[Resolvido!] Socket Error # 11004

[Whalz 0]

Olá pessoal, o problema é esse do socket 11004, já sei o procedimento para saná-lo, no entanto, preciso da ajuda de vocês para me dizer qual arquivo está infectado.

 

O log do Hijack é o seguinte:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:25:24, on 22/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos Windows\win32.exe

C:\Arquivos de programas\Styler\Styler.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\HOijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {D4650B8A-9428-4430-82DC-81DEE3AA2198}82DC-81DEE3AA2198} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [win32.exe] C:\Arquivos Windows\win32.exe

O4 - Startup: Styler.lnk = ?

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266158923609

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266158911968

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{08A592ED-96B9-4D2F-8513-8A419DDCDC99}: NameServer = 200.204.0.138 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{08A592ED-96B9-4D2F-8513-8A419DDCDC99}: NameServer = 200.204.0.138 200.204.0.10

O17 - HKLM\System\CS2\Services\Tcpip\..\{08A592ED-96B9-4D2F-8513-8A419DDCDC99}: NameServer = 200.204.0.138 200.204.0.10

O20 - AppInit_DLLs: c:\arquiv~1\agnitum\outpos~1\wl_hook.dll

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 6871 bytes

[wings 22]

Boa noite....

 

 

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades (C:\ e D:\) a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[Whalz 0]

Opa, parece que resolveu só de passar esse Malwarebytes, já não apareceu mais o socket error ao iniciar e as pastas estão abrindo normalmente sem ficar travando com a mensagem "Não está respondendo", mas de qualquer forma lá vai o log.

 

Desde já, muito obrigado pela ajuda!

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3902

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

 

22/3/2010 23:24:39

mbam-log-2010-03-22 (23-24-39).txt

 

Tipo de Verificação: Completa (C:\|Z:\|)

Objetos verificados: 181508

Tempo decorrido: 1 hour(s), 41 minute(s), 45 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 2

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\center.centerplus (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\Documents and Settings\All Users\Dados de aplicativos\1ppt2pdf.dll (Trojan.Agent) -> Quarantined and deleted successfully.

[wings 22]

1.

*Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]

*Clique na aba [Logs], selecione o relatório e clique em [Remover]

 

2.

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avira ao lado do relógio > clique na opção "AntiVir Guard enable".

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

 

 

*Após a instalação, clique em [sIM] para continuar.

 

 

*Aguarde a conclusão de todas as etapas

 

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

[Whalz 0]

Certo, passei o combofix como você disse, no entanto, o pc tinha reiniciado a mando do combofix e ele não baixou o console de recuperação, porque precisava conectar e o windows não tinha terminado de iniciar.

 

Log Combofix,

 

ComboFix 10-03-23.03 - Felipe 23/03/2010 22:59:35.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.634 [GMT -3:00]

Executando de: c:\documents and settings\Felipe\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

ADS - WINDOWS: deleted 24 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos windows\under.sys

C:\Thumbs.db

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-24 to 2010-03-24 ))))))))))))))))))))))))))))

.

 

2010-03-24 00:29 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-03-24 00:28 . 2010-03-24 00:29 -------- d-----w- c:\windows\ie8updates

2010-03-24 00:28 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-03-24 00:28 . 2009-12-21 19:07 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-03-24 00:25 . 2010-03-24 00:27 -------- dc-h--w- c:\windows\ie8

2010-03-23 01:44 . 2010-03-23 01:44 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2010-03-23 01:09 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-03-23 01:08 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2010-03-23 01:08 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-03-23 01:06 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-03-23 01:06 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2010-03-23 01:06 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2010-03-23 01:06 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2010-03-23 01:06 . 2009-03-08 07:33 420352 -c--a-w- c:\windows\system32\dllcache\vbscript.dll

2010-03-23 01:06 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2010-03-23 01:06 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2010-03-23 01:05 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-03-23 01:05 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-03-23 01:05 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-23 01:05 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2010-03-23 01:04 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-03-23 01:02 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-03-23 01:02 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2010-03-23 00:59 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2010-03-23 00:59 . 2009-12-09 10:09 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-03-23 00:59 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll

2010-03-23 00:59 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe

2010-03-23 00:59 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2010-03-23 00:59 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2010-03-23 00:58 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll

2010-03-23 00:58 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-03-23 00:58 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll

2010-03-23 00:58 . 2009-12-09 10:09 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-03-23 00:58 . 2009-12-09 10:09 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-03-23 00:49 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-03-23 00:47 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-03-23 00:46 . 2009-03-08 07:33 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll

2010-03-23 00:39 . 2010-03-23 00:39 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\Malwarebytes

2010-03-23 00:39 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-23 00:39 . 2010-03-23 00:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-03-23 00:39 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-23 00:39 . 2010-03-23 00:39 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-03-22 23:56 . 2010-03-22 23:58 -------- d-----w- c:\windows\system32\NtmsData

2010-03-22 23:26 . 2010-03-22 23:48 -------- d-----w- C:\Ad-Remover

2010-03-22 22:04 . 2010-03-23 00:44 -------- d-----w- C:\HOijack

2010-03-21 21:47 . 2010-03-21 21:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ahead

2010-03-21 18:49 . 2010-03-21 18:49 -------- d-----w- c:\arquivos de programas\MSECache

2010-03-21 05:10 . 2010-03-21 05:10 195072 ----a-w- c:\windows\jiab5266.dll

2010-03-20 19:47 . 2010-03-24 02:04 -------- d-----w- C:\Arquivos Windows

2010-03-20 19:47 . 2010-03-21 05:40 20480 ----a-w- c:\documents and settings\Felipe\count.exe

2010-03-09 22:45 . 2010-03-09 22:45 -------- d-----w- C:\Arquivos de Programas RFB

2010-02-22 23:39 . 2010-02-22 23:47 -------- d-----w- c:\windows\SxsCaPendDel

2010-02-22 02:38 . 2010-03-21 03:39 -------- d-----w- c:\arquivos de programas\Steam

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-24 00:13 . 2001-10-28 18:07 79690 ----a-w- c:\windows\system32\perfc016.dat

2010-03-24 00:13 . 2001-10-28 18:07 469504 ----a-w- c:\windows\system32\perfh016.dat

2010-03-23 00:47 . 2008-12-26 01:32 -------- d-----w- c:\arquivos de programas\FlashGet

2010-03-21 21:47 . 2009-02-09 01:10 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\Ahead

2010-03-21 20:07 . 2009-05-13 23:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-03-21 05:06 . 2008-12-25 06:12 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-03-14 21:11 . 2009-01-06 08:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Soulseek

2010-03-07 21:56 . 2008-12-27 05:03 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\uTorrent

2010-03-02 01:22 . 2009-09-25 08:45 -------- d-----w- c:\arquivos de programas\Ganymede

2010-03-02 01:20 . 2009-04-04 00:51 -------- d-----w- c:\arquivos de programas\CCleaner

2010-02-28 03:14 . 2008-12-25 05:53 -------- d-----w- c:\arquivos de programas\Tibia

2010-02-28 02:33 . 2009-04-24 01:05 -------- d-----w- c:\arquivos de programas\ElfBot NG

2010-02-23 15:36 . 2008-12-27 05:03 -------- d-----w- c:\arquivos de programas\uTorrent

2010-02-17 21:25 . 2010-02-17 21:20 -------- d-----w- c:\arquivos de programas\Styler

2010-02-17 21:25 . 2010-02-17 21:25 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\Styler

2010-02-17 21:20 . 2010-02-17 21:20 15086 ----a-r- c:\documents and settings\Felipe\Dados de aplicativos\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe

2010-02-17 21:20 . 2010-02-17 21:20 15086 ----a-r- c:\documents and settings\Felipe\Dados de aplicativos\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

2010-02-17 21:11 . 2004-08-04 03:45 219648 ----a-w- c:\windows\system32\uxtheme.dll

2010-02-17 21:05 . 2008-12-25 01:04 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-02-17 21:05 . 2010-02-07 13:43 -------- d-----w- c:\arquivos de programas\Pando Networks

2010-02-17 20:56 . 2010-02-02 13:56 17488 ----a-w- c:\windows\gdrv.sys

2010-02-16 06:09 . 2009-03-13 02:48 -------- d-----w- c:\arquivos de programas\Megacubo

2010-02-16 06:07 . 2010-02-16 06:07 -------- d-----w- c:\arquivos de programas\Orban

2010-02-15 05:58 . 2010-02-15 05:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2010-02-15 05:58 . 2010-02-15 05:58 -------- d-----w- c:\arquivos de programas\Avira

2010-02-14 14:37 . 2010-02-14 14:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Drivers HeadQuarters

2010-02-08 02:21 . 2010-02-05 02:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton

2010-02-08 02:21 . 2010-02-07 20:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared

2010-02-05 02:03 . 2010-02-05 02:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec

2010-02-05 02:03 . 2010-02-05 02:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller

2010-02-02 13:54 . 2008-12-25 01:04 -------- d-----w- c:\arquivos de programas\Realtek

2010-02-02 13:47 . 2010-02-02 13:47 -------- d-----w- c:\arquivos de programas\Intel

2010-02-02 13:46 . 2010-02-02 13:46 -------- d-----w- c:\arquivos de programas\Gigabyte

2010-01-28 12:05 . 2009-03-26 23:57 69632 ----a-w- c:\windows\system32\MSJCE.dll

2009-12-31 16:50 . 2004-08-04 02:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-04-04 06:35 . 2009-02-18 22:38 32 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-04-04 06:35 . 2009-02-18 22:38 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

 

c:\documents and settings\Felipe\Menu Iniciar\Programas\Inicializar\

Styler.lnk - c:\documents and settings\Felipe\Dados de aplicativos\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-2-17 15086]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Felipe^Menu Iniciar^Programas^Inicializar^TransBar.lnk]

path=c:\documents and settings\Felipe\Menu Iniciar\Programas\Inicializar\TransBar.lnk

backup=c:\windows\pss\TransBar.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-12-11 17:57 948672 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 03:57 35760 ------w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-03-12 15:49 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-08-17 22:00 133104 ----atw- c:\documents and settings\Felipe\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-09 20:53 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-01-13 06:37 18084864 ----a-w- c:\windows\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 19:07 2260480 --sha-r- c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-03-09 08:19 148888 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"NBService"=3 (0x3)

"avg8wd"=2 (0x2)

"avg8emc"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=

"c:\\Arquivos de programas\\Ventrilo\\Ventrilo.exe"=

"c:\\Arquivos de programas\\Tibia\\Tibia.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\SoulseekNS\\slsk.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\whalz\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Documents and Settings\\Felipe\\Meus documentos\\Tibia84\\Tibia.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Steam\\Steam.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=

 

R2 AntiVirSchedulerService;Avira AntiVir Programador;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [15/2/2010 02:58 108289]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/1/2009 01:15 717296]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-23 c:\windows\Tasks\User_Feed_Synchronization-{5D01BB1B-EF1A-4F9B-9426-F34AA1792548}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Felipe\Dados de aplicativos\Mozilla\Firefox\Profiles\j3yzvvg9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br/

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{D4650B8A-9428-4430-82DC-81DEE3AA2198}82DC-81DEE3AA2198} - (no file)

 

 

 

**************************************************************************

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos:

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-448539723-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%õ*æ*]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_USERS\S-1-5-21-448539723-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%õ*æ*\OpenWithList]

@Class="Shell"

"a"="winamp.exe"

"MRUList"="a"

 

[HKEY_USERS\S-1-5-21-448539723-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%õ*æ*\OpenWithProgids]

"-õæ_auto_file"=hex(0):

 

[HKEY_LOCAL_MACHINE\software\Classes\.*,%õ*æ*]

@="-õæ_auto_file"

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell]

@="Play"

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\Enqueue]

@="&Enqueue in Winamp"

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\Enqueue\command]

@="\"c:\\Arquivos de programas\\Winamp\\winamp.exe\" /ADD \"%1\""

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\Enqueue\DropTarget]

"Clsid"="{77A366BA-2BE4-4a1e-9263-7734AA3E99A2}"

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\ListBookmark]

@="Add to Winamp's &Bookmark list"

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\ListBookmark\command]

@="\"c:\\Arquivos de programas\\Winamp\\winamp.exe\" /BOOKMARK \"%1\""

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\open]

@=""

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\open\command]

@="\"c:\\Arquivos de programas\\Winamp\\winamp.exe\" \"%1\""

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\open\DropTarget]

"Clsid"="{46986115-84D6-459c-8F95-52DD653E532E}"

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\Play]

@="&Play in Winamp"

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\Play\command]

@="\"c:\\Arquivos de programas\\Winamp\\winamp.exe\" \"%1\""

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\Play\DropTarget]

"Clsid"="{46986115-84D6-459c-8F95-52DD653E532E}"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(744)

c:\windows\system32\Ati2evxx.dll

.

Tempo para conclusão: 2010-03-23 23:06:19

ComboFix-quarantined-files.txt 2010-03-24 02:06

 

Pré-execução: 13 pasta(s) 15.313.285.120 bytes disponíveis

Pós execução: 16 pasta(s) 15.300.890.624 bytes disponíveis

 

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 762AC089F60E648C4E769FAACAFB7F21

[wings 22]

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

File::

c:\windows\jiab5266.dll

FileLook::

c:\documents and settings\Felipe\Dados de aplicativos\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe

c:\documents and settings\Felipe\Dados de aplicativos\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt

[Whalz 0]

Hum, passei o combofix como foi solicitado, importante é ressaltar que depois de reiniciado o pc para desativar cd-emulation, esse arquivo c:\windows\jiab5266.dll, foi pego pelo antivirus avira como um cavalo de troia TR/Banker.Bancos.onm, e o resultado foi o seguinte

 

ComboFix 10-03-23.03 - Felipe 24/03/2010 20:46:32.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.647 [GMT -3:00]

Executando de: c:\documents and settings\Felipe\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Felipe\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

"c:\windows\jiab5266.dll"

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-24 to 2010-03-24 ))))))))))))))))))))))))))))

.

 

2010-03-24 02:06 . 2010-03-24 02:06 -------- d-sh--w- c:\documents and settings\Felipe\IETldCache

2010-03-24 00:29 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-03-24 00:28 . 2010-03-24 00:29 -------- d-----w- c:\windows\ie8updates

2010-03-24 00:28 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-03-24 00:28 . 2009-12-21 19:07 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-03-24 00:25 . 2010-03-24 00:27 -------- dc-h--w- c:\windows\ie8

2010-03-23 01:44 . 2010-03-23 01:44 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2010-03-23 01:09 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-03-23 01:08 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2010-03-23 01:08 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-03-23 01:06 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-03-23 01:06 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2010-03-23 01:06 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2010-03-23 01:06 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2010-03-23 01:06 . 2009-03-08 07:33 420352 -c--a-w- c:\windows\system32\dllcache\vbscript.dll

2010-03-23 01:06 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2010-03-23 01:06 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2010-03-23 01:05 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-03-23 01:05 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-03-23 01:05 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-23 01:05 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2010-03-23 01:04 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-03-23 01:02 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-03-23 01:02 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2010-03-23 00:59 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2010-03-23 00:59 . 2009-12-09 10:09 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-03-23 00:59 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll

2010-03-23 00:59 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe

2010-03-23 00:59 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2010-03-23 00:59 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2010-03-23 00:58 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll

2010-03-23 00:58 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-03-23 00:58 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll

2010-03-23 00:58 . 2009-12-09 10:09 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-03-23 00:58 . 2009-12-09 10:09 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-03-23 00:49 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-03-23 00:47 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-03-23 00:46 . 2009-03-08 07:33 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll

2010-03-23 00:39 . 2010-03-23 00:39 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\Malwarebytes

2010-03-23 00:39 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-23 00:39 . 2010-03-23 00:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-03-23 00:39 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-23 00:39 . 2010-03-23 00:39 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-03-22 23:56 . 2010-03-22 23:58 -------- d-----w- c:\windows\system32\NtmsData

2010-03-22 23:26 . 2010-03-22 23:48 -------- d-----w- C:\Ad-Remover

2010-03-22 22:04 . 2010-03-23 00:44 -------- d-----w- C:\HOijack

2010-03-21 21:47 . 2010-03-21 21:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ahead

2010-03-21 18:49 . 2010-03-21 18:49 -------- d-----w- c:\arquivos de programas\MSECache

2010-03-20 19:47 . 2010-03-24 02:04 -------- d-----w- C:\Arquivos Windows

2010-03-20 19:47 . 2010-03-21 05:40 20480 ----a-w- c:\documents and settings\Felipe\count.exe

2010-03-09 22:45 . 2010-03-09 22:45 -------- d-----w- C:\Arquivos de Programas RFB

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-24 00:13 . 2001-10-28 18:07 79690 ----a-w- c:\windows\system32\perfc016.dat

2010-03-24 00:13 . 2001-10-28 18:07 469504 ----a-w- c:\windows\system32\perfh016.dat

2010-03-23 00:47 . 2008-12-26 01:32 -------- d-----w- c:\arquivos de programas\FlashGet

2010-03-21 21:47 . 2009-02-09 01:10 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\Ahead

2010-03-21 20:07 . 2009-05-13 23:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-03-21 05:06 . 2008-12-25 06:12 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-03-21 03:39 . 2010-02-22 02:38 -------- d-----w- c:\arquivos de programas\Steam

2010-03-14 21:11 . 2009-01-06 08:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Soulseek

2010-03-07 21:56 . 2008-12-27 05:03 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\uTorrent

2010-03-02 01:22 . 2009-09-25 08:45 -------- d-----w- c:\arquivos de programas\Ganymede

2010-03-02 01:20 . 2009-04-04 00:51 -------- d-----w- c:\arquivos de programas\CCleaner

2010-02-28 03:14 . 2008-12-25 05:53 -------- d-----w- c:\arquivos de programas\Tibia

2010-02-28 02:33 . 2009-04-24 01:05 -------- d-----w- c:\arquivos de programas\ElfBot NG

2010-02-23 15:36 . 2008-12-27 05:03 -------- d-----w- c:\arquivos de programas\uTorrent

2010-02-17 21:25 . 2010-02-17 21:20 -------- d-----w- c:\arquivos de programas\Styler

2010-02-17 21:25 . 2010-02-17 21:25 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\Styler

2010-02-17 21:20 . 2010-02-17 21:20 15086 ----a-r- c:\documents and settings\Felipe\Dados de aplicativos\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe

2010-02-17 21:20 . 2010-02-17 21:20 15086 ----a-r- c:\documents and settings\Felipe\Dados de aplicativos\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

2010-02-17 21:11 . 2004-08-04 03:45 219648 ----a-w- c:\windows\system32\uxtheme.dll

2010-02-17 21:05 . 2008-12-25 01:04 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-02-17 21:05 . 2010-02-07 13:43 -------- d-----w- c:\arquivos de programas\Pando Networks

2010-02-17 20:56 . 2010-02-02 13:56 17488 ----a-w- c:\windows\gdrv.sys

2010-02-16 06:09 . 2009-03-13 02:48 -------- d-----w- c:\arquivos de programas\Megacubo

2010-02-16 06:07 . 2010-02-16 06:07 -------- d-----w- c:\arquivos de programas\Orban

2010-02-15 05:58 . 2010-02-15 05:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2010-02-15 05:58 . 2010-02-15 05:58 -------- d-----w- c:\arquivos de programas\Avira

2010-02-14 14:37 . 2010-02-14 14:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Drivers HeadQuarters

2010-02-08 02:21 . 2010-02-05 02:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton

2010-02-08 02:21 . 2010-02-07 20:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared

2010-02-05 02:03 . 2010-02-05 02:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec

2010-02-05 02:03 . 2010-02-05 02:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller

2010-02-02 13:54 . 2008-12-25 01:04 -------- d-----w- c:\arquivos de programas\Realtek

2010-02-02 13:47 . 2010-02-02 13:47 -------- d-----w- c:\arquivos de programas\Intel

2010-02-02 13:46 . 2010-02-02 13:46 -------- d-----w- c:\arquivos de programas\Gigabyte

2010-01-28 12:05 . 2009-03-26 23:57 69632 ----a-w- c:\windows\system32\MSJCE.dll

2009-12-31 16:50 . 2004-08-04 02:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-04-04 06:35 . 2009-02-18 22:38 32 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-04-04 06:35 . 2009-02-18 22:38 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

--- c:\documents and settings\Felipe\Dados de aplicativos\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ---

Company: ------

File Description: ------

File Version: ------

Product Name: ------

Copyright: ------

Original Filename: ------

File size: 15086

Created time: 2010-02-17 21:20

Modified time: 2010-02-17 21:20

MD5: 8588D2403599C1E7D1F6C9EA458CEB39

SHA1: E6C3275B817AA4B13634EE5674F4FD0ABBAEA548

 

 

--- c:\documents and settings\Felipe\Dados de aplicativos\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe ---

Company: ------

File Description: ------

File Version: ------

Product Name: ------

Copyright: ------

Original Filename: ------

File size: 15086

Created time: 2010-02-17 21:20

Modified time: 2010-02-17 21:20

MD5: 8588D2403599C1E7D1F6C9EA458CEB39

SHA1: E6C3275B817AA4B13634EE5674F4FD0ABBAEA548

 

 

((((((((((((((((((((((((((((( SnapShot@2010-03-24_02.05.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-24 23:43 . 2010-03-24 23:43 16384 c:\windows\Temp\Perflib_Perfdata_414.dat

+ 2010-03-24 16:00 . 2010-03-24 16:00 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll

+ 2010-03-24 16:00 . 2010-03-24 16:00 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll

+ 2010-03-24 16:00 . 2010-03-24 16:00 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

 

c:\documents and settings\Felipe\Menu Iniciar\Programas\Inicializar\

Styler.lnk - c:\documents and settings\Felipe\Dados de aplicativos\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-2-17 15086]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Felipe^Menu Iniciar^Programas^Inicializar^TransBar.lnk]

path=c:\documents and settings\Felipe\Menu Iniciar\Programas\Inicializar\TransBar.lnk

backup=c:\windows\pss\TransBar.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-12-11 17:57 948672 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 03:57 35760 ------w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-03-12 15:49 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-08-17 22:00 133104 ----atw- c:\documents and settings\Felipe\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-09 20:53 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-01-13 06:37 18084864 ----a-w- c:\windows\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 19:07 2260480 --sha-r- c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-03-09 08:19 148888 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"NBService"=3 (0x3)

"avg8wd"=2 (0x2)

"avg8emc"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=

"c:\\Arquivos de programas\\Ventrilo\\Ventrilo.exe"=

"c:\\Arquivos de programas\\Tibia\\Tibia.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\SoulseekNS\\slsk.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\whalz\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Documents and Settings\\Felipe\\Meus documentos\\Tibia84\\Tibia.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Steam\\Steam.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=

 

R2 AntiVirSchedulerService;Avira AntiVir Programador;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [15/2/2010 02:58 108289]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/1/2009 01:15 717296]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-23 c:\windows\Tasks\User_Feed_Synchronization-{5D01BB1B-EF1A-4F9B-9426-F34AA1792548}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE: &Download All with FlashGet

IE: &Download with FlashGet

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Felipe\Dados de aplicativos\Mozilla\Firefox\Profiles\j3yzvvg9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br/

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-24 20:50

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-448539723-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%õ*æ*]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_USERS\S-1-5-21-448539723-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%õ*æ*\OpenWithList]

@Class="Shell"

"a"="winamp.exe"

"MRUList"="a"

 

[HKEY_USERS\S-1-5-21-448539723-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%õ*æ*\OpenWithProgids]

"-õæ_auto_file"=hex(0):

 

[HKEY_LOCAL_MACHINE\software\Classes\.*,%õ*æ*]

@="-õæ_auto_file"

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell]

@="Play"

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\Enqueue]

@="&Enqueue in Winamp"

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\Enqueue\command]

@="\"c:\\Arquivos de programas\\Winamp\\winamp.exe\" /ADD \"%1\""

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\Enqueue\DropTarget]

"Clsid"="{77A366BA-2BE4-4a1e-9263-7734AA3E99A2}"

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\ListBookmark]

@="Add to Winamp's &Bookmark list"

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\ListBookmark\command]

@="\"c:\\Arquivos de programas\\Winamp\\winamp.exe\" /BOOKMARK \"%1\""

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\open]

@=""

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\open\command]

@="\"c:\\Arquivos de programas\\Winamp\\winamp.exe\" \"%1\""

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\open\DropTarget]

"Clsid"="{46986115-84D6-459c-8F95-52DD653E532E}"

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\Play]

@="&Play in Winamp"

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\Play\command]

@="\"c:\\Arquivos de programas\\Winamp\\winamp.exe\" \"%1\""

 

[HKEY_LOCAL_MACHINE\software\Classes\,%õ*æ*_*a*u*t*o*_*f*i*l*e*\shell\Play\DropTarget]

"Clsid"="{46986115-84D6-459c-8F95-52DD653E532E}"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(744)

c:\windows\system32\Ati2evxx.dll

.

Tempo para conclusão: 2010-03-24 20:52:52

ComboFix-quarantined-files.txt 2010-03-24 23:52

ComboFix2.txt 2010-03-24 02:06

 

Pré-execução: 15 pasta(s) 15.396.323.328 bytes disponíveis

Pós execução: 16 pasta(s) 15.354.019.840 bytes disponíveis

 

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - DE2BFFE75AF5D7461634E1A2763C84D9

[wings 22]

OK....o PC está limpo. :)

 

 

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

[Whalz 0]

Valeu!

 

Muito obrigado mesmo, achava que teria que formatar para resolver...

 

 

Até mais!

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.