Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

JonJon CS

[Resolvido!] Problema com Opera

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

JonJon CS    1

JonJon CS
Postado

Seguido do tópico Opera utilizando muita memoria que eu fiz, decidi fazer um log do hijack para analise devido aos problemas:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:18:10, on 3/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

D:\WINDOWS\system32\rundll32.exe

D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

D:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

D:\Arquivos de programas\Vista Drive Icon\DrvIcon.exe

D:\WINDOWS\vsnpstd3.exe

D:\ARQUIV~1\Cacheman\Cacheman.exe

D:\WINDOWS\sm56hlpr.exe

D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

D:\Arquivos de programas\LClock\lclock.exe

D:\WINDOWS\system32\ctfmon.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

D:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\MSN Messenger\usnsvc.exe

D:\Arquivos de programas\Opera\opera.exe

D:\Hijackthis\HijackThis.exe

D:\WINDOWS\system32\taskmgr.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:80;https=localhost:80;ftp=localhost:80

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - D:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [DrvIcon] D:\Arquivos de programas\Vista Drive Icon\DrvIcon.exe

O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe

O4 - HKCU\..\Run: [Cacheman] D:\ARQUIV~1\Cacheman\Cacheman.exe

O4 - HKCU\..\Run: [sm56hlpr] D:\WINDOWS\sm56hlpr.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [LClock] D:\Arquivos de programas\LClock\lclock.exe

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://audition.com.br/activex/AuditionWeb.cab

O16 - DPF: {32A155BD-68EC-404E-A14F-72A851C0811D} (WebNG-Uploader Control) - http://cp.webng.com/client/fm/WebNG-Uploader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6B8753EB-DE3E-447C-AEA0-A182B398143F}: NameServer = 200.202.193.75 200.222.0.34

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: D:\WINDOWS\system32\cssdll32.dll D:\WINDOWS\system32\guard32.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - D:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8148 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

JonJon CS    1

JonJon CS
Postado

Ai vai o log:

 

;*******************************************************************************

*********************************************************************************

*******************

ANALYSIS: 2009-03-08 14:25:37

PROTECTIONS: 2

MALWARE: 0

SUSPECTS: 0

;*******************************************************************************

*********************************************************************************

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

=================================================================================

===================

COMODO Antivirus 3.5 Yes Yes

avast! antivirus 4.8.1335 [VPS 090307-0] 4.8.1335 Yes Yes

;===============================================================================

=================================================================================

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

=================================================================================

===================

;===============================================================================

=================================================================================

===================

SUSPECTS

Sent Location P

;===============================================================================

=================================================================================

===================

;===============================================================================

=================================================================================

===================

VULNERABILITIES

Id Severity Description P

;===============================================================================

=================================================================================

===================

184380 MEDIUM MS08-002 P

184379 MEDIUM MS08-001 P

182048 HIGH MS07-069 P

182046 HIGH MS07-067 P

182043 HIGH MS07-064 P

179553 HIGH MS07-061 P

176382 HIGH MS07-057 P

170907 HIGH MS07-046 P

170906 HIGH MS07-045 P

170904 HIGH MS07-043 P

164915 HIGH MS07-035 P

164913 HIGH MS07-033 P

164911 HIGH MS07-031 P

160623 HIGH MS07-027 P

157262 HIGH MS07-022 P

157261 HIGH MS07-021 P

157260 HIGH MS07-020 P

156477 HIGH MS07-017 P

150253 HIGH MS07-016 P

150248 HIGH MS07-012 P

150247 HIGH MS07-011 P

150243 HIGH MS07-008 P

150242 HIGH MS07-007 P

150241 MEDIUM MS07-006 P

141034 HIGH MS06-076 P

141033 MEDIUM MS06-075 P

137571 HIGH MS06-070 P

133387 MEDIUM MS06-065 P

133386 MEDIUM MS06-064 P

133385 MEDIUM MS06-063 P

133379 HIGH MS06-057 P

129977 MEDIUM MS06-053 P

129976 MEDIUM MS06-052 P

126093 HIGH MS06-051 P

126087 HIGH MS06-046 P

126086 MEDIUM MS06-045 P

126082 HIGH MS06-041 P

126081 HIGH MS06-040 P

123420 HIGH MS06-035 P

120825 MEDIUM MS06-032 P

120823 MEDIUM MS06-030 P

120815 HIGH MS06-022 P

114666 HIGH MS06-015 P

108744 MEDIUM MS06-008 P

108743 MEDIUM MS06-007 P

108742 MEDIUM MS06-006 P

104567 HIGH MS06-002 P

104237 HIGH MS06-001 P

96574 HIGH MS05-053 P

93394 HIGH MS05-050 P

93454 MEDIUM MS05-049 P

;===============================================================================

=================================================================================

===================

(vixi, com esse tanto de vunerabilidade acho que isso vai demorar rsrsrs)

Eu posso utilizar o tal do combofix? se sim, o que devo fazer?

Compartilhar este post

Link para o post
Compartilhar em outros sites

Silas Martins    0

Silas Martins
Postado

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Aguardo retorno

Compartilhar este post

Link para o post
Compartilhar em outros sites

JonJon CS    1

JonJon CS
Postado

Ai vai:

 

ComboFix 09-03-06.02 - Administrador 2009-03-10 15:38:10.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.512.381 [GMT -3:00]

Executando de: d:\documents and settings\Jonathan\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090309-0] *On-access scanning disabled* (Updated)

AV: COMODO Antivirus *On-access scanning enabled* (Updated)

FW: COMODO Firewall *enabled*

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

d:\windows\IE4 Error Log.txt

d:\windows\SNMPAPI.DLL

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-10 to 2009-03-10 ))))))))))))))))))))))))))))

.

 

2009-12-02 12:57 . 2009-01-15 19:36 <DIR> d----c--- d:\arquivos de programas\EarMaster

2009-03-08 18:30 . 2009-03-08 18:30 <DIR> d----c--- d:\arquivos de programas\Managed DirectX (0900)

2009-03-08 00:28 . 2009-03-08 00:28 <DIR> d----c--- d:\documents and settings\Jonathan\Saved Games

2009-03-07 22:51 . 2008-06-19 16:24 28,544 --a--c--- d:\windows\system32\drivers\pavboot.sys

2009-03-07 22:50 . 2009-03-07 22:50 <DIR> d----c--- d:\arquivos de programas\Panda Security

2009-03-07 09:40 . 2009-03-07 10:17 1,135 -rah-c--- d:\windows\EPMBatch.ept

2009-03-07 09:37 . 2009-03-07 09:37 <DIR> d----c--- d:\arquivos de programas\EASEUS

2009-03-07 09:34 . 2009-03-07 09:34 <DIR> d----c--- d:\arquivos de programas\Shockwave.com

2009-03-06 22:29 . 2009-03-06 22:29 <DIR> d----c--- d:\windows\system32\madll

2009-03-06 22:29 . 2009-03-06 22:29 <DIR> d----c--- d:\arquivos de programas\Abdio

2009-03-06 21:01 . 2009-03-06 21:01 <DIR> d----c--- d:\arquivos de programas\Innovative Solutions

2009-03-06 19:41 . 2009-03-06 21:52 <DIR> d----c--- d:\arquivos de programas\nLite

2009-03-04 15:01 . 2009-03-04 15:01 <DIR> d----c--- d:\arquivos de programas\directx

2009-03-03 13:54 . 2009-03-03 13:54 38 --a--c--- d:\windows\AviSplitter.INI

2009-02-20 16:14 . 2009-03-08 00:42 <DIR> d-a--c--- d:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-02-20 16:12 . 2009-02-21 18:02 <DIR> d----c--- d:\documents and settings\Jonathan\My CamSpace Games

2009-02-20 16:12 . 2009-02-20 16:12 <DIR> d----c--- d:\arquivos de programas\CamSpace

2009-02-20 16:11 . 2008-05-30 14:11 3,850,760 --a--c--- d:\windows\system32\D3DX9_38.dll

2009-02-20 16:08 . 2009-02-20 16:08 <DIR> d----c--- d:\windows\Logs

2009-02-19 18:38 . 2009-02-19 18:38 <DIR> d----c--- d:\arquivos de programas\Duplicate Cleaner

2009-02-19 18:38 . 2007-09-24 11:04 675,840 --a--c--- d:\windows\system32\AudioGenie24.ocx

2009-02-19 17:17 . 2009-02-19 17:22 <DIR> d----c--- d:\arquivos de programas\HoeKey

2009-02-19 15:44 . 2009-02-25 14:34 <DIR> d----c--- d:\arquivos de programas\MessengerDiscovery

2009-02-19 15:44 . 2004-03-09 01:00 609,824 --a--c--- d:\windows\system32\COMCTL32.ocx

2009-02-19 15:44 . 2004-03-08 23:00 152,848 --a--c--- d:\windows\system32\comdlg32.OCX

2009-02-19 15:44 . 2004-03-09 01:00 124,688 --a--c--- d:\windows\system32\MSWINSCK.ocx

2009-02-12 19:07 . 2009-02-12 19:07 <DIR> d----c--- d:\arquivos de programas\Three Rings Design

2009-02-12 15:23 . 2009-02-12 15:23 <DIR> d----c--- d:\documents and settings\Jonathan\Dados de aplicativos\Nexon

2009-02-12 13:39 . 2009-02-12 13:45 <DIR> d----c--- d:\documents and settings\Jonathan\_gimp1.2

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-02 16:11 --------- dc----w d:\arquivos de programas\Arquivos comuns\Vbox

2009-03-10 18:31 --------- dc----w d:\documents and settings\All Users\Dados de aplicativos\_comodo_

2009-03-10 18:13 --------- dc----w d:\arquivos de programas\Puxa Rápido

2009-03-06 22:49 --------- dc-h--w d:\arquivos de programas\InstallShield Installation Information

2009-02-25 20:24 34 -c--a-w d:\documents and settings\Jonathan\jagex_runescape_preferences.dat

2009-02-24 13:43 --------- dc----w d:\arquivos de programas\PhotoBrush

2009-02-23 15:52 86,408 -c--a-w d:\windows\system32\setupempdrv03.exe

2009-02-23 15:52 8,704 -c--a-w d:\windows\system32\epmntdrv.sys

2009-02-23 15:52 3,072 -c--a-w d:\windows\system32\EuGdiDrv.sys

2009-02-23 15:51 14,848 -c--a-w d:\windows\system32\EuEpmGdi.dll

2009-02-22 14:32 --------- dc----w d:\documents and settings\Jonathan\Dados de aplicativos\Skype

2009-02-22 14:26 --------- dc----w d:\documents and settings\Jonathan\Dados de aplicativos\skypePM

2009-02-20 21:12 65,536 -c--a-w d:\windows\system32\FatCopy.dll

2009-02-20 21:12 213,504 -c--a-w d:\windows\system32\BootMan.exe

2009-02-20 21:12 17,920 -c--a-w d:\windows\system32\SectorCopy.dll

2009-02-20 21:12 139,776 -c--a-w d:\windows\system32\NTFSCopy.dll

2009-02-20 21:11 93,184 -c--a-w d:\windows\system32\Partition.dll

2009-02-20 21:11 86,016 -c--a-w d:\windows\system32\ResizeNTFS.dll

2009-02-20 21:11 61,952 -c--a-w d:\windows\system32\FatResizeMove.dll

2009-02-20 21:11 45,568 -c--a-w d:\windows\system32\FileSystemCheck.dll

2009-02-20 21:11 180,224 -c--a-w d:\windows\system32\DeviceManager.dll

2009-02-20 21:10 86,528 -c--a-w d:\windows\system32\NTFSLib.dll

2009-02-20 21:10 68,096 -c--a-w d:\windows\system32\Device.dll

2009-02-20 21:10 6,656 -c--a-w d:\windows\system32\CallbackOperator.dll

2009-02-20 21:10 472,064 -c--a-w d:\windows\system32\NTFSFormat.dll

2009-02-20 21:10 31,744 -c--a-w d:\windows\system32\FatLib.dll

2009-02-20 21:10 24,576 -c--a-w d:\windows\system32\NTFSFileSystemAnalyser.dll

2009-02-20 21:10 22,016 -c--a-w d:\windows\system32\FatFormat.dll

2009-02-20 21:10 21,504 -c--a-w d:\windows\system32\Fixup.dll

2009-02-20 21:10 14,848 -c--a-w d:\windows\system32\FileSystemAnalyser.dll

2009-02-20 21:10 10,752 -c--a-w d:\windows\system32\DeviceAdapter.dll

2009-02-20 21:09 25,088 -c--a-w d:\windows\system32\FATFileSystemAnalyser.dll

2009-02-20 16:57 --------- dc----w d:\arquivos de programas\eMule

2009-02-19 18:44 --------- dc----w d:\arquivos de programas\MSN Messenger

2009-02-11 19:00 --------- dc----w d:\arquivos de programas\MenuMaid

2009-02-11 15:53 57,925 -c--a-w d:\documents and settings\Jonathan\Dados de aplicativos\mclip.dat

2009-02-11 15:53 4,756 -c--a-w d:\documents and settings\Jonathan\Dados de aplicativos\hexplorer.dat

2009-02-07 19:27 --------- dc----w d:\documents and settings\Jonathan\Dados de aplicativos\Hamachi

2009-02-07 12:28 --------- dc----w d:\arquivos de programas\Arquivos comuns\AnimeVamp

2009-02-07 01:53 --------- dc----w d:\arquivos de programas\TimeBomb

2009-02-03 14:39 77,824 -c--a-w d:\windows\system32\CamTraxAPI.dll

2009-02-01 21:02 --------- dc----w d:\arquivos de programas\Hamachi

2009-02-01 20:59 25,280 -c--a-w d:\windows\system32\drivers\hamachi.sys

2009-01-31 22:43 --------- dc----w d:\arquivos de programas\Alwil Software

2009-01-29 13:00 --------- dc----w d:\documents and settings\All Users\Dados de aplicativos\comodo

2009-01-28 23:30 31,504 -c--a-w d:\windows\system32\drivers\cmdhlp.sys

2009-01-28 23:30 147,192 -c--a-w d:\windows\system32\guard32.dll

2009-01-28 23:30 101,776 -c--a-w d:\windows\system32\drivers\cmdguard.sys

2009-01-26 01:18 --------- dc----w d:\arquivos de programas\AtomTime

2009-01-25 22:04 47,104 -c--a-w d:\windows\system32\KMVIDC32.DLL

2009-01-24 11:55 90,112 -c--a-w d:\windows\Cuninst.exe

2009-01-23 22:20 --------- dc----w d:\arquivos de programas\OrionStudiosX

2009-01-23 19:08 --------- dc----w d:\arquivos de programas\PChord

2009-01-23 13:12 --------- dc----w d:\arquivos de programas\ASIO4ALL v2

2009-01-23 09:57 --------- dc----w d:\arquivos de programas\WinFlip

2009-01-23 09:57 --------- dc----w d:\arquivos de programas\Windows Media Connect 2

2009-01-23 09:57 --------- dc----w d:\arquivos de programas\dvdSanta

2009-01-23 01:00 --------- dc----w d:\arquivos de programas\Tecla Mágica 3.04

2009-01-22 23:54 --------- dc----w d:\arquivos de programas\Free DVD MP3 Ripper

2009-01-22 03:01 --------- dc----w d:\arquivos de programas\PC Inspector File Recovery

2009-01-22 03:01 --------- dc----w d:\arquivos de programas\LClock

2009-01-22 02:51 --------- dc----w d:\arquivos de programas\anyMania

2009-01-19 00:04 --------- dc----w d:\arquivos de programas\ThumbView_Lite 1.0

2009-01-18 01:49 --------- dc----w d:\arquivos de programas\VirtualDJ

2009-01-15 22:42 --------- dc----w d:\arquivos de programas\Messenger Plus! Live

2009-01-15 22:35 --------- dc----w d:\arquivos de programas\PE Explorer

2009-01-15 22:34 --------- dc----w d:\arquivos de programas\ElcomSoft

2009-01-15 22:33 --------- dc----w d:\arquivos de programas\Flash-SWF to AVI-GIF

2009-01-12 00:24 --------- dc----w d:\arquivos de programas\rooms3d

2009-01-11 23:39 --------- dc----w d:\arquivos de programas\Unity

2009-01-10 15:01 --------- dc----w d:\arquivos de programas\MSXML 4.0

2008-12-20 21:54 249,592 -c--a-w d:\windows\system32\cssdll32.dll

2008-12-18 01:10 30 -c-ha-w D:\prefech.bat

2008-12-13 10:38 24,192 -c--a-w d:\documents and settings\Jonathan\usbsermptxp.sys

2008-12-13 10:38 22,768 -c--a-w d:\documents and settings\Jonathan\usbsermpt.sys

.

 

------- Sigcheck -------

 

2008-08-14 10:39 2067200 145cd2bba58988b7a2e9b910ac4d4ca4 d:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe

2008-08-14 10:24 2070272 a62251c7c1f0dbc3241abf1985ede75e d:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

2008-08-14 18:26 2070272 586a93e0c23f6a1893f6706f36b22598 d:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

2004-08-04 00:55 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 d:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

2008-08-14 10:45 2061952 e3c62cc617a25870b024cba8bb1d3c23 d:\windows\Driver Cache\i386\ntkrnlpa.exe

2004-08-03 23:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 d:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\ntkrnlpa.exe

2008-08-14 10:45 2066176 1b6e8fd4db07aeab340363225e48f0b1 d:\windows\system32\ntkrnlpa.exe

2008-08-14 10:45 2061952 e3c62cc617a25870b024cba8bb1d3c23 d:\windows\system32\dllcache\ntkrnlpa.exe

2008-08-14 10:45 2061952 e3c62cc617a25870b024cba8bb1d3c23 d:\windows\system32\VITrans\ntkrnlpa.exe

 

2008-08-14 10:39 2190208 b72a025a758683552c4fec7eabcb0661 d:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

2008-08-14 10:24 2193408 04ba43b0d2a13bd6b06d707299243cfc d:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

2008-08-14 18:26 2193408 a42cc3cfc02a7b2baec7b0d45808b257 d:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be d:\windows\$NtUninstallKB956841$\ntoskrnl.exe

2008-08-14 10:45 2184576 837fcf2a885b4cf3f28475d8376b4fd2 d:\windows\Driver Cache\i386\ntoskrnl.exe

2004-08-03 23:40 2185216 3b72a63f230dfb276fc96a99173a81be d:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\ntoskrnl.exe

2008-08-14 10:45 2188800 246f6355e014ac889171d8ae2620afd1 d:\windows\system32\ntoskrnl.exe

2008-08-14 10:45 2184576 837fcf2a885b4cf3f28475d8376b4fd2 d:\windows\system32\dllcache\ntoskrnl.exe

2008-08-14 10:45 2184576 837fcf2a885b4cf3f28475d8376b4fd2 d:\windows\system32\VITrans\ntoskrnl.exe

 

2004-08-04 00:45 1424896 90a6eb2a3ce24982d96ee51f23b07de5 d:\windows\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 d:\windows\SoftwareDistribution\Download\0cefd1b13c2a367885a79093513707c4\backup\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 d:\windows\system32\dllcache\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 d:\windows\system32\VITrans\explorer.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cacheman"="d:\arquiv~1\Cacheman\Cacheman.exe" [2001-08-04 1112064]

"sm56hlpr"="d:\windows\sm56hlpr.exe" [2006-04-05 565248]

"SpybotSD TeaTimer"="d:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"LClock"="d:\arquivos de programas\LClock\lclock.exe" [2004-09-20 65536]

"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="d:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"COMODO Internet Security"="d:\arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" [2009-01-28 1797880]

"DrvIcon"="d:\arquivos de programas\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]

"snpstd3"="d:\windows\vsnpstd3.exe" [2006-09-18 843776]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 d:\windows\system32\bthprops.cpl]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.FFDS"= ffdshow.ax

"msacm.avis"= ff_acm.acm

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]

"Script"=D:\prefesh.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]

"Script"=D:\prefech.bat

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^TVTuner Remote Control.lnk]

path=d:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\TVTuner Remote Control.lnk

backup=d:\windows\pss\TVTuner Remote Control.lnkCommon Startup

 

[HKLM\~\startupfolder\D:^Documents and Settings^Jonathan^Menu Iniciar^Programas^Inicializar^Registro da Corel.lnk]

path=d:\documents and settings\Jonathan\Menu Iniciar\Programas\Inicializar\Registro da Corel.lnk

backup=d:\windows\pss\Registro da Corel.lnkStartup

 

[HKLM\~\startupfolder\D:^Documents and Settings^Jonathan^Menu Iniciar^Programas^Inicializar^TimeLeft.lnk]

path=d:\documents and settings\Jonathan\Menu Iniciar\Programas\Inicializar\TimeLeft.lnk

backup=d:\windows\pss\TimeLeft.lnkStartup

 

[HKLM\~\startupfolder\D:^Documents and Settings^Jonathan^Menu Iniciar^Programas^Inicializar^Tiny Watcher Logon Time.lnk]

path=d:\documents and settings\Jonathan\Menu Iniciar\Programas\Inicializar\Tiny Watcher Logon Time.lnk

backup=d:\windows\pss\Tiny Watcher Logon Time.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a--c--- 2005-06-06 22:46 57344 d:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashdisp]

--a--c--- 2009-02-05 18:08 81000 d:\arquivos de programas\Alwil Software\Avast4\ashDisp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

--a--c--- 2009-02-05 18:08 81000 d:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]

--a--c--- 2009-01-28 20:30 1797880 d:\arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]

--a--c--- 2008-12-20 18:54 278264 d:\arquivos de programas\COMODO\SafeSurf\cssurf.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a--c--- 2004-08-04 00:45 15360 d:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]

--a--c--- 2008-04-13 18:39 49152 d:\arquivos de programas\Vista Drive Icon\DrvIcon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Everest]

--a--c--- 2008-09-04 23:00 2117216 d:\arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]

--a--c--- 2003-04-01 15:41 270336 d:\arquivos de programas\ATI Technologies\ATI HydraVision\HydraDM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--a--c--- 2007-11-26 13:54 1057064 d:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a--c--- 2007-01-08 21:17 52256 d:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2007-03-01 13:57 153136 d:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

-----c--- 2007-03-14 20:01 71216 d:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

--a--c--- 2007-11-26 13:54 1629480 d:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]

--a--c--- 2006-09-18 13:12 843776 d:\windows\vsnpstd3.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2008-09-11 19:53 136600 d:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]

--a--c--- 2007-03-30 16:44 262144 d:\windows\tsnpstd3.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]

--a--c--- 2008-11-14 09:33 69632 d:\arquivos de programas\ViOrb\ViOrb.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Rainbar]

--a--c--- 2008-11-14 20:57 131778 d:\arquivos de programas\Vista Rainbar\launcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]

--a--c--- 2008-11-12 10:28 602112 d:\arquivos de programas\ViStart\ViStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]

--a--c--- 2007-04-25 08:45 956928 d:\arquivos de programas\VisualTooltip\VisualToolTip.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"d:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"d:\\Arquivos de programas\\Puxa Rápido\\PuxaRapido.exe"=

"d:\\Arquivos de programas\\eMule\\emule.exe"=

"d:\\Arquivos de programas\\Motorola\\RSD Lite\\SDL.exe"=

"d:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"d:\\MicroProse\\Worms2\\frontend.exe"=

"d:\\WINDOWS\\system32\\dplaysvr.exe"=

"d:\\Arquivos de programas\\Opera\\opera.exe"=

"d:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"d:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"d:\\Arquivos de programas\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"d:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [2009-03-07 28544]

R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2008-12-16 114768]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;d:\windows\system32\drivers\cmdguard.sys [2009-01-28 101776]

R1 cmdHlp;COMODO Internet Security Helper Driver;d:\windows\system32\drivers\cmdhlp.sys [2009-01-28 31504]

R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2008-12-16 20560]

R2 BT848;CxVCap, WDM Video Capture;d:\windows\system32\drivers\cxvcap.sys [2008-11-02 56704]

R2 BT878;CxTsCap, WDM MPEG-2 TS Capture (ATSC-A);d:\windows\system32\drivers\cxtscap.sys [2008-12-16 17280]

R2 CXTUNER;CxTuner, WDM TvTuner;d:\windows\system32\drivers\cxtuner.sys [2008-11-02 26752]

R2 CXXBAR;CxBar, WDM Crossbar;d:\windows\system32\drivers\cxxbar.sys [2008-11-02 9728]

R3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver;d:\windows\system32\drivers\CamSpaceBus.sys [2008-08-24 14848]

R3 CamSpaceJoy;CamSpace Virtual Joystick device driver;d:\windows\system32\drivers\CamSpaceJoy.sys [2008-08-24 30464]

S3 epmntdrv;epmntdrv;d:\windows\system32\epmntdrv.sys [2009-03-07 8704]

S3 EuGdiDrv;EuGdiDrv;d:\windows\system32\EuGdiDrv.sys [2009-03-07 3072]

S3 MotDev;Motorola Inc. USB Device;d:\windows\system32\drivers\motodrv.sys [2008-12-13 40832]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2bf41070-b2b1-21d1-b5c1-0305f4055515}]

c:\windows\svcr.exe

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-DriverMax - (no file)

MSConfigStartUp-LGODDFU - d:\arquivos de programas\lg_fwupdate\fwupdate.exe

MSConfigStartUp-OUPV Agent - d:\windows\system32\28463\OUPV.exe

MSConfigStartUp-POL Agent - d:\arquivos de programas\POL\POL.exe

MSConfigStartUp-Rundll - c:\windows\system32\kill.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=localhost:80;https=localhost:80;ftp=localhost:80

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

Handler: DirectDVD - {85A81A02-336B-43FF-998B-FE8E194FBA4D} - d:\windows\system32\DirectDVDProtocol.dll

DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} - hxxp://audition.com.br/activex/AuditionWeb.cab

DPF: {32A155BD-68EC-404E-A14F-72A851C0811D} - hxxp://cp.webng.com/client/fm/WebNG-Uploader.cab

FF - ProfilePath - d:\documents and settings\Jonathan\Dados de aplicativos\Mozilla\Firefox\Profiles\6e8794os.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - component: d:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\NP_PR1.dll

FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\NP_PR2.dll

FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\NP_PR3.dll

FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\NP_PR4.dll

FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\NP_PR5.dll

FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\NP_PR6.dll

FF - plugin: d:\arquivos de programas\Opera\program\plugins\NP_PR1.dll

FF - plugin: d:\arquivos de programas\Opera\program\plugins\NP_PR2.dll

FF - plugin: d:\arquivos de programas\Opera\program\plugins\NP_PR3.dll

FF - plugin: d:\arquivos de programas\Opera\program\plugins\NP_PR4.dll

FF - plugin: d:\arquivos de programas\Opera\program\plugins\NP_PR5.dll

FF - plugin: d:\arquivos de programas\Opera\program\plugins\NP_PR6.dll

FF - plugin: d:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll

 

---- FIREFOX POLICIES ----

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos:

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(548)

d:\windows\system32\Ati2evxx.dll

d:\windows\system32\cscui.dll

.

------------------------ Outros Processos em Execução ------------------------

.

d:\windows\system32\ati2evxx.exe

d:\windows\system32\ati2evxx.exe

d:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

d:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

d:\arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

d:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

d:\arquivos de programas\Java\jre6\bin\jqs.exe

d:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

d:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

d:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

d:\windows\system32\rundll32.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-10 15:50:24 - Máquina reiniciou [Jonathan]

ComboFix-quarantined-files.txt 2009-03-10 18:50:17

 

Pré-execução: 14 pasta(s) 14.361.415.680 bytes disponíveis

Pós execução: 14 pasta(s) 13,994,749,952 bytes disponíveis

 

334 --- E O F --- 2009-02-16 01:17:46

Compartilhar este post

Link para o post
Compartilhar em outros sites

JonJon CS    1

JonJon CS
Postado
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:19, on 2009-03-11

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

D:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\rundll32.exe

D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

D:\Arquivos de programas\Vista Drive Icon\DrvIcon.exe

D:\ARQUIV~1\Cacheman\Cacheman.exe

D:\WINDOWS\sm56hlpr.exe

D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

D:\Arquivos de programas\LClock\lclock.exe

D:\WINDOWS\system32\ctfmon.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\explorer.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

D:\Arquivos de programas\MSN Messenger\usnsvc.exe

D:\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:80;https=localhost:80;ftp=localhost:80

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - D:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [DrvIcon] D:\Arquivos de programas\Vista Drive Icon\DrvIcon.exe

O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe

O4 - HKCU\..\Run: [Cacheman] D:\ARQUIV~1\Cacheman\Cacheman.exe

O4 - HKCU\..\Run: [sm56hlpr] D:\WINDOWS\sm56hlpr.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [LClock] D:\Arquivos de programas\LClock\lclock.exe

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://audition.com.br/activex/AuditionWeb.cab

O16 - DPF: {32A155BD-68EC-404E-A14F-72A851C0811D} (WebNG-Uploader Control) - http://cp.webng.com/client/fm/WebNG-Uploader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6B8753EB-DE3E-447C-AEA0-A182B398143F}: NameServer = 200.202.193.75 200.222.0.34

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - D:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 7701 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito