[Resolvido!] pc travando e demorando na inicialização

[cassiano óliver 1]

olá,

nos últimos dias notei que meu pc na inicialização (quando surge a área de trabalho) ficou muito lenta...

e também ocorre com frequencia erro no explorer.exe...

 

log hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:35:48, on 7/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Apache Group\Apache\Apache.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\mysql\bin\mysqld-nt.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Apache Group\Apache\Apache.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Everstrike Software\Lock Folder XP 3.6\LF30.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\hijack\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [LFAgent] C:\Arquivos de programas\Everstrike Software\Lock Folder XP 3.6\LF30.exe -start

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B973844F-0CDF-4715-97BF-675E486FEA58}: NameServer = 192.168.20.1

O23 - Service: Apache - Unknown owner - C:\Arquivos de programas\Apache Group\Apache\Apache.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

 

--

End of file - 4250 bytes

[PedroN 1]

Acesse este site: http://www.kaspersky.com/virusscanner

 

Clique em

 

Siga as instruções de configuração do verificador conforme imagem abaixo.

 

 

poste o log do scan aqui mesmo no tópico

[cassiano óliver 1]

Olá Pedro,

 

Perdão pela demora...

estava sem internet...

 

ao salvar o log, salvei em html, segui o link

LOG KAS

[PedroN 1]

Oi cassiano, uma boa tarde!

 

Foi você que instalou o keylogger no seu computador?

 

Faça o download do ComboFix de um destes locais:

 

Link 1.

Link 2.

Link 3.

 

Importante!

Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança.

Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado.

Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operativo.

 

Certifique-se de que você salvou ComboFix.exe para o seu desktop.

 

• Desabilite o seu AntiVirus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

 

• Dê um duplo clique no ComboFix.exe & siga as instruções.

 

• Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Com malware infecções serem como são hoje, é fortemente recomendado que este pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware.

 

• Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console.

 

-- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos.

 

 

Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem:

 

 

Clique em Sim, para continuar a varredura de malware.

 

Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt na sua próxima resposta.

[cassiano óliver 1]

Foi você que instalou o keylogger no seu computador?

foi sim...

 

Será que ele causa algum problema?? pode deixar meu pc vulnerável??

[PedroN 1]

Foi você que instalou o keylogger no seu computador?

foi sim...

 

Será que ele causa algum problema?? pode deixar meu pc vulnerável??

 

Não aconselho programas como esses. Principalmente quando se baixa de fonte insegura. Léia mais em:

http://www.linhadefensiva.org/forum/index....showtopic=17550

 

Cadê o relátorio do combofix que foi pedido acima? ;)

[cassiano óliver 1]

aqui o relatório, é que enquanto rodava o combofix a net caiu, pra variar... hahah

 

ComboFix 09-05-13.02 - Cassiano 14/05/2009 15:08.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1552 [GMT -3:00]

Executando de: c:\documents and settings\Cassiano\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-14 to 2009-05-14 ))))))))))))))))))))))))))))

.

 

2009-05-07 16:59 . 2009-05-07 16:59 -------- d-----w c:\windows\Sun

2009-05-07 16:50 . 2009-05-07 16:50 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-07 16:50 . 2009-05-07 16:50 -------- d-----w c:\arquivos de programas\Java

2009-05-06 14:35 . 2009-05-06 14:35 -------- d--h--r c:\documents and settings\Cassiano\Dados de aplicativos\SecuROM

2009-05-06 14:35 . 2009-05-06 14:35 108144 ----a-w c:\windows\system32\CmdLineExt.dll

2009-05-06 12:22 . 2009-05-06 12:22 -------- d-----w c:\arquivos de programas\CAPCOM

2009-05-06 03:25 . 2009-05-06 03:25 -------- d-----w c:\arquivos de programas\Core Services

2009-05-03 20:56 . 2009-05-03 20:56 -------- d--h--w c:\windows\PIF

2009-04-30 23:15 . 2009-05-07 15:35 -------- d-----w C:\hijack

2009-04-30 22:28 . 2009-04-30 22:28 -------- d-sh--w c:\documents and settings\Administrador\IETldCache

2009-04-30 22:18 . 2009-04-30 22:18 -------- d-----w c:\documents and settings\Cassiano\Dados de aplicativos\AMPSoft

2009-04-30 14:28 . 2009-04-30 14:28 -------- d--h--w c:\windows\system32\GroupPolicy

2009-04-30 12:44 . 2009-04-30 12:44 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-04-30 12:06 . 2009-04-30 12:06 -------- d-----w c:\arquivos de programas\QuickTime

2009-04-30 12:06 . 2007-02-20 19:04 190696 ----a-w c:\windows\system32\NPSWF32_FlashUtil.exe

2009-04-30 12:05 . 2007-02-20 19:04 2463976 ----a-w c:\windows\system32\NPSWF32.dll

2009-04-30 00:30 . 2004-08-07 12:36 218624 ----a-w c:\windows\system32\uxtheme.dll

2009-04-30 00:25 . 2004-08-07 12:36 218624 ----a-w C:\uxtheme.dll

2009-04-29 23:56 . 2008-04-13 14:45 10368 -c--a-w c:\windows\system32\dllcache\hidusb.sys

2009-04-29 23:56 . 2008-04-13 14:45 10368 ----a-w c:\windows\system32\drivers\hidusb.sys

2009-04-29 23:48 . 2009-04-29 23:48 -------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2009-04-29 23:26 . 2009-04-29 23:26 8 --sh--r c:\documents and settings\All Users\Dados de aplicativos\58BA4C5115.sys

2009-04-29 23:26 . 2009-05-01 19:41 2516 --sha-w c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2009-04-29 23:26 . 2009-04-29 23:26 -------- d-----w c:\documents and settings\Cassiano\Dados de aplicativos\Corel

2009-04-29 23:26 . 2009-04-29 23:26 -------- d-----w c:\arquivos de programas\Arquivos comuns\Protexis

2009-04-29 23:26 . 2009-04-29 23:26 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Corel

2009-04-29 23:24 . 2009-04-29 23:24 -------- d-----w c:\arquivos de programas\Arquivos comuns\Corel

2009-04-29 23:24 . 2009-04-29 23:24 -------- d-----w c:\arquivos de programas\Corel

2009-04-29 23:20 . 2009-04-29 23:20 287 ----a-w c:\windows\PowerReg.dat

2009-04-29 23:20 . 2009-04-29 23:20 -------- d-----w c:\arquivos de programas\KnockOut 2

2009-04-29 23:20 . 2009-04-29 23:20 -------- d-----w c:\windows\Corel

2009-04-29 23:19 . 1998-10-29 19:45 306688 ----a-w c:\windows\IsUninst.exe

2009-04-29 23:13 . 2009-04-29 23:13 -------- d-----w c:\arquivos de programas\Arquivos comuns\Control Panels

2009-04-29 23:13 . 2009-04-29 23:13 -------- d-----w c:\arquivos de programas\nLite

2009-04-29 23:07 . 2009-04-29 23:07 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\ALM

2009-04-29 22:38 . 2009-04-29 22:38 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2009-04-29 22:32 . 2009-04-29 22:32 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache

2009-04-29 22:22 . 2009-04-29 22:22 -------- d-----w c:\arquivos de programas\Bonjour

2009-04-29 22:19 . 2009-04-29 22:19 -------- d-----w c:\documents and settings\Cassiano\Dados de aplicativos\AdobeUM

2009-04-29 22:10 . 2009-04-29 22:10 -------- d-----w c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2009-04-29 22:07 . 2009-04-29 22:07 -------- d-sh--w c:\documents and settings\Cassiano\PrivacIE

2009-04-29 22:02 . 2009-04-29 22:02 -------- d-sh--w c:\documents and settings\Cassiano\IETldCache

2009-04-29 21:43 . 2008-12-08 22:33 2076672 ----a-w c:\windows\system32\libmysql.dll

2009-04-29 21:43 . 2008-12-08 22:32 4915276 ----a-w c:\windows\system32\php5ts.dll

2009-04-29 21:42 . 2009-04-29 21:42 -------- d-----w C:\php5

2009-04-29 21:41 . 2009-04-29 21:41 -------- d-----w c:\arquivos de programas\Apache Group

2009-04-29 21:41 . 2009-04-29 21:42 -------- d-----w C:\mysql

2009-04-29 21:36 . 2009-04-29 21:36 -------- d-----w c:\arquivos de programas\Microsoft Works

2009-04-29 21:36 . 2009-04-29 21:36 -------- d-----w c:\arquivos de programas\Microsoft.NET

2009-04-29 21:33 . 2009-04-29 21:38 -------- d-----w c:\windows\SHELLNEW

2009-04-29 21:33 . 2009-05-03 14:19 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-04-29 21:32 . 2009-04-29 21:32 -------- d--h--r C:\MSOCache

2009-04-29 21:31 . 2009-04-29 21:31 -------- d-----w c:\arquivos de programas\Witcobber

2009-04-29 21:30 . 2006-10-24 17:16 242176 ----a-w c:\windows\system32\fixflash.exe

2009-04-29 21:30 . 2002-10-07 05:42 237568 ----a-w c:\windows\system32\OggDS.dll

2009-04-29 21:30 . 2002-10-05 10:04 921600 ----a-w c:\windows\system32\vorbisenc.dll

2009-04-29 21:30 . 2002-10-05 10:04 188416 ----a-w c:\windows\system32\vorbis.dll

2009-04-29 21:30 . 2002-10-05 10:04 45056 ----a-w c:\windows\system32\ogg.dll

2009-04-29 21:30 . 2007-04-12 17:19 129024 ----a-w c:\windows\system32\AVERM.dll

2009-04-29 21:30 . 2006-09-26 16:57 28672 ----a-w c:\windows\system32\AVEQT.dll

2009-04-29 21:30 . 2009-04-29 21:30 -------- d-----w c:\arquivos de programas\Allok Video to FLV Converter

2009-04-29 21:29 . 2009-04-29 21:30 -------- d-----w c:\arquivos de programas\Absolute Video Converter

2009-04-29 21:29 . 2005-12-30 23:10 761856 ----a-w c:\windows\system32\xvidcore.dll

2009-04-29 21:29 . 2005-12-30 23:18 180224 ----a-w c:\windows\system32\xvidvfw.dll

2009-04-29 21:29 . 2009-04-29 21:29 -------- d-----w c:\arquivos de programas\XviD

2009-04-29 21:29 . 2009-04-29 21:29 -------- d-----w c:\arquivos de programas\XP Codec Pack

2009-04-29 21:28 . 2009-04-29 21:28 -------- d-----w c:\arquivos de programas\Matroska Pack

2009-04-29 21:28 . 2009-04-29 21:28 -------- d-----w c:\arquivos de programas\AC3Filter

2009-04-29 21:28 . 2009-04-29 21:28 -------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-04-29 21:27 . 2009-04-29 21:28 -------- dc-h--w c:\windows\ie8

2009-04-29 21:21 . 2009-05-06 12:23 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-04-29 21:16 . 2009-04-29 21:17 -------- d-----w c:\arquivos de programas\CyberLink

2009-04-29 21:03 . 2009-05-14 12:09 -------- d-----w c:\windows\system32\NtmsData

2009-04-29 20:53 . 2009-04-29 20:53 -------- d-----w c:\arquivos de programas\Windows Media Connect 2

2009-04-29 20:51 . 2009-04-29 20:52 -------- d-----w c:\windows\system32\drivers\UMDF

2009-04-29 20:51 . 2009-04-29 20:51 -------- d-----w c:\windows\system32\LogFiles

2009-04-29 20:51 . 2009-01-07 21:21 26144 ----a-w c:\windows\system32\spupdsvc.exe

2009-04-29 20:50 . 2009-05-13 01:54 -------- d-----w c:\arquivos de programas\HTV

2009-04-29 20:50 . 2009-04-29 20:50 -------- d-----w c:\arquivos de programas\CCleaner

2009-04-29 20:46 . 2009-05-14 12:20 -------- d-----w c:\documents and settings\Cassiano\Tracing

2009-04-29 20:40 . 2009-04-29 20:40 -------- d-----w c:\arquivos de programas\Microsoft

2009-04-29 20:40 . 2009-04-29 20:40 -------- d-----w c:\arquivos de programas\Windows Live SkyDrive

2009-04-29 20:39 . 2009-04-29 20:40 -------- d-----w c:\arquivos de programas\Windows Live

2009-04-29 20:36 . 2009-04-29 20:36 -------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2009-04-29 20:28 . 2009-04-30 14:01 -------- d--h--w c:\windows\$hf_mig$

2009-04-29 20:23 . 2009-04-29 20:23 0 ----a-w c:\windows\nsreg.dat

2009-04-29 20:17 . 2009-04-29 23:13 -------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-04-29 20:15 . 2009-04-29 20:15 -------- d-----w c:\arquivos de programas\Everstrike Software

2009-04-29 20:15 . 2009-04-29 20:15 -------- d-----w c:\arquivos de programas\Arquivos comuns\Everstrike Software

2009-04-29 20:14 . 2009-04-29 20:14 -------- d-----w c:\arquivos de programas\DAEMON Tools

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-14 18:10 . 2009-04-29 16:38 17079584 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-05-14 18:10 . 2009-04-29 16:38 810272 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-05-14 00:47 . 2009-04-29 16:38 78944 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-05-14 00:47 . 2009-04-29 16:38 233024 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-04-30 13:38 . 2001-10-28 17:07 68190 ----a-w c:\windows\system32\perfc016.dat

2009-04-30 13:38 . 2001-10-28 17:07 427986 ----a-w c:\windows\system32\perfh016.dat

2009-04-29 20:36 . 2007-10-31 16:41 112144 ----a-w c:\windows\system32\drivers\kl1.sys

2009-04-29 20:36 . 2009-04-29 16:39 89601 ----a-w c:\windows\system32\drivers\klick.dat

2009-04-29 20:36 . 2009-04-29 16:39 101287 ----a-w c:\windows\system32\drivers\klin.dat

2009-04-29 20:36 . 2009-04-29 16:29 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-04-29 16:49 . 2009-04-29 16:49 682232 ----a-w c:\windows\system32\drivers\sptd.sys

2009-04-29 16:49 . 2009-04-29 16:48 -------- d-----w c:\arquivos de programas\Nero

2009-04-29 16:48 . 2009-04-29 16:48 -------- d-----w c:\arquivos de programas\Arquivos comuns\Nero

2009-04-29 16:47 . 2009-04-29 16:47 -------- d-----w c:\arquivos de programas\DVD Shrink

2009-04-29 16:47 . 2009-04-29 16:47 81920 ----a-w c:\documents and settings\Cassiano\Dados de aplicativos\ezpinst.exe

2009-04-29 16:47 . 2009-04-29 16:47 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2009-04-29 16:47 . 2009-04-29 16:47 47360 ----a-w c:\documents and settings\Cassiano\Dados de aplicativos\pcouffin.sys

2009-04-29 16:47 . 2009-04-29 16:47 -------- d-----w c:\arquivos de programas\CloneDVD

2009-04-29 16:46 . 2009-04-29 16:46 -------- d-----w c:\arquivos de programas\SlySoft

2009-04-29 16:38 . 2009-04-29 16:38 -------- d-----w c:\arquivos de programas\Kaspersky Lab

2009-04-29 16:30 . 2009-04-29 16:30 -------- d-----w c:\arquivos de programas\microsoft frontpage

2009-04-29 16:29 . 2001-10-28 17:06 67 --sha-w c:\windows\Fonts\desktop.ini

2009-04-29 16:29 . 2009-04-29 16:29 -------- d-----w c:\arquivos de programas\Serviços on-line

2009-04-29 16:28 . 2009-04-29 16:28 -------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2009-04-29 16:27 . 2009-04-29 16:27 21844 ----a-w c:\windows\system32\emptyregdb.dat

2009-03-08 07:34 . 2008-04-13 21:20 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 07:34 . 2008-04-13 21:20 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 07:33 . 2008-04-13 21:20 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 07:33 . 2008-04-13 21:20 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 07:32 . 2008-04-13 21:20 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 07:32 . 2008-04-13 21:20 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 07:31 . 2008-04-13 21:20 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 07:31 . 2008-04-13 20:52 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 07:31 . 2008-04-13 21:21 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 07:22 . 2001-10-28 17:07 156160 ----a-w c:\windows\system32\msls31.dll

.

 

((((((((((((((((((((((((((((( SnapShot_2009-04-30_01.07.16 )))))))))))))))))))))))))))))))))))))))))

.

+ 2001-10-28 17:07 . 2009-04-30 13:38 59440 c:\windows\system32\perfc009.dat

+ 2009-04-29 16:26 . 2001-10-28 17:07 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat

+ 2009-04-30 01:26 . 2009-04-30 12:11 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2009-04-29 16:33 . 2009-04-30 22:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2009-04-29 16:33 . 2009-04-29 22:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-04-29 16:33 . 2009-04-30 22:33 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

- 2009-04-29 16:33 . 2009-04-29 22:01 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

+ 2009-04-29 16:33 . 2009-04-30 22:33 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

- 2009-04-29 16:33 . 2009-04-29 22:01 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2009-04-30 12:05 . 2009-04-30 12:05 65536 c:\windows\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe

+ 2001-10-28 17:07 . 2009-04-30 13:38 395200 c:\windows\system32\perfh009.dat

+ 2008-04-13 21:20 . 2008-10-15 16:36 337408 c:\windows\system32\netapi32.dll

- 2008-04-13 21:20 . 2008-04-13 21:20 337408 c:\windows\system32\netapi32.dll

+ 2008-10-05 03:24 . 2008-10-05 03:24 235936 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2007-02-20 18:34 . 2007-02-20 18:34 190696 c:\windows\system32\Macromed\Flash\FlashUtil9c.exe

+ 2009-05-07 16:50 . 2009-05-07 16:50 148888 c:\windows\system32\javaws.exe

+ 2009-05-07 16:50 . 2009-05-07 16:50 144792 c:\windows\system32\javaw.exe

+ 2009-05-07 16:50 . 2009-05-07 16:50 144792 c:\windows\system32\java.exe

- 2008-04-13 21:20 . 2008-04-13 21:20 337408 c:\windows\system32\dllcache\netapi32.dll

+ 2008-04-13 21:20 . 2008-10-15 16:36 337408 c:\windows\system32\dllcache\netapi32.dll

+ 2008-10-05 03:24 . 2008-10-05 03:24 3695008 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2009-04-29 13:09 . 2009-04-30 22:33 1782016 c:\windows\system32\FNTCACHE.DAT

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LFAgent"="c:\arquivos de programas\Everstrike Software\Lock Folder XP 3.6\LF30.exe" [2009-04-29 498996]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"NVSvc"=2 (0x2)

"RichVideo"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"Bonjour Service"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4564:TCP"= 4564:TCP:hsbko

 

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [17/7/2008 13:33 143360]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\arquivos de programas\CyberLink\PowerDVD\000.fcl [2/11/2006 16:51 13560]

R2 LF30FS;LF30FS;c:\arquivos de programas\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19/11/2004 18:07 101488]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592]

S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [29/4/2009 10:14 36864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

.

------- Scan Suplementar -------

.

IE: Adicionar ao Anti-Banner - c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: {B973844F-0CDF-4715-97BF-675E486FEA58} = 192.168.20.1

FF - ProfilePath - c:\documents and settings\Cassiano\Dados de aplicativos\Mozilla\Firefox\Profiles\u8npblfk.default\

FF - prefs.js: browser.startup.homepage -

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-14 15:10

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\MySQL]

"ImagePath"="c:\mysql\bin\mysqld-nt MySQL"

 

[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\arquivos de programas\CyberLink\PowerDVD\000.fcl"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1004)

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\windows\system32\klogon.dll

 

- - - - - - - > 'lsass.exe'(1060)

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll

 

- - - - - - - > 'explorer.exe'(3000)

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-05-14 15:11

ComboFix-quarantined-files.txt 2009-05-14 18:11

ComboFix2.txt 2009-05-14 18:02

ComboFix3.txt 2009-05-05 19:52

ComboFix4.txt 2009-04-30 01:08

ComboFix5.txt 2009-05-14 18:07

 

Pré-execução: 14 pasta(s) 53.604.704.256 bytes disponíveis

Pós execução: 13 pasta(s) 53.588.885.504 bytes disponíveis

 

Current=10 Default=10 Failed=9 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11

262

[PedroN 1]

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Dirlook::

c:\windows\system32\GroupPolicy

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4564:TCP"=-

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

[cassiano óliver 1]

log combofix

 

ComboFix 09-05-13.02 - Cassiano 14/05/2009 19:41.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1481 [GMT -3:00]

Executando de: c:\documents and settings\Cassiano\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Cassiano\Desktop\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-14 to 2009-05-14 ))))))))))))))))))))))))))))

.

 

2009-05-07 16:59 . 2009-05-07 16:59 -------- d-----w c:\windows\Sun

2009-05-07 16:50 . 2009-05-07 16:50 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-07 16:50 . 2009-05-07 16:50 -------- d-----w c:\arquivos de programas\Java

2009-05-06 14:35 . 2009-05-06 14:35 -------- d--h--r c:\documents and settings\Cassiano\Dados de aplicativos\SecuROM

2009-05-06 14:35 . 2009-05-06 14:35 108144 ----a-w c:\windows\system32\CmdLineExt.dll

2009-05-06 12:22 . 2009-05-06 12:22 -------- d-----w c:\arquivos de programas\CAPCOM

2009-05-06 03:25 . 2009-05-06 03:25 -------- d-----w c:\arquivos de programas\Core Services

2009-05-03 20:56 . 2009-05-03 20:56 -------- d--h--w c:\windows\PIF

2009-04-30 23:15 . 2009-05-07 15:35 -------- d-----w C:\hijack

2009-04-30 22:28 . 2009-04-30 22:28 -------- d-sh--w c:\documents and settings\Administrador\IETldCache

2009-04-30 22:18 . 2009-04-30 22:18 -------- d-----w c:\documents and settings\Cassiano\Dados de aplicativos\AMPSoft

2009-04-30 14:28 . 2009-04-30 14:28 -------- d--h--w c:\windows\system32\GroupPolicy

2009-04-30 12:44 . 2009-04-30 12:44 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-04-30 12:06 . 2009-04-30 12:06 -------- d-----w c:\arquivos de programas\QuickTime

2009-04-30 12:06 . 2007-02-20 19:04 190696 ----a-w c:\windows\system32\NPSWF32_FlashUtil.exe

2009-04-30 12:05 . 2007-02-20 19:04 2463976 ----a-w c:\windows\system32\NPSWF32.dll

2009-04-30 00:30 . 2004-08-07 12:36 218624 ----a-w c:\windows\system32\uxtheme.dll

2009-04-30 00:25 . 2004-08-07 12:36 218624 ----a-w C:\uxtheme.dll

2009-04-29 23:56 . 2008-04-13 14:45 10368 -c--a-w c:\windows\system32\dllcache\hidusb.sys

2009-04-29 23:56 . 2008-04-13 14:45 10368 ----a-w c:\windows\system32\drivers\hidusb.sys

2009-04-29 23:48 . 2009-04-29 23:48 -------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2009-04-29 23:26 . 2009-04-29 23:26 8 --sh--r c:\documents and settings\All Users\Dados de aplicativos\58BA4C5115.sys

2009-04-29 23:26 . 2009-05-01 19:41 2516 --sha-w c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2009-04-29 23:26 . 2009-04-29 23:26 -------- d-----w c:\documents and settings\Cassiano\Dados de aplicativos\Corel

2009-04-29 23:26 . 2009-04-29 23:26 -------- d-----w c:\arquivos de programas\Arquivos comuns\Protexis

2009-04-29 23:26 . 2009-04-29 23:26 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Corel

2009-04-29 23:24 . 2009-04-29 23:24 -------- d-----w c:\arquivos de programas\Arquivos comuns\Corel

2009-04-29 23:24 . 2009-04-29 23:24 -------- d-----w c:\arquivos de programas\Corel

2009-04-29 23:20 . 2009-04-29 23:20 287 ----a-w c:\windows\PowerReg.dat

2009-04-29 23:20 . 2009-04-29 23:20 -------- d-----w c:\arquivos de programas\KnockOut 2

2009-04-29 23:20 . 2009-04-29 23:20 -------- d-----w c:\windows\Corel

2009-04-29 23:19 . 1998-10-29 19:45 306688 ----a-w c:\windows\IsUninst.exe

2009-04-29 23:13 . 2009-04-29 23:13 -------- d-----w c:\arquivos de programas\Arquivos comuns\Control Panels

2009-04-29 23:13 . 2009-04-29 23:13 -------- d-----w c:\arquivos de programas\nLite

2009-04-29 23:07 . 2009-04-29 23:07 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\ALM

2009-04-29 22:38 . 2009-04-29 22:38 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2009-04-29 22:32 . 2009-04-29 22:32 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache

2009-04-29 22:22 . 2009-04-29 22:22 -------- d-----w c:\arquivos de programas\Bonjour

2009-04-29 22:19 . 2009-04-29 22:19 -------- d-----w c:\documents and settings\Cassiano\Dados de aplicativos\AdobeUM

2009-04-29 22:10 . 2009-04-29 22:10 -------- d-----w c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2009-04-29 22:07 . 2009-04-29 22:07 -------- d-sh--w c:\documents and settings\Cassiano\PrivacIE

2009-04-29 22:02 . 2009-04-29 22:02 -------- d-sh--w c:\documents and settings\Cassiano\IETldCache

2009-04-29 21:43 . 2008-12-08 22:33 2076672 ----a-w c:\windows\system32\libmysql.dll

2009-04-29 21:43 . 2008-12-08 22:32 4915276 ----a-w c:\windows\system32\php5ts.dll

2009-04-29 21:42 . 2009-04-29 21:42 -------- d-----w C:\php5

2009-04-29 21:41 . 2009-04-29 21:41 -------- d-----w c:\arquivos de programas\Apache Group

2009-04-29 21:41 . 2009-04-29 21:42 -------- d-----w C:\mysql

2009-04-29 21:36 . 2009-04-29 21:36 -------- d-----w c:\arquivos de programas\Microsoft Works

2009-04-29 21:36 . 2009-04-29 21:36 -------- d-----w c:\arquivos de programas\Microsoft.NET

2009-04-29 21:33 . 2009-04-29 21:38 -------- d-----w c:\windows\SHELLNEW

2009-04-29 21:33 . 2009-05-03 14:19 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-04-29 21:32 . 2009-04-29 21:32 -------- d--h--r C:\MSOCache

2009-04-29 21:31 . 2009-04-29 21:31 -------- d-----w c:\arquivos de programas\Witcobber

2009-04-29 21:30 . 2006-10-24 17:16 242176 ----a-w c:\windows\system32\fixflash.exe

2009-04-29 21:30 . 2002-10-07 05:42 237568 ----a-w c:\windows\system32\OggDS.dll

2009-04-29 21:30 . 2002-10-05 10:04 921600 ----a-w c:\windows\system32\vorbisenc.dll

2009-04-29 21:30 . 2002-10-05 10:04 188416 ----a-w c:\windows\system32\vorbis.dll

2009-04-29 21:30 . 2002-10-05 10:04 45056 ----a-w c:\windows\system32\ogg.dll

2009-04-29 21:30 . 2007-04-12 17:19 129024 ----a-w c:\windows\system32\AVERM.dll

2009-04-29 21:30 . 2006-09-26 16:57 28672 ----a-w c:\windows\system32\AVEQT.dll

2009-04-29 21:30 . 2009-04-29 21:30 -------- d-----w c:\arquivos de programas\Allok Video to FLV Converter

2009-04-29 21:29 . 2009-04-29 21:30 -------- d-----w c:\arquivos de programas\Absolute Video Converter

2009-04-29 21:29 . 2005-12-30 23:10 761856 ----a-w c:\windows\system32\xvidcore.dll

2009-04-29 21:29 . 2005-12-30 23:18 180224 ----a-w c:\windows\system32\xvidvfw.dll

2009-04-29 21:29 . 2009-04-29 21:29 -------- d-----w c:\arquivos de programas\XviD

2009-04-29 21:29 . 2009-04-29 21:29 -------- d-----w c:\arquivos de programas\XP Codec Pack

2009-04-29 21:28 . 2009-04-29 21:28 -------- d-----w c:\arquivos de programas\Matroska Pack

2009-04-29 21:28 . 2009-04-29 21:28 -------- d-----w c:\arquivos de programas\AC3Filter

2009-04-29 21:28 . 2009-04-29 21:28 -------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-04-29 21:27 . 2009-04-29 21:28 -------- dc-h--w c:\windows\ie8

2009-04-29 21:21 . 2009-05-06 12:23 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-04-29 21:16 . 2009-04-29 21:17 -------- d-----w c:\arquivos de programas\CyberLink

2009-04-29 21:03 . 2009-05-14 18:34 -------- d-----w c:\windows\system32\NtmsData

2009-04-29 20:53 . 2009-04-29 20:53 -------- d-----w c:\arquivos de programas\Windows Media Connect 2

2009-04-29 20:51 . 2009-04-29 20:52 -------- d-----w c:\windows\system32\drivers\UMDF

2009-04-29 20:51 . 2009-04-29 20:51 -------- d-----w c:\windows\system32\LogFiles

2009-04-29 20:51 . 2009-01-07 21:21 26144 ----a-w c:\windows\system32\spupdsvc.exe

2009-04-29 20:50 . 2009-05-13 01:54 -------- d-----w c:\arquivos de programas\HTV

2009-04-29 20:50 . 2009-04-29 20:50 -------- d-----w c:\arquivos de programas\CCleaner

2009-04-29 20:46 . 2009-05-14 19:35 -------- d-----w c:\documents and settings\Cassiano\Tracing

2009-04-29 20:40 . 2009-04-29 20:40 -------- d-----w c:\arquivos de programas\Microsoft

2009-04-29 20:40 . 2009-04-29 20:40 -------- d-----w c:\arquivos de programas\Windows Live SkyDrive

2009-04-29 20:39 . 2009-04-29 20:40 -------- d-----w c:\arquivos de programas\Windows Live

2009-04-29 20:36 . 2009-04-29 20:36 -------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2009-04-29 20:28 . 2009-04-30 14:01 -------- d--h--w c:\windows\$hf_mig$

2009-04-29 20:23 . 2009-04-29 20:23 0 ----a-w c:\windows\nsreg.dat

2009-04-29 20:17 . 2009-04-29 23:13 -------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-04-29 20:15 . 2009-04-29 20:15 -------- d-----w c:\arquivos de programas\Everstrike Software

2009-04-29 20:15 . 2009-04-29 20:15 -------- d-----w c:\arquivos de programas\Arquivos comuns\Everstrike Software

2009-04-29 20:14 . 2009-04-29 20:14 -------- d-----w c:\arquivos de programas\DAEMON Tools

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-14 22:46 . 2009-04-29 16:38 17273120 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-05-14 22:46 . 2009-04-29 16:38 818464 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-05-14 18:33 . 2009-04-29 16:38 80240 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-05-14 18:33 . 2009-04-29 16:38 235496 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-04-30 13:38 . 2001-10-28 17:07 68190 ----a-w c:\windows\system32\perfc016.dat

2009-04-30 13:38 . 2001-10-28 17:07 427986 ----a-w c:\windows\system32\perfh016.dat

2009-04-29 20:36 . 2007-10-31 16:41 112144 ----a-w c:\windows\system32\drivers\kl1.sys

2009-04-29 20:36 . 2009-04-29 16:39 89601 ----a-w c:\windows\system32\drivers\klick.dat

2009-04-29 20:36 . 2009-04-29 16:39 101287 ----a-w c:\windows\system32\drivers\klin.dat

2009-04-29 20:36 . 2009-04-29 16:29 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-04-29 16:49 . 2009-04-29 16:49 682232 ----a-w c:\windows\system32\drivers\sptd.sys

2009-04-29 16:49 . 2009-04-29 16:48 -------- d-----w c:\arquivos de programas\Nero

2009-04-29 16:48 . 2009-04-29 16:48 -------- d-----w c:\arquivos de programas\Arquivos comuns\Nero

2009-04-29 16:47 . 2009-04-29 16:47 -------- d-----w c:\arquivos de programas\DVD Shrink

2009-04-29 16:47 . 2009-04-29 16:47 81920 ----a-w c:\documents and settings\Cassiano\Dados de aplicativos\ezpinst.exe

2009-04-29 16:47 . 2009-04-29 16:47 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2009-04-29 16:47 . 2009-04-29 16:47 47360 ----a-w c:\documents and settings\Cassiano\Dados de aplicativos\pcouffin.sys

2009-04-29 16:47 . 2009-04-29 16:47 -------- d-----w c:\arquivos de programas\CloneDVD

2009-04-29 16:46 . 2009-04-29 16:46 -------- d-----w c:\arquivos de programas\SlySoft

2009-04-29 16:38 . 2009-04-29 16:38 -------- d-----w c:\arquivos de programas\Kaspersky Lab

2009-04-29 16:30 . 2009-04-29 16:30 -------- d-----w c:\arquivos de programas\microsoft frontpage

2009-04-29 16:29 . 2001-10-28 17:06 67 --sha-w c:\windows\Fonts\desktop.ini

2009-04-29 16:29 . 2009-04-29 16:29 -------- d-----w c:\arquivos de programas\Serviços on-line

2009-04-29 16:28 . 2009-04-29 16:28 -------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2009-04-29 16:27 . 2009-04-29 16:27 21844 ----a-w c:\windows\system32\emptyregdb.dat

2009-03-08 07:34 . 2008-04-13 21:20 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 07:34 . 2008-04-13 21:20 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 07:33 . 2008-04-13 21:20 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 07:33 . 2008-04-13 21:20 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 07:32 . 2008-04-13 21:20 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 07:32 . 2008-04-13 21:20 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 07:31 . 2008-04-13 21:20 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 07:31 . 2008-04-13 20:52 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 07:31 . 2008-04-13 21:21 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 07:22 . 2001-10-28 17:07 156160 ----a-w c:\windows\system32\msls31.dll

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\windows\system32\GroupPolicy ----

 

2009-04-30 14:29 . 2009-04-30 14:29 190 ----a-w c:\windows\system32\GroupPolicy\User\Registry.pol

2009-04-30 14:28 . 2007-09-19 03:11 44940 ----a-w c:\windows\system32\GroupPolicy\Adm\wuau.adm

2009-04-30 14:28 . 2006-11-03 02:30 74934 ----a-w c:\windows\system32\GroupPolicy\Adm\wmplayer.adm

2009-04-30 14:28 . 2007-09-19 03:07 43086 ----a-w c:\windows\system32\GroupPolicy\Adm\conf.adm

2009-04-30 14:28 . 2009-03-08 17:32 2858548 ----a-w c:\windows\system32\GroupPolicy\Adm\inetres.adm

2009-04-30 14:28 . 2009-04-30 14:28 81 ---h--w c:\windows\system32\GroupPolicy\Adm\admfiles.ini

2009-04-30 14:28 . 2007-10-15 09:57 1915598 ----a-w c:\windows\system32\GroupPolicy\Adm\system.adm

2009-04-30 14:28 . 2009-04-30 14:29 155 ----a-w c:\windows\system32\GroupPolicy\gpt.ini

 

 

((((((((((((((((((((((((((((( SnapShot_2009-04-30_01.07.16 )))))))))))))))))))))))))))))))))))))))))

.

+ 2001-10-28 17:07 . 2009-04-30 13:38 59440 c:\windows\system32\perfc009.dat

+ 2009-04-29 16:26 . 2001-10-28 17:07 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat

+ 2009-04-30 01:26 . 2009-04-30 12:11 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2009-04-29 16:33 . 2009-04-30 22:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2009-04-29 16:33 . 2009-04-29 22:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-04-29 16:33 . 2009-04-30 22:33 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

- 2009-04-29 16:33 . 2009-04-29 22:01 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

+ 2009-04-29 16:33 . 2009-04-30 22:33 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

- 2009-04-29 16:33 . 2009-04-29 22:01 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2009-04-30 12:05 . 2009-04-30 12:05 65536 c:\windows\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe

+ 2001-10-28 17:07 . 2009-04-30 13:38 395200 c:\windows\system32\perfh009.dat

+ 2008-04-13 21:20 . 2008-10-15 16:36 337408 c:\windows\system32\netapi32.dll

- 2008-04-13 21:20 . 2008-04-13 21:20 337408 c:\windows\system32\netapi32.dll

+ 2008-10-05 03:24 . 2008-10-05 03:24 235936 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2007-02-20 18:34 . 2007-02-20 18:34 190696 c:\windows\system32\Macromed\Flash\FlashUtil9c.exe

+ 2009-05-07 16:50 . 2009-05-07 16:50 148888 c:\windows\system32\javaws.exe

+ 2009-05-07 16:50 . 2009-05-07 16:50 144792 c:\windows\system32\javaw.exe

+ 2009-05-07 16:50 . 2009-05-07 16:50 144792 c:\windows\system32\java.exe

- 2008-04-13 21:20 . 2008-04-13 21:20 337408 c:\windows\system32\dllcache\netapi32.dll

+ 2008-04-13 21:20 . 2008-10-15 16:36 337408 c:\windows\system32\dllcache\netapi32.dll

+ 2008-10-05 03:24 . 2008-10-05 03:24 3695008 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2009-04-29 13:09 . 2009-04-30 22:33 1782016 c:\windows\system32\FNTCACHE.DAT

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LFAgent"="c:\arquivos de programas\Everstrike Software\Lock Folder XP 3.6\LF30.exe" [2009-04-29 498996]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"NVSvc"=2 (0x2)

"RichVideo"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"Bonjour Service"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

 

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [17/7/2008 13:33 143360]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\arquivos de programas\CyberLink\PowerDVD\000.fcl [2/11/2006 16:51 13560]

R2 LF30FS;LF30FS;c:\arquivos de programas\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19/11/2004 18:07 101488]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592]

S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [29/4/2009 10:14 36864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: {B973844F-0CDF-4715-97BF-675E486FEA58} = 192.168.20.1

FF - ProfilePath - c:\documents and settings\Cassiano\Dados de aplicativos\Mozilla\Firefox\Profiles\u8npblfk.default\

FF - prefs.js: browser.startup.homepage -

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-14 19:46

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\MySQL]

"ImagePath"="c:\mysql\bin\mysqld-nt MySQL"

 

[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\arquivos de programas\CyberLink\PowerDVD\000.fcl"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1000)

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\windows\system32\klogon.dll

 

- - - - - - - > 'lsass.exe'(1056)

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll

 

- - - - - - - > 'explorer.exe'(2944)

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroDigitalExt.dll

c:\arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-05-14 19:48

ComboFix-quarantined-files.txt 2009-05-14 22:48

ComboFix2.txt 2009-05-14 18:12

ComboFix3.txt 2009-05-14 18:02

ComboFix4.txt 2009-05-05 19:52

ComboFix5.txt 2009-05-14 22:39

 

Pré-execução: 14 pasta(s) 53.655.736.320 bytes disponíveis

Pós execução: 13 pasta(s) 53.636.902.912 bytes disponíveis

 

Current=10 Default=10 Failed=9 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11

271

 

log hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:51:08, on 14/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Apache Group\Apache\Apache.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\mysql\bin\mysqld-nt.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Apache Group\Apache\Apache.exe

C:\Arquivos de programas\Everstrike Software\Lock Folder XP 3.6\LF30.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [LFAgent] C:\Arquivos de programas\Everstrike Software\Lock Folder XP 3.6\LF30.exe -start

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B973844F-0CDF-4715-97BF-675E486FEA58}: NameServer = 192.168.20.1

O23 - Service: Apache - Unknown owner - C:\Arquivos de programas\Apache Group\Apache\Apache.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

 

--

End of file - 4301 bytes

[PedroN 1]

Oi cassiano óliver, uma boa noite! O seu log estar limpo.

 

Primeiramente vá em Iniciar > Executar > Digite "combofix /u" sem aspas como descrito na imagem abaixo:

 

 

Aguarde a desinstalação.

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Clique em Salvar e quando terminado o download, faça a instalação;

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados.

 

Foi um prazer ajudá-lo, volte sempre que precisar. O fórum imaster estara de braços aberto, fique com Deus!

[cassiano óliver 1]

Eu que agradeço sua paciência e atenção Pedro!

 

Abração!

[PedroN 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.