagem do windows q ele foi fechado pela dep para naum prejudicar o sistema.. <_<

 

Me ajudem plssss

 

Agradeço :thumbsup:

 

Log do HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:39:43, on 1/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\AppServ\Apache2.2\bin\httpd.exe

C:\AppServ\MySQL\bin\mysqld-nt.exe

C:\AppServ\Apache2.2\bin\httpd.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [uSBFW] C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{11DBA946-297C-49C0-9F4B-D745DDB653A1}: NameServer = 200.165.132.147 200.165.132.155

O17 - HKLM\System\CS1\Services\Tcpip\..\{11DBA946-297C-49C0-9F4B-D745DDB653A1}: NameServer = 200.165.132.147 200.165.132.155

O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4836 bytes

[GuilhermeLeobas 0]

Poste o log no forum abaixo

http://forum.imasters.com.br/index.php?showforum=77

 

Não sou especialista em analizes de logs e tambem não uso o Hijackthis.de mais eu não vi nada de errado com o seu log mais abra um novo topico no forum acima que seram utilizados ferramentas especificas.

[Ted k' 126]

Deixa que eu mando

 

Movido de Dúvidas Gerais :seta: Segurança & Malwares

[The XeoN 0]

ninguem ai sabe naum ?

 

preciso disso...

 

tah atrapalhando ateh meu trabalho =/

[Mário Monteiro 179]

Os analistas possuem diversos casos a serem analisados

 

O seu automaticamnete entrou na fila

 

Esta area possui regras proprias e deve ter conhecimento sobre as mesmas

 

Regra Nº 03 - Tempo de espera: 5 dias.

[jgarcia 1]

Opa The XeoN,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Abraços.

[The XeoN 0]

ComboFix 09-02-06.04 - The XeoN # 2009-02-07 17:06:56.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.2046.1314 [GMT -2:00]

Executando de: c:\downloads\Software\ComboFix.exe

AV: Steganos Internet Security *On-access scanning enabled* (Updated)

FW: Steganos Firewall *enabled*

* Criado um novo ponto de restauro

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-07 to 2009-02-07 ))))))))))))))))))))))))))))

.

 

2009-02-07 16:39 . 2009-02-07 16:39 <DIR> d-------- c:\documents and settings\The XeoN #\Dados de aplicativos\Malwarebytes

2009-02-07 16:39 . 2009-02-07 16:39 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-02-07 16:39 . 2009-02-07 16:39 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-02-07 16:39 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-07 16:39 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-06 14:38 . 2009-02-06 14:38 <DIR> d-------- c:\documents and settings\Outros\Contacts

2009-02-04 10:57 . 2009-02-04 10:57 <DIR> d-------- c:\arquivos de programas\MSBuild

2009-02-04 10:57 . 2009-02-04 10:57 <DIR> d-------- c:\arquivos de programas\Microsoft Works

2009-02-04 10:57 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll

2009-02-04 10:54 . 2009-02-04 10:56 <DIR> d-------- c:\windows\SHELLNEW

2009-02-04 10:54 . 2009-02-04 10:54 <DIR> dr-h----- C:\MSOCache

2009-02-04 10:54 . 2009-02-04 10:57 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-02-03 11:10 . 2009-02-01 16:55 <DIR> d--h----- c:\documents and settings\Outros\Modelos

2009-02-03 11:10 . 2009-02-06 14:38 <DIR> dr------- c:\documents and settings\Outros\Meus documentos

2009-02-03 11:10 . 2009-02-01 14:51 <DIR> dr------- c:\documents and settings\Outros\Menu Iniciar

2009-02-03 11:10 . 2009-02-03 11:11 <DIR> dr------- c:\documents and settings\Outros\Favoritos

2009-02-03 11:10 . 2009-02-03 11:14 <DIR> dr-h----- c:\documents and settings\Outros\Dados de aplicativos

2009-02-03 11:10 . 2009-02-07 17:07 <DIR> d--h----- c:\documents and settings\Outros\Configurações locais

2009-02-03 11:10 . 2009-02-01 14:51 <DIR> d--h----- c:\documents and settings\Outros\Ambiente de rede

2009-02-03 11:10 . 2009-02-01 14:51 <DIR> d--h----- c:\documents and settings\Outros\Ambiente de impressão

2009-02-03 11:10 . 2009-02-06 14:38 <DIR> d-------- c:\documents and settings\Outros

2009-02-03 01:29 . 2009-02-03 01:29 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack

2009-02-03 00:14 . 2009-02-03 00:14 <DIR> d-------- c:\documents and settings\The XeoN #\Dados de aplicativos\Leadertech

2009-02-02 23:55 . 2009-02-02 23:55 <DIR> d-------- c:\arquivos de programas\EA Sports

2009-02-02 23:52 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll

2009-02-02 23:52 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll

2009-02-02 23:52 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll

2009-02-02 19:19 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys

2009-02-02 12:27 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-02-02 12:27 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-02-02 12:27 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-02-02 02:27 . 1998-05-20 06:17 280,064 --a------ c:\windows\system\CNCS232.DLL

2009-02-02 02:27 . 1997-04-24 22:25 171,520 --a------ c:\windows\system\CNCS32.DLL

2009-02-01 22:50 . 2009-02-02 03:00 <DIR> d-------- c:\documents and settings\The XeoN #\Dados de aplicativos\phpDesigner 2008

2009-02-01 22:48 . 2009-02-07 15:36 <DIR> d-------- c:\arquivos de programas\phpDesigner 2008

2009-02-01 22:03 . 2009-02-04 10:53 <DIR> d--h----- C:\$AVG8.VAULT$

2009-02-01 21:46 . 2009-02-01 21:46 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-02-01 21:29 . 2009-02-01 21:29 <DIR> d--h----- c:\windows\PIF

2009-02-01 20:50 . 2009-02-01 20:50 <DIR> d-------- c:\arquivos de programas\Messenger Plus! Live

2009-02-01 20:27 . 2009-02-02 23:19 103,736 --a------ c:\windows\system32\PnkBstrB.exe

2009-02-01 20:27 . 2009-02-02 23:19 66,872 --a------ c:\windows\system32\PnkBstrA.exe

2009-02-01 20:27 . 2009-02-02 23:19 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys

2009-02-01 20:24 . 2009-02-06 23:04 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-02-01 20:24 . 2009-02-02 13:35 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-02-01 20:24 . 2009-02-02 13:35 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-02-01 20:24 . 2009-02-01 20:24 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys

2009-02-01 20:24 . 2009-02-01 20:24 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-02-01 20:23 . 2009-02-02 13:35 50,968 --a------ c:\windows\system32\avgfwdx.dll

2009-02-01 20:23 . 2009-02-02 13:35 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys

2009-02-01 20:20 . 2009-02-01 20:23 <DIR> d-------- c:\documents and settings\The XeoN #\Contacts

2009-02-01 20:05 . 2009-02-01 20:05 <DIR> d-------- c:\arquivos de programas\Electronic Arts

2009-02-01 20:05 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll

2009-02-01 20:05 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll

2009-02-01 20:05 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll

2009-02-01 20:05 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll

2009-02-01 20:05 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll

2009-02-01 20:05 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll

2009-02-01 20:05 . 2007-06-20 20:46 266,088 --a------ c:\windows\system32\xactengine2_8.dll

2009-02-01 20:05 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll

2009-02-01 20:05 . 2007-01-24 15:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll

2009-02-01 20:05 . 2007-06-20 20:45 18,280 --a------ c:\windows\system32\x3daudio1_2.dll

2009-02-01 20:05 . 2007-03-05 12:42 15,128 --a------ c:\windows\system32\x3daudio1_1.dll

2009-02-01 19:59 . 2009-02-01 20:01 <DIR> d--hsc--- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-02-01 19:58 . 2009-02-01 20:19 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-02-01 19:58 . 2009-02-01 20:18 <DIR> d-------- c:\arquivos de programas\Windows Live

2009-02-01 19:58 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll

2009-02-01 19:58 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui

2009-02-01 19:58 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui

2009-02-01 19:58 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

2009-02-01 19:58 . 2008-10-16 14:07 18,968 --a------ c:\windows\system32\wuaueng.dll.mui

2009-02-01 19:54 . 2009-02-01 19:54 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2009-02-01 19:38 . 2009-02-01 19:38 <DIR> d-------- c:\arquivos de programas\Trend Micro

2009-02-01 19:07 . 2009-02-01 19:07 <DIR> d-------- c:\arquivos de programas\Corel

2009-02-01 19:03 . 2009-02-01 19:03 <DIR> d-------- c:\arquivos de programas\Aspyr

2009-02-01 19:03 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll

2009-02-01 19:03 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll

2009-02-01 18:51 . 2009-02-01 20:24 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avg8

2009-02-01 18:46 . 2009-02-07 16:12 <DIR> d-------- C:\Downloads

2009-02-01 18:45 . 2009-02-01 18:45 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\NCH Swift Sound

2009-02-01 18:44 . 2009-02-01 18:44 <DIR> d-------- c:\documents and settings\The XeoN #\Dados de aplicativos\NCH Swift Sound

2009-02-01 18:44 . 2009-02-01 18:45 <DIR> d-------- c:\arquivos de programas\NCH Swift Sound

2009-02-01 18:43 . 2009-02-01 18:43 <DIR> d-------- c:\arquivos de programas\Net Studio

2009-02-01 18:41 . 2009-02-01 18:41 2,887,680 --a------ c:\windows\system32\VagalumePluginWMP.dll

2009-02-01 18:34 . 2009-02-01 18:34 <DIR> d-------- c:\arquivos de programas\DAEMON Tools Toolbar

2009-02-01 18:32 . 2009-02-01 18:34 <DIR> d-------- c:\arquivos de programas\DAEMON Tools Lite

2009-02-01 18:30 . 2009-02-01 18:30 <DIR> d-------- c:\documents and settings\The XeoN #\Dados de aplicativos\DAEMON Tools

2009-02-01 18:30 . 2009-02-01 18:30 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2009-02-01 18:29 . 2009-02-01 18:29 <DIR> d-------- c:\arquivos de programas\Yahoo!

2009-02-01 18:28 . 2009-02-01 18:28 <DIR> d-------- c:\arquivos de programas\CCleaner

2009-02-01 18:26 . 2009-02-07 17:06 <DIR> d-------- c:\documents and settings\The XeoN #\Dados de aplicativos\Free Download Manager

2009-02-01 18:26 . 2009-02-01 18:26 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG

2009-02-01 18:26 . 2009-02-01 18:26 <DIR> d-------- c:\arquivos de programas\Free Download Manager

2009-02-01 18:25 . 2009-02-01 18:25 <DIR> d-------- c:\windows\system32\pt-br

2009-02-01 18:23 . 2009-02-01 18:23 <DIR> d--h----- c:\windows\$hf_mig$

2009-02-01 18:18 . 2009-02-01 18:18 <DIR> d-------- c:\arquivos de programas\TaskSwitchXP

2009-02-01 18:18 . 2007-04-10 05:28 16,144,896 --a------ c:\windows\Rthdcpl.exe.xpize

2009-02-01 18:18 . 2004-08-04 01:45 2,790,912 --a------ c:\windows\system32\XPize_Logon.exe

2009-02-01 18:18 . 2005-09-21 00:25 319,488 --a------ c:\windows\system32\Alsndmgr.cpl.xpize

2009-02-01 18:18 . 2006-08-17 20:58 303,104 --a------ c:\windows\system32\Rtsndmgr.cpl.xpize

2009-02-01 18:18 . 2006-07-21 06:14 102,400 --a------ c:\windows\Soundman.exe.xpize

2009-02-01 18:16 . 2009-02-01 18:18 <DIR> d--h----- c:\windows\XPize Darkside

2009-02-01 18:16 . 2004-08-04 01:45 219,648 --a------ c:\windows\system32\uxtheme.backup

2009-02-01 18:07 . 2009-02-01 18:07 <DIR> d-------- c:\arquivos de programas\Windows Media Connect 2

2009-02-01 18:06 . 2009-02-01 20:16 <DIR> d-------- c:\windows\system32\LogFiles

2009-02-01 18:06 . 2009-02-02 19:16 <DIR> d-------- c:\windows\system32\drivers\UMDF

2009-02-01 18:05 . 2009-02-01 18:07 <DIR> d-------- C:\AppServ

2009-02-01 17:28 . 2007-03-23 09:19 9,715,200 -r------- c:\windows\RTLCPL.exe

2009-02-01 17:28 . 2007-04-10 09:04 4,397,568 -r------- c:\windows\system32\drivers\RtkHDAud.sys

2009-02-01 17:28 . 2007-04-04 07:22 1,822,720 -r------- c:\windows\SkyTel.exe

2009-02-01 17:28 . 2007-01-16 00:39 1,191,936 -r------- c:\windows\RtlUpd.exe

2009-02-01 17:28 . 2006-08-17 20:58 282,624 -r------- c:\windows\system32\RTSndMgr.cpl

2009-02-01 17:28 . 2006-07-21 06:14 86,016 -r------- c:\windows\SoundMan.exe

2009-02-01 17:28 . 2006-08-01 05:02 49,152 -r------- c:\windows\system32\ChCfg.exe

2009-02-01 17:27 . 2009-02-01 17:27 <DIR> d-------- c:\arquivos de programas\Realtek

2009-02-01 17:27 . 2007-04-10 05:28 16,126,464 -r------- c:\windows\RTHDCPL.exe

2009-02-01 17:27 . 2006-05-04 06:26 2,808,832 -r------- c:\windows\alcwzrd.exe

2009-02-01 17:27 . 2006-10-11 07:42 2,157,568 -r------- c:\windows\MicCal.exe

2009-02-01 17:27 . 2007-01-12 06:54 520,192 -r------- c:\windows\RtlExUpd.dll

2009-02-01 17:27 . 2005-09-21 00:25 299,008 -r------- c:\windows\system32\ALSndMgr.cpl

2009-02-01 17:27 . 2005-05-03 08:43 69,632 -r------- c:\windows\Alcmtr.exe

2009-02-01 17:17 . 2009-02-01 17:17 <DIR> d-------- c:\arquivos de programas\Steganos

2009-02-01 17:14 . 2009-02-01 17:14 <DIR> d-------- c:\windows\system32\Lang

2009-02-01 17:14 . 2009-02-01 17:14 940,794 --a------ c:\windows\system32\LoopyMusic.wav

2009-02-01 17:14 . 2009-02-01 17:14 146,650 --a------ c:\windows\system32\BuzzingBee.wav

2009-02-01 17:13 . 2009-02-01 17:13 <DIR> d-------- c:\arquivos de programas\My Company Name

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-01 20:16 219,648 ----a-w c:\windows\system32\uxtheme.dll

2009-02-01 18:58 --------- d-----w c:\arquivos de programas\microsoft frontpage

2009-02-01 18:57 --------- d-----w c:\arquivos de programas\Serviços on-line

2009-02-01 18:56 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll

2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll

2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll

2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll

.

 

------- Sigcheck -------

 

2004-08-04 01:45 1696256 fc3be5ceb215c8ef8b14adf1cfb939ce c:\windows\explorer.exe

2004-08-04 01:45 1696256 fc3be5ceb215c8ef8b14adf1cfb939ce c:\windows\system32\dllcache\explorer.exe

2004-08-04 01:45 1034240 fa61a19050ae14bec1a26de82390dd65 c:\windows\XPize Darkside\Backup\explorer.exe

 

2004-08-04 01:45 30208 c44b39505116f6961988b8681793e572 c:\windows\system32\ctfmon.exe

2004-08-04 01:45 30208 c44b39505116f6961988b8681793e572 c:\windows\system32\dllcache\ctfmon.exe

2004-08-04 01:45 15360 f40bc97996b8e53799eef1d63996674b c:\windows\XPize Darkside\Backup\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TaskSwitchXP"="c:\arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]

"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2008-05-20 2474031]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 1667584]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\arquiv~1\Steganos\INTERN~1\avgtray.exe" [2009-02-02 1235736]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 01:45 30208 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-07-24 13:02 490952 c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-01-08 15:53 8523776 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-01-08 15:53 81920 c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 08:43 69632 c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-01-08 15:53 1626112 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-04-10 05:28 16126464 c:\windows\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Steganos\\Internet Security 2009\\avgemc.exe"=

"c:\\Arquivos de programas\\Steganos\\Internet Security 2009\\avgupd.exe"=

"c:\\Arquivos de programas\\Steganos\\Internet Security 2009\\avgnsx.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-01 12936]

R1 AvgLdx86;Steganos I.S. AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-01 98440]

R1 AvgTdiX;Steganos I.S. Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-01 90632]

R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [2008-01-17 24635]

R2 avg8emc;Steganos I.S. E-mail Scanner;c:\arquiv~1\Steganos\INTERN~1\avgemc.exe [2009-02-02 874776]

R2 avg8wd;Steganos I.S. WatchDog;c:\arquiv~1\Steganos\INTERN~1\avgwdsvc.exe [2009-02-01 231704]

R2 avgfws8;Steganos I.S. Firewall;c:\arquiv~1\Steganos\INTERN~1\avgfws8.exe [2009-02-02 1212184]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-02-01 29208]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-02-01 29208]

S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]

.

.

------- Scan Suplementar -------

.

IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {11DBA946-297C-49C0-9F4B-D745DDB653A1} = 200.165.132.147 200.165.132.155

FF - ProfilePath - c:\documents and settings\The XeoN #\Dados de aplicativos\Mozilla\Firefox\Profiles\6akxbmxz.default\

FF - prefs.js: browser.startup.homepage - hxxp://localhost:8090/

FF - component: c:\arquivos de programas\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-07 17:07:43

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]

"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(844)

c:\windows\system32\avgrsstx.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(932)

c:\windows\system32\avgrsstx.dll

.

Tempo para conclusão: 2009-02-07 17:08:24

ComboFix-quarantined-files.txt 2009-02-07 19:08:22

 

Pré-execução: 13 pasta(s) 97.895.411.712 bytes disponíveis

Pós execução: 13 pasta(s) 97,933,500,416 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

 

262

[jgarcia 1]

Opa The XeoN,

 

Poste um novo log do ComboFix.

 

Abraços.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.