Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Claudia_Cli_PREV

[Arquivado] Analize de log

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

Claudia_Cli_PREV    0

Claudia_Cli_PREV
Postado

olá pessoal, meu pc ta muito lento nesses ultimos tempos ai decidi mandar um log para analise,

 

Grata,

Claudia

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:35:33, on 2/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O8 - Extra context menu item: &Search - ?p=ZNfox000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193948735406

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C383DB03-7F0B-4548-B1D9-666E6A500D57}: NameServer = 200.157.247.9,200.157.247.7

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 8438 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa Claudia_Cli_PREV,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Claudia_Cli_PREV    0

Claudia_Cli_PREV
Postado

ComboFix 09-07-07.06 - Ana 07/07/2009 16:49.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.607 [GMT -3:00]

Executando de: c:\documents and settings\Ana\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090706-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Ana\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll

c:\documents and settings\Ana\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini

c:\drivers\nl.exe

c:\drivers\nl2.exe

c:\recycler\S-1-5-21-1123561945-515967899-839522115-1003

c:\windows\inidirx.ini

c:\windows\Installer\15db0.msi

c:\windows\Installer\1a09c5.msp

c:\windows\ponto.DLL

c:\windows\system32\autentic.dll

c:\windows\system32\configex.dll

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\desktop.ini

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\swflash.inf

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\wuweb.inf

c:\windows\system32\MEGATRON.ini

c:\windows\system32\msghot.dll

c:\windows\winload.inf

C:\winx.log

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-07 to 2009-07-07 ))))))))))))))))))))))))))))

.

 

2009-07-02 21:33 . 2009-07-02 21:32 401720 ----a-w- C:\HiJackThis.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-07 17:23 . 2007-11-01 20:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Google Updater

2009-07-07 13:42 . 2008-09-11 22:01 -------- d-----w- c:\arquivos de programas\eMule

2009-07-04 13:56 . 2008-11-22 13:39 -------- d-----w- c:\documents and settings\LocalService.AUTORIDADE NT\Dados de aplicativos\SACore

2009-05-18 18:22 . 2007-09-21 23:15 304182 ----a-w- C:\StiImg.dat

2009-05-18 18:01 . 2001-10-28 18:07 70980 ----a-w- c:\windows\system32\perfc016.dat

2009-05-18 18:01 . 2001-10-28 18:07 433840 ----a-w- c:\windows\system32\perfh016.dat

2009-05-07 15:43 . 2004-08-04 03:45 345600 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:52 . 2004-08-04 03:45 661504 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:52 . 2004-08-04 03:45 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-04-19 20:10 . 2004-08-04 03:38 1846784 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 15:17 . 2004-08-04 03:45 584192 ----a-w- c:\windows\system32\rpcrt4.dll

2008-11-17 09:35 . 2008-11-17 09:35 535 ----a-w- c:\arquivos de programas\codletra.txt

2008-04-11 14:32 . 2008-04-11 14:32 24 --sh--w- c:\windows\SCEE54DFB.tmp

.

 

------- Sigcheck -------

 

[-] 2008-04-14 02:21 14336 ED2D69CD4B0EBE37EFE11D4DC4ABC68F c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\svchost.exe

[7] 2004-08-04 03:45 14336 5DE3E7B6F7624552F2F06664F110820D c:\windows\system32\svchost.exe

[7] 2004-08-04 03:45 14336 5DE3E7B6F7624552F2F06664F110820D c:\windows\system32\dllcache\svchost.exe

 

[7] 2005-03-02 18:20 577536 3ED0A4D74EFD5AAF8408095F452E2613 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[7] 2007-03-08 15:50 578560 F86D3E5C8FE13297E1C2D662F9E2D59D c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2008-04-14 02:20 579072 54907DB28872A7A6D3EE2B4747A23828 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\user32.dll

[7] 2007-03-08 15:36 578048 B5782EE6EAFE3C218236F79F1A27B747 c:\windows\system32\user32.dll

[7] 2007-03-08 15:36 578048 B5782EE6EAFE3C218236F79F1A27B747 c:\windows\system32\dllcache\user32.dll

 

[-] 2008-04-14 02:20 82432 1FA3C4B2D7E35176E65FB69AB597B0F0 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ws2_32.dll

[7] 2004-08-04 03:45 82944 A5163442377D3C305BBFF612F80047D7 c:\windows\system32\ws2_32.dll

[7] 2004-08-04 03:45 82944 A5163442377D3C305BBFF612F80047D7 c:\windows\system32\dllcache\ws2_32.dll

 

[7] 2007-08-22 12:57 667648 A8D6DA26A5B8C56458D2222E524D8D29 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll

[7] 2007-10-11 06:00 668160 E3FFDED59DAADB3055BE4AD155C38CA3 c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll

[7] 2007-12-07 00:46 668160 2324E8E86733233A9435F9EA6A92B6E2 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll

[7] 2008-02-16 09:32 668160 F3AD9DF6B30D5A3F67B5561109640958 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll

[7] 2008-04-21 06:57 668672 10E93D1903BC15DC94FDF5A97994B120 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll

[7] 2008-04-21 06:44 668160 1AAF9F5394AB45664147E9CD6BD58EB4 c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll

[7] 2008-04-21 06:30 668672 C72070F8A201F0DDE3F4A6E7A0297261 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll

[7] 2008-06-23 16:15 669184 C4FC92EE25942192A8BF7FE8D17C284E c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll

[7] 2008-06-23 15:11 668160 4E6461EC1C5296EE5F4A9F0581569563 c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll

[7] 2008-06-23 14:56 668672 E1640D81CA8D86691E3D3C5319628AAE c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll

[7] 2008-08-20 05:33 669696 9DE49DCD6DB06B195BB6BF48FBFFDAD7 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll

[7] 2008-08-20 05:09 668160 89360A12DB77D411B2873E130923F6B9 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll

[7] 2008-08-20 05:07 668672 6C73C1A54E445C5687AD6B721EE27EBC c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll

[7] 2008-10-16 10:23 669696 ABEC7B8444B02D494C7780BC8BCDF44B c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll

[7] 2008-10-16 01:02 668160 5ED4AF2AD048B1AFB5A92E0E9EF42011 c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll

[7] 2008-10-16 01:04 669184 A6506D61159AAE4BC72406AAE4779538 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll

[7] 2009-02-20 08:15 670208 0D9B207F023DF6656B43236B0D2F1552 c:\windows\$hf_mig$\KB963027\SP2QFE\wininet.dll

[7] 2009-02-20 08:10 668160 046550DCA34625142B1F1EBF501E68B2 c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll

[7] 2009-02-20 07:59 669696 3B41224D0D26B2DD6D07A49C10B5DA79 c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll

[7] 2009-04-29 04:31 670208 5BCAF31AAB82AD9619026F4C0F9261D8 c:\windows\$hf_mig$\KB969897\SP2QFE\wininet.dll

[7] 2009-04-29 04:34 668672 A49D339DC3436B5CFC3BF6984E82A84C c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll

[7] 2009-04-29 04:29 670208 B023CE89AB2262F4C3323D549E53642E c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll

[7] 2008-08-20 05:37 661504 FE5247936C9BCB765FD16114303F404D c:\windows\$NtUninstallKB958215$\wininet.dll

[7] 2008-10-16 10:39 661504 28FAEE723326E23DE40278C99E635FF4 c:\windows\$NtUninstallKB963027$\wininet.dll

[7] 2009-02-20 08:31 661504 1BED8088A7967B0F7E885C3188725604 c:\windows\$NtUninstallKB969897$\wininet.dll

[-] 2008-04-14 02:20 668160 DF6D0F37A71883BE3505DD517EB8AD83 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\wininet.dll

[7] 2009-04-29 04:52 661504 E4D77416C8B518135C72F7A8FFAAE576 c:\windows\system32\wininet.dll

[7] 2009-04-29 04:52 661504 E4D77416C8B518135C72F7A8FFAAE576 c:\windows\system32\dllcache\wininet.dll

 

[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\tcpip.sys

[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 10:45 360320 01D5EAAFF224415A7FF513E4C882BE30 c:\windows\system32\drivers\tcpip.sys

 

[-] 2008-04-14 02:21 509952 71D440F79B711627B12B567FB2EADB42 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\winlogon.exe

[7] 2004-08-04 03:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 c:\windows\system32\winlogon.exe

[7] 2004-08-04 03:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 c:\windows\system32\dllcache\winlogon.exe

 

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ndis.sys

[7] 2004-08-04 02:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys

[7] 2004-08-04 02:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

 

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ip6fw.sys

[7] 2004-08-04 02:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys

[7] 2004-08-04 02:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

 

[7] 2005-03-02 18:13 2061184 AED7B3AA86AD031CF39C6E4BBA37E818 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[7] 2007-02-28 16:08 2063616 D027F0097B8F099C09369B8CC97D7C32 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[7] 2009-02-09 11:43 2067200 9CFC9992BF7C7AFE6FF7E5DE76D74A5F c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe

[7] 2009-02-10 22:07 2070272 DBAD62B9A518249C1A1408CF3AB9064A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe

[7] 2009-02-09 11:17 2070400 FF7FE874B6DA494303EE3DD9B97AB007 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 13:39 2067200 145CD2BBA58988B7A2E9B910AC4D4CA4 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe

[7] 2008-08-14 13:24 2070272 A62251C7C1F0DBC3241ABF1985EDE75E c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

[7] 2008-08-14 21:26 2070272 586A93E0C23F6A1893F6706F36B22598 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 13:45 2019840 64D6E5AFBB154BC21A2DA135DD739CA0 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[7] 2009-02-09 11:50 2061952 2C3F8E5094FC3AE90F5964581E1DA023 c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2008-04-14 02:00 2070144 F84054BFD1D688B901AD907499879BBD c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntkrnlpa.exe

[7] 2009-02-09 11:50 2019840 22557C1B42929B1C5A0A42541C668D5A c:\windows\system32\ntkrnlpa.exe

[7] 2009-02-09 11:50 2061952 2C3F8E5094FC3AE90F5964581E1DA023 c:\windows\system32\dllcache\ntkrnlpa.exe

 

[7] 2005-03-02 18:13 2183808 6E3AB4241E058B248CB7CDC5157449C3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[7] 2007-02-28 16:08 2186368 BFB4C8761976CCE0B544D557B4C70825 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[7] 2009-02-09 11:43 2190336 AF8A3B4150C87E692E5CD27836BFA83D c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe

[7] 2009-02-09 11:25 2193280 C667CA055AA4E24A0733061282276AA5 c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe

[7] 2009-02-10 22:16 2193408 B0BF079AF000D97D8C043D1DFF08086D c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[7] 2008-08-14 13:39 2190208 B72A025A758683552C4FEC7EABCB0661 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

[7] 2008-08-14 13:24 2193408 04BA43B0D2A13BD6B06D707299243CFC c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

[7] 2008-08-14 21:26 2193408 A42CC3CFC02A7B2BAEC7B0D45808B257 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[7] 2008-08-14 13:45 2140160 A06AD42BF92BCB0386699AC1352A9045 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[7] 2009-02-09 11:50 2184704 62135608ED3198885A545BF61272CD9A c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2008-04-14 02:01 2193280 185F6C64734019E7E9F626E53CC37FB4 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntoskrnl.exe

[7] 2009-02-09 11:50 2140160 514F2B2055B58556ACCFEE763E14D78F c:\windows\system32\ntoskrnl.exe

[7] 2009-02-09 11:50 2184704 62135608ED3198885A545BF61272CD9A c:\windows\system32\dllcache\ntoskrnl.exe

 

[7] 2007-06-13 13:21 1035264 DCCBF18E94D651393A3FFA060F88E0A0 c:\windows\explorer.exe

[7] 2007-06-13 13:10 1035264 45D521506825A10B80833B4E9621CCF6 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2008-04-14 02:20 1035776 064EC7FF5F58B928C3E119402977FA6D c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\explorer.exe

[7] 2007-06-13 13:21 1035264 DCCBF18E94D651393A3FFA060F88E0A0 c:\windows\system32\dllcache\explorer.exe

 

[7] 2009-02-09 09:53 111104 E64296F1D45C776FAC6EE8F89EF3C303 c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe

[7] 2009-02-09 11:25 111104 C52DEB6D8CD4B096BF1A9EC001F36507 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe

[7] 2009-02-09 11:17 111104 38867483E0CB504BB8F277E05729881E c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[7] 2004-08-04 03:45 108544 CC73C4430C2FC27FDE16A0A4E3678148 c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 02:21 109056 EE7999BAACA84CFAA03726E677EE2A33 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\services.exe

[7] 2009-02-09 10:08 111104 96D7D86D3AA68A57BBE835441DC23107 c:\windows\system32\services.exe

[7] 2009-02-09 10:08 111104 96D7D86D3AA68A57BBE835441DC23107 c:\windows\system32\dllcache\services.exe

 

[-] 2008-04-14 02:21 13312 9607142710D3B64AB7FCCE4BE4E30D37 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\lsass.exe

[7] 2004-08-04 03:45 13312 35C6463B3C5F62D2B20C953B6E1538E9 c:\windows\system32\lsass.exe

[7] 2004-08-04 03:45 13312 35C6463B3C5F62D2B20C953B6E1538E9 c:\windows\system32\dllcache\lsass.exe

 

[-] 2008-04-14 02:20 15360 4E486ADFE3A0B9ED0EB0639902E9F64F c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ctfmon.exe

[7] 2004-08-04 03:45 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\system32\ctfmon.exe

[7] 2004-08-04 03:45 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\system32\dllcache\ctfmon.exe

 

[7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2008-04-14 02:21 57856 AF1D9AE15C11163F576DF6ED6194B53C c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\spoolsv.exe

[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe

[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\dllcache\spoolsv.exe

 

[-] 2008-04-14 02:21 111616 4F2DDAECD720AAA6AD7475E5A29E5980 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\wuauclt.exe

[7] 2008-10-16 17:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe

[7] 2008-10-16 17:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

 

[-] 2008-04-14 02:21 26112 A7EA40F680163808D96F89B4FF991876 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\userinit.exe

[7] 2004-08-04 03:45 24576 4CA695EC1EE4C7CF2144DFA00EA0E1F7 c:\windows\system32\userinit.exe

[7] 2004-08-04 03:45 24576 4CA695EC1EE4C7CF2144DFA00EA0E1F7 c:\windows\system32\dllcache\userinit.exe

 

[-] 2008-04-14 02:20 296960 0F4DB70DCE17B9DC1A5D835B1A5EE469 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\termsrv.dll

[7] 2004-08-04 03:45 296960 23DFF6DAA7565CC5802E057A6B9F585E c:\windows\system32\termsrv.dll

[7] 2004-08-04 03:45 296960 23DFF6DAA7565CC5802E057A6B9F585E c:\windows\system32\dllcache\termsrv.dll

 

[7] 2007-04-16 16:11 1025024 631A6F8B57F800E4B55F8539F76E7274 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

[7] 2009-03-21 13:58 1028096 424919C0378FD828E0FE4683B480BE9B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll

[7] 2009-03-21 14:08 1028608 6A5A13A014F72F3C8E8A23B662C9DAF1 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll

[7] 2009-03-21 13:59 1030656 03DA51CE83B0D693A10C91B139BBD221 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[7] 2007-04-16 15:53 1023488 ECE3A528F975CEEC8B4FAF404548A449 c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-14 02:20 1028608 68ECDAD8AE2768DE61C20C41A28CC0B0 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\kernel32.dll

[7] 2009-03-21 14:20 1025024 407DEDFD4D52D6FFFBDF6A1D2F9FDAC7 c:\windows\system32\kernel32.dll

[7] 2009-03-21 14:20 1025024 407DEDFD4D52D6FFFBDF6A1D2F9FDAC7 c:\windows\system32\dllcache\kernel32.dll

 

[-] 2008-04-14 02:20 17408 C008BBC88156E0EE109C7FF445CD9555 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\powrprof.dll

[7] 2004-08-04 03:45 17408 0F81EB414DE1D77DD315F4A3D324BC1E c:\windows\system32\powrprof.dll

[7] 2004-08-04 03:45 17408 0F81EB414DE1D77DD315F4A3D324BC1E c:\windows\system32\dllcache\powrprof.dll

 

[-] 2008-04-14 02:20 110080 05C621EAA979D33A12F3B510FF4C6F9F c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\imm32.dll

[7] 2004-08-04 03:45 110080 602B88592E0690D0DFB5E5F44A9EF820 c:\windows\system32\imm32.dll

[7] 2004-08-04 03:45 110080 602B88592E0690D0DFB5E5F44A9EF820 c:\windows\system32\dllcache\imm32.dll

 

[-] 2008-04-14 02:20 1571840 698F9583D1EB213B09F12DD5826A46E2 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\sfcfiles.dll

[7] 2004-08-04 03:45 1548288 1DD4FC7EEE3A45257528A34FDF7BC689 c:\windows\system32\sfcfiles.dll

[7] 2004-08-04 03:45 1548288 1DD4FC7EEE3A45257528A34FDF7BC689 c:\windows\system32\dllcache\sfcfiles.dll

 

[-] 2008-04-14 02:20 172032 27683D3EE8FCB7E620B25C8A84B329D6 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\appmgmts.dll

[7] 2004-08-04 03:45 172032 2E131621557A6EF486FC86D738CBC8B6 c:\windows\system32\appmgmts.dll

[7] 2004-08-04 03:45 172032 2E131621557A6EF486FC86D738CBC8B6 c:\windows\system32\dllcache\appmgmts.dll

 

[-] 2008-04-14 01:58 25088 D3D4832B494CBF9A87CF86D7517013CB c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\kbdclass.sys

[7] 2004-08-04 03:39 25088 7FC1E330386610D5EB3E7C4C7893CA93 c:\windows\system32\drivers\kbdclass.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-06 68856]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-02-03 1004544]

"WMPNSCFG"="c:\arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

"K-Lite Nitro BETA"="c:\arquivos de programas\K-LiteNitro\K-LiteNitro.exe" [2006-10-19 4122112]

"eMuleAutoStart"="c:\arquivos de programas\eMule\emule.exe" [2008-08-01 5480448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-06-21 282624]

"Adobe Photo Downloader"="c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Google Updater.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Google Updater.lnk

backup=c:\windows\pss\Google Updater.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Image Zone.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Inicialização rápida do HP Image Zone.lnk

backup=c:\windows\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Conference\\Conference.dll"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\K-LiteNitro\\giFT\\giFTl.exe"=

"c:\\Documents and Settings\\All Users.WINDOWS\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

 

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [1/11/2007 17:19 11264]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/11/2008 08:02 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/11/2008 08:02 20560]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [22/11/2008 10:00 210216]

R2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [21/2/2009 20:36 50560]

S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);c:\windows\system32\drivers\SE30bus.sys [2/11/2007 10:32 61600]

S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;c:\windows\system32\drivers\SE30mdfl.sys [2/11/2007 10:43 9360]

S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;c:\windows\system32\drivers\SE30mdm.sys [2/11/2007 10:43 97184]

S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE30mgmt.sys [2/11/2007 10:45 88688]

S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);c:\windows\system32\drivers\se30nd5.sys [2/11/2007 10:46 18704]

S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;c:\windows\system32\drivers\SE30obex.sys [2/11/2007 10:44 86560]

S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);c:\windows\system32\drivers\se30unic.sys [2/11/2007 10:45 90800]

S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [21/2/2008 12:08 18004]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-07-07 c:\windows\Tasks\Google Software Updater.job

- c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-06 00:33]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.0.11)

 

 

.

------- Scan Suplementar -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Search - ?p=ZNfox000

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {C383DB03-7F0B-4548-B1D9-666E6A500D57} = 200.157.247.9,200.157.247.7

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game09.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\Ana\Dados de aplicativos\Mozilla\Firefox\Profiles\valg3it5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\arquivos de programas\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\arquivos de programas\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Picasa2\npPicasa2.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-07 16:56

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-07-07 17:00

ComboFix-quarantined-files.txt 2009-07-07 19:59

 

Pré-execução: 12 pasta(s) 56.509.497.344 bytes disponíveis

Pós execução: 12 pasta(s) 57.709.395.968 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

298 --- E O F --- 2009-07-03 13:19

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa Claudia_Cli_PREV,

 

1. Baixe o BankerFix 3.0.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. A janela do Banker Fix 3.0 abrir-se-á com a seguinte pergunta Instalar o BankerFix 3.0 / Install BankerFix 3.0 ? >> clique em SIM.

 

4. Uma janela informando que o BankerFix 3.0 será baixado via internet abrir-se-á >> clique sobre OK e aguarde. Na próxima janela clique em OK mais uma vez, a fim de que o BankerFix 3.0 seja iniciado.

 

5. Pressione qualquer tecla para dar continuidade ao processo e aguarde até que a varredura se complete. Tenha paciência, pois ela pode demorar alguns minutos.

 

6. Terminado o scan, leia a mensagem na tela e aperte Enter.

 

7. Habilite o seu anti-vírus.

 

8. Retorne com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

9. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

 

PS.: Caso apareça a seguinte mensagem: Site denunciado como foco de ataques!, não se preocupe e clique sobre Ignorar este alerta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Claudia_Cli_PREV    0

Claudia_Cli_PREV
Postado

Obrigado pela ajuda até aqui Jgarcia.

 

segue o relatório

 

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-07-17 - 18:07

-------------------------------------------------------

Lista de Definição: 2009-06-26-1 | CORE: 2009-01-21-1

=======================================================

 

Arquivo infectado detectado: C:\drivers\id

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\drivers\nl2.txt

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\drivers\nl3.txt

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\sysmlog.log

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\control.ctr

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\Prefetch\orkutkut.dll

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\code

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa Claudia_Cli_PREV,

 

Poste um novo log do ComboFix.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Claudia_Cli_PREV    0

Claudia_Cli_PREV
Postado

ComboFix 09-07-23.04 - Ana 24/07/2009 17:25.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.542 [GMT -3:00]

Executando de: c:\documents and settings\Ana\Desktop\Correção de virus\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090724-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-24 to 2009-07-24 ))))))))))))))))))))))))))))

.

 

2009-07-21 20:01 . 2009-07-21 20:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Messenger Plus!

2009-07-21 19:54 . 2009-07-21 19:54 -------- d-----w- c:\arquivos de programas\Circle Developement

2009-07-21 19:47 . 2009-07-21 19:54 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-07-20 20:15 . 2009-07-20 20:15 -------- d-----w- c:\arquivos de programas\Ultra Fractal 5

2009-07-20 20:15 . 2009-07-20 20:15 -------- d-----w- c:\documents and settings\Ana\Dados de aplicativos\Ultra Fractal 5

2009-07-17 21:07 . 2009-07-17 21:07 -------- d-----w- C:\LinhaDefensiva

2009-07-02 21:33 . 2009-07-02 21:32 401720 ----a-w- C:\HiJackThis.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-24 16:19 . 2008-09-11 22:01 -------- d-----w- c:\arquivos de programas\eMule

2009-07-23 23:38 . 2007-09-21 23:15 230454 ----a-w- C:\StiImg.dat

2009-07-23 20:59 . 2007-11-01 20:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Google Updater

2009-07-21 20:25 . 2008-11-22 13:39 -------- d-----w- c:\documents and settings\LocalService.AUTORIDADE NT\Dados de aplicativos\SACore

2009-07-20 21:13 . 2008-04-11 14:43 -------- d-----w- c:\arquivos de programas\K-LiteNitro

2009-06-16 14:54 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:54 . 2001-10-28 18:06 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-03 19:26 . 2004-08-04 03:45 1295360 ----a-w- c:\windows\system32\quartz.dll

2009-05-18 18:01 . 2001-10-28 18:07 70980 ----a-w- c:\windows\system32\perfc016.dat

2009-05-18 18:01 . 2001-10-28 18:07 433840 ----a-w- c:\windows\system32\perfh016.dat

2009-05-07 15:43 . 2004-08-04 03:45 345600 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:52 . 2004-08-04 03:45 661504 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:52 . 2004-08-04 03:45 81920 ----a-w- c:\windows\system32\ieencode.dll

2008-11-17 09:35 . 2008-11-17 09:35 535 ----a-w- c:\arquivos de programas\codletra.txt

2009-07-23 02:38 . 2008-09-10 10:26 134648 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll

2008-04-11 14:32 . 2008-04-11 14:32 24 --sh--w- c:\windows\SCEE54DFB.tmp

.

 

------- Sigcheck -------

 

[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\tcpip.sys

[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 10:45 360320 01D5EAAFF224415A7FF513E4C882BE30 c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-07-07_19.56.56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-08 20:32 . 2009-07-08 20:32 16384 c:\windows\Temp\Perflib_Perfdata_4cc.dat

+ 2008-01-06 12:55 . 2008-07-08 12:58 18296 c:\windows\system32\spmsg.dll

- 2008-01-06 12:55 . 2008-07-09 07:34 18296 c:\windows\system32\spmsg.dll

+ 2001-10-28 18:06 . 2009-06-16 14:54 82432 c:\windows\system32\dllcache\fontsub.dll

+ 2009-07-07 20:06 . 2009-07-07 20:06 78562 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

+ 2009-06-04 12:15 . 2009-06-04 12:15 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

- 2008-03-28 13:47 . 2008-03-19 22:22 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

+ 2009-06-04 11:45 . 2009-06-04 11:45 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

- 2007-11-01 21:03 . 2009-06-11 11:39 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2007-11-01 21:03 . 2009-07-15 16:03 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2007-11-01 21:03 . 2009-06-11 11:39 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2007-11-01 21:03 . 2009-07-15 16:03 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2007-11-01 21:03 . 2009-07-15 16:03 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2007-11-01 21:03 . 2009-06-11 11:39 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2007-11-01 21:03 . 2009-06-11 11:39 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2007-11-01 21:03 . 2009-07-15 16:03 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2007-11-01 21:03 . 2009-06-11 11:39 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2007-11-01 21:03 . 2009-07-15 16:03 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2007-11-01 21:03 . 2009-06-11 11:39 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2007-11-01 21:03 . 2009-07-15 16:03 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2009-06-04 12:17 . 2009-06-04 12:17 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

- 2008-03-28 13:47 . 2008-03-19 22:24 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

- 2007-11-01 21:03 . 2009-06-11 11:39 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2007-11-01 21:03 . 2009-07-15 16:03 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2004-08-04 03:45 . 2009-06-16 14:54 119808 c:\windows\system32\dllcache\t2embed.dll

+ 2009-06-04 11:45 . 2009-06-04 11:45 132472 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

+ 2009-06-04 12:15 . 2009-06-04 12:15 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

+ 2009-06-05 11:38 . 2009-06-05 11:38 468408 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe

+ 2009-06-04 12:17 . 2009-06-04 12:17 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll

+ 2009-06-04 12:16 . 2009-06-04 12:16 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll

+ 2009-06-05 11:34 . 2009-06-05 11:34 714752 c:\windows\system32\Adobe\Shockwave 11\gi.dll

+ 2009-06-04 12:15 . 2009-06-04 12:15 614400 c:\windows\system32\Adobe\Shockwave 11\Control.dll

- 2008-03-28 13:45 . 2008-03-19 22:36 202168 c:\windows\system32\Adobe\Director\swdir.dll

+ 2009-06-05 11:38 . 2009-06-05 11:38 202168 c:\windows\system32\Adobe\Director\swdir.dll

+ 2009-06-04 12:17 . 2009-06-04 12:17 131072 c:\windows\system32\Adobe\Director\np32dsw.dll

- 2007-11-01 21:03 . 2009-06-11 11:39 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2007-11-01 21:03 . 2009-07-15 16:03 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2007-11-01 21:03 . 2009-06-11 11:39 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2007-11-01 21:03 . 2009-07-15 16:03 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2007-11-01 21:03 . 2009-06-11 11:39 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2007-11-01 21:03 . 2009-07-15 16:03 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2007-11-01 21:03 . 2009-07-15 16:03 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2007-11-01 21:03 . 2009-06-11 11:39 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2007-11-01 21:03 . 2009-06-11 11:39 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2007-11-01 21:03 . 2009-07-15 16:03 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2007-11-01 21:03 . 2009-06-11 11:39 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2007-11-01 21:03 . 2009-07-15 16:03 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2004-08-04 03:45 . 2009-06-03 19:26 1295360 c:\windows\system32\dllcache\quartz.dll

+ 2009-06-04 11:51 . 2009-06-04 11:51 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll

+ 2009-06-04 11:45 . 2009-06-04 11:45 1886320 c:\windows\system32\Adobe\Shockwave 11\gt.exe

- 2008-03-28 13:47 . 2008-03-19 21:46 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

+ 2009-06-04 11:55 . 2009-06-04 11:55 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

+ 2009-06-30 14:30 . 2009-06-30 14:30 5520384 c:\windows\Installer\c1553c.msp

+ 2007-12-07 11:28 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-06 68856]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-02-03 1004544]

"K-Lite Nitro BETA"="c:\arquivos de programas\K-LiteNitro\K-LiteNitro.exe" [2006-10-19 4122112]

"WMPNSCFG"="c:\arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

"eMuleAutoStart"="c:\arquivos de programas\eMule\emule.exe" [2008-08-01 5480448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-06-21 282624]

"Adobe Photo Downloader"="c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Google Updater.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Google Updater.lnk

backup=c:\windows\pss\Google Updater.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Image Zone.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Inicialização rápida do HP Image Zone.lnk

backup=c:\windows\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Conference\\Conference.dll"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\K-LiteNitro\\giFT\\giFTl.exe"=

"c:\\Documents and Settings\\All Users.WINDOWS\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

 

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [1/11/2007 17:19 11264]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/11/2008 08:02 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/11/2008 08:02 20560]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [22/11/2008 10:00 210216]

R2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [21/2/2009 20:36 50560]

S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);c:\windows\system32\drivers\SE30bus.sys [2/11/2007 10:32 61600]

S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;c:\windows\system32\drivers\SE30mdfl.sys [2/11/2007 10:43 9360]

S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;c:\windows\system32\drivers\SE30mdm.sys [2/11/2007 10:43 97184]

S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE30mgmt.sys [2/11/2007 10:45 88688]

S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);c:\windows\system32\drivers\se30nd5.sys [2/11/2007 10:46 18704]

S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;c:\windows\system32\drivers\SE30obex.sys [2/11/2007 10:44 86560]

S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);c:\windows\system32\drivers\se30unic.sys [2/11/2007 10:45 90800]

S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [21/2/2008 12:08 18004]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-07-24 c:\windows\Tasks\Google Software Updater.job

- c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-06 00:33]

.

.

------- Scan Suplementar -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Search - ?p=ZNfox000

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {C383DB03-7F0B-4548-B1D9-666E6A500D57} = 200.157.247.9,200.157.247.7

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game09.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\Ana\Dados de aplicativos\Mozilla\Firefox\Profiles\valg3it5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\arquivos de programas\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\arquivos de programas\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Picasa2\npPicasa2.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-24 17:31

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2288)

c:\arquivos de programas\McAfee\SiteAdvisor\saHook.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-07-24 17:34

ComboFix-quarantined-files.txt 2009-07-24 20:34

ComboFix2.txt 2009-07-07 20:00

 

Pré-execução: 13 pasta(s) 57.231.904.768 bytes disponíveis

Pós execução: 13 pasta(s) 57.307.680.768 bytes disponíveis

 

218 --- E O F --- 2009-07-15 16:03

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa Claudia_Cli_PREV,

 

Primeiramente, desculpe a imensa demora, pois passei por problemas no trabalho e de saúde, os quais impediram o meu acesso ao fórum.

 

Bem, poste um novo log do ComboFix, a fim de que eu possa analisar a atual situação do micro.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito