[Arquivado] Análise de Log

[Xullippa 0]

O arquivo " c:\windows\system32\sfcfiles.dll" não se encontra na pasta

:(

[DigRam 144]

O arquivo " c:\windows\system32\sfcfiles.dll" não se encontra na pasta

:(

///////////\\\\\\\\\\\

Opa! Xullippa

 

<!> Então,pode seguir com os outros procedimentos!

 

Abraços!

[Xullippa 0]

Bom dia,

 

Segue Log:

 

 

 

ComboFix 10-06-15.02 - Douglas Nobre 26/06/2010 0:05.5.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.991.576 [GMT -3:00]

Executando de: c:\documents and settings\Douglas Nobre\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Douglas Nobre\Desktop\CFScript.txt

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

- MODO DE FUNCIONALIDADE REDUZIDA -

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

--------------- FMove ---------------

 

c:\sfcfiles.dll --> c:\windows\system32\sfcfiles.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-26 to 2010-06-26 ))))))))))))))))))))))))))))

.

 

2010-06-22 00:42 . 2008-04-13 22:20 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-06-22 00:42 . 2001-09-06 02:50 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-06-22 00:42 . 2008-04-13 22:20 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-06-22 00:42 . 2001-09-06 02:50 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-06-22 00:42 . 2001-09-06 02:50 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-06-22 00:42 . 2001-09-06 02:50 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2010-06-22 00:42 . 2001-08-17 23:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-06-22 00:42 . 2008-04-13 12:34 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-06-22 00:42 . 2008-04-13 12:34 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-06-22 00:42 . 2008-04-13 22:20 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2010-06-22 00:40 . 2001-09-06 02:50 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll

2010-06-22 00:39 . 2008-04-13 22:20 73832 -c--a-w- c:\windows\system32\dllcache\slcoinst.dll

2010-06-22 00:38 . 2001-08-18 00:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys

2010-06-22 00:37 . 2001-09-06 02:49 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll

2010-06-22 00:36 . 2001-08-18 00:28 797500 -c--a-w- c:\windows\system32\dllcache\ltsmt.sys

2010-06-22 00:35 . 2008-05-17 02:10 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll

2010-06-22 00:34 . 2008-04-13 14:45 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys

2010-06-22 00:33 . 2001-08-17 23:11 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys

2010-06-22 00:32 . 2001-09-06 02:12 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2010-06-22 00:31 . 2008-04-13 22:20 870784 -c--a-w- c:\windows\system32\dllcache\ati3d1ag.dll

2010-06-22 00:30 . 2001-09-06 02:49 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-06-22 00:22 . 2010-06-22 00:22 -------- d-----w- C:\_OTL

2010-06-19 15:28 . 2010-06-19 15:35 46777415 ----a-w- C:\UsbFix_Upload_Me_HOME-97DEF26A7C.zip

2010-06-19 15:20 . 2010-06-19 15:35 -------- d-----w- C:\UsbFix

2010-06-19 15:14 . 2010-06-19 15:19 1225123 ----a-w- c:\arquivos de programas\UsbFix.exe

2010-06-17 02:11 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-17 02:11 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-15 22:05 . 2010-05-06 10:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-06-15 22:05 . 2010-05-06 10:34 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-15 22:04 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-15 22:04 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-06-15 00:54 . 2010-02-16 19:07 2150400 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-06-15 00:54 . 2010-02-16 19:07 2028544 -c--a-w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-06-15 00:15 . 2008-04-13 21:20 45056 -c--a-w- c:\windows\system32\dllcache\nsepm.dll

2010-06-15 00:14 . 2008-04-13 21:20 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe

2010-06-15 00:11 . 2001-10-28 17:06 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2010-06-14 21:43 . 2001-10-28 17:07 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2010-06-14 21:43 . 2001-10-28 17:07 24661 ----a-w- c:\windows\system32\spxcoins.dll

2010-06-14 21:43 . 2001-10-28 17:06 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2010-06-14 21:43 . 2001-10-28 17:06 13312 ----a-w- c:\windows\system32\irclass.dll

2010-06-07 23:13 . 2010-06-07 23:13 -------- d-----w- c:\arquivos de programas\Orban

2010-06-07 23:11 . 2010-06-07 23:13 -------- d-----w- c:\arquivos de programas\Megacubo

2010-05-27 22:57 . 2008-04-13 14:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys

2010-05-27 22:57 . 2008-04-13 14:46 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys

2010-05-27 22:57 . 2008-04-13 14:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys

2010-05-27 22:57 . 2008-04-13 14:46 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys

2010-05-27 22:57 . 2008-04-13 14:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys

2010-05-27 22:57 . 2008-04-13 14:46 51200 ----a-w- c:\windows\system32\drivers\msdv.sys

2010-05-27 22:57 . 2008-04-13 14:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys

2010-05-27 22:57 . 2008-04-13 14:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys

2010-05-27 22:57 . 2008-04-13 14:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys

2010-05-27 22:57 . 2008-04-13 14:39 5504 ----a-w- c:\windows\system32\drivers\mstee.sys

2010-05-27 22:57 . 2004-07-09 07:27 230400 ----a-w- c:\windows\system32\dplayx.dll

2010-05-27 22:56 . 2008-01-14 19:58 19840 ----a-w- c:\windows\system32\drivers\StMp3Rec.sys

2010-05-27 22:55 . 2010-05-27 22:56 -------- d-----w- c:\arquivos de programas\Philips

2010-05-27 22:55 . 2010-05-27 22:55 -------- d-----w- c:\documents and settings\Douglas Nobre\Dados de aplicativos\InstallShield

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-23 02:12 . 2010-03-12 13:24 -------- d-----w- c:\documents and settings\Douglas Nobre\Dados de aplicativos\Free Download Manager

2010-06-19 15:21 . 2001-10-28 17:07 49804 ----a-w- c:\windows\system32\perfc016.dat

2010-06-19 15:21 . 2001-10-28 17:07 347648 ----a-w- c:\windows\system32\perfh016.dat

2010-06-17 02:11 . 2009-12-23 00:33 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-06-15 00:12 . 2009-12-20 04:54 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2010-06-15 00:10 . 2009-12-20 04:53 22964 ----a-w- c:\windows\system32\emptyregdb.dat

2010-06-10 01:33 . 2009-12-23 20:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-05-30 19:40 . 2009-12-20 21:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-05-27 22:56 . 2009-12-20 05:10 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-05-24 03:33 . 2010-05-24 03:33 503808 ----a-w- c:\documents and settings\Douglas Nobre\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-417b3743-n\msvcp71.dll

2010-05-24 03:33 . 2010-05-24 03:33 499712 ----a-w- c:\documents and settings\Douglas Nobre\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-417b3743-n\jmc.dll

2010-05-24 03:33 . 2010-05-24 03:33 348160 ----a-w- c:\documents and settings\Douglas Nobre\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-417b3743-n\msvcr71.dll

2010-05-24 03:32 . 2010-05-24 03:32 61440 ----a-w- c:\documents and settings\Douglas Nobre\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7caaf742-n\decora-sse.dll

2010-05-24 03:32 . 2010-05-24 03:32 12800 ----a-w- c:\documents and settings\Douglas Nobre\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7caaf742-n\decora-d3d.dll

2010-05-20 23:25 . 2009-12-23 01:49 -------- d-----w- c:\documents and settings\Douglas Nobre\Dados de aplicativos\Any Video Converter

2010-05-19 01:35 . 2010-05-19 01:14 -------- d-----w- c:\arquivos de programas\Valve

2010-05-18 02:01 . 2010-05-18 02:01 -------- d-----w- c:\documents and settings\Douglas Nobre\Dados de aplicativos\Styler

2010-05-18 01:56 . 2010-05-18 01:56 -------- d-----w- c:\arquivos de programas\VisualTaskTips

2010-05-18 01:56 . 2010-05-18 01:56 -------- d-----w- c:\arquivos de programas\VistaDriveIcon

2010-05-18 01:55 . 2010-05-18 01:55 -------- d-----w- c:\arquivos de programas\Styler

2010-05-18 01:55 . 2010-05-18 01:55 -------- d-----w- c:\arquivos de programas\Blaero Start Orb

2010-05-12 01:30 . 2010-05-12 01:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

2010-05-12 01:30 . 2010-05-12 01:30 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf

2010-05-12 01:30 . 2010-05-12 01:21 -------- d-----w- c:\documents and settings\Douglas Nobre\Dados de aplicativos\PC Suite

2010-05-12 01:30 . 2010-05-12 01:21 -------- d-----w- c:\documents and settings\Douglas Nobre\Dados de aplicativos\Nokia

2010-05-12 01:29 . 2010-05-12 01:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2010-05-12 01:29 . 2010-05-12 01:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2010-05-12 01:29 . 2010-05-12 01:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2010-05-12 01:18 . 2010-05-12 01:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite

2010-05-12 01:18 . 2010-05-12 01:18 -------- d-----w- c:\arquivos de programas\Nokia

2010-05-12 01:18 . 2010-05-12 01:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia

2010-05-12 01:18 . 2010-05-12 01:18 -------- d-----w- c:\arquivos de programas\DIFX

2010-05-12 01:18 . 2010-05-12 01:18 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution

2010-05-12 01:17 . 2010-05-12 01:17 95232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe

2010-05-12 01:17 . 2010-05-12 01:17 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2010-05-12 01:17 . 2010-05-12 01:17 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe

2010-05-12 01:17 . 2010-05-12 01:17 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe

2010-05-12 01:16 . 2010-05-12 01:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations

2010-05-12 00:46 . 2010-05-12 01:17 34555528 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_por_br_web(2).exe

2010-05-06 10:34 . 2008-05-17 02:10 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:08 . 2008-04-13 20:54 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-04-23 22:42 . 2010-04-23 22:42 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-20 05:31 . 2008-04-13 21:18 285696 ----a-w- c:\windows\system32\atmfd.dll

.

 

------- Sigcheck -------

 

[-] 2008-05-17 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot_2010-06-23_01.22.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-25 20:48 . 2010-06-25 20:48 16384 c:\windows\Temp\Perflib_Perfdata_6b0.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Douglas Nobre\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-12-23 135664]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"VisualTaskTips"="c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2008-03-09 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-08-03 53248]

"VTTrayp"="VTtrayp.exe" [2006-08-30 180224]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"DrvIcon"="c:\arquivos de programas\VistaDriveIcon\DrvIcon.exe" [2008-04-13 49152]

"SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

c:\documents and settings\Douglas Nobre\Menu Iniciar\Programas\Inicializar\

Blaero Start Orb.lnk - c:\arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe [2006-7-30 521216]

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

Styler.lnk - c:\arquivos de programas\Styler\Styler.exe [2007-4-15 307200]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/5/2009 15:47 107256]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14/5/2009 15:49 94360]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [14/5/2009 15:47 731840]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/12/2009 20:23 715248]

S3 D301bus;GW01 USB WMC Bus Driver (WDM);c:\windows\system32\drivers\D301bus.sys [8/5/2010 12:44 83328]

S3 D301mdfl;GW01 USB WMC Modem Filter;c:\windows\system32\drivers\D301mdfl.sys [8/5/2010 12:44 14976]

S3 D301mdm;GW01 USB WMC Modem Driver;c:\windows\system32\drivers\D301mdm.sys [8/5/2010 12:44 109824]

S3 D301mgmt;GW01 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\D301mgmt.sys [8/5/2010 12:45 103808]

S3 d301nd5;GW01 USB WMC Ethernet GW (NDIS);c:\windows\system32\drivers\d301nd5.sys [8/5/2010 12:45 24832]

S3 D301obex;GW01 USB WMC OBEX Interface;c:\windows\system32\drivers\D301obex.sys [8/5/2010 12:44 99840]

S3 d301unic;GW01 USB WMC Ethernet GW (WDM);c:\windows\system32\drivers\d301unic.sys [8/5/2010 12:45 105728]

S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [1/2/2010 20:48 93056]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-06-13 c:\windows\Tasks\Advanced WindowsCare V2 Pro.job

- c:\arquivos de programas\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe [2009-12-21 20:49]

 

2010-06-25 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

.

.

------- Scan Suplementar -------

.

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\Microsoft Office\Office12\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-26 00:06

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(596)

c:\windows\system32\WININET.dll

c:\arquivos de programas\VisualTaskTips\VttHooks.dll

c:\arquivos de programas\Windows Media Player\wmpband.dll

c:\windows\system32\wmp.dll

c:\windows\system32\wmploc.dll

c:\windows\system32\wmpps.dll

c:\windows\system32\jscript.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2010-06-26 00:08:22

ComboFix-quarantined-files.txt 2010-06-26 03:08

ComboFix2.txt 2010-06-23 01:23

ComboFix3.txt 2010-06-20 16:51

ComboFix4.txt 2010-06-19 15:12

ComboFix5.txt 2010-06-26 03:03

 

Pré-execução: 4.853.116.928 bytes disponíveis

Pós execução: 4.847.923.200 bytes disponíveis

 

- - End Of File - - E9EDAE0E6BED6D333063D94ECD84B246

 

Obrigado!

 

PS: O menu iniciar não apresenta todas as pastas do programas e meu celular nokia 6120c não é detectado. =///

[DigRam 144]

Bom Dia! Xullippa

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

 

< >

 

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<@> Ou,vá em Iniciar --> Executar --> Digite ou cole:

 

"%userprofile%\desktop\combofix" /uninstall

 

<@> Clique OK.

000000000000000000

oooooooooooooooooo

<@> Baixe: < DrWebCureIt >

 

<!> < External Mirror 1 > <-- Link indireto!

 

<@> Salve DrWebCureIt.exe em Arquivos de programas!

<@> Reinicie o computador em Modo de Segurança.

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".

<@> Ps: Neste modo são verificados os seguintes objetos:

 

<1> Sectores de Arranque de Todos os Discos

<2> Todas as Unidades Removíveis

<3> Todos os Discos Locais

 

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Poste: C:\Documents and Settings\Administrator\DoctorWeb\CureIt.txt + HijackThis,atualizado.

000000000000000000

oooooooooooooooooo

<@> Agende,para o próximo boot,o scandisk.

<@> Vá em Iniciar --> Executar --> Digite: cmd --> Clique: OK

<@> Na janela do prompt,digite: chkdsk /r --> Aperte Enter.

<@> Tecle "S" --> Aperte Enter.

<@> O scandisk foi selecionado para o próximo boot.

<@> Para sair,digite exit --> Aperte Enter.

<@> Reinicie o computador,para que tenha início o scandisk.

 

arquivos e pastas

índices

descritores de segurança

dados de arquivos

espaço disponível

 

<@> Aguarde,pacientemente,a conclusão de todas as verificações.

<@> Ao final,o computador reiniciará automáticamente.

000000000000000000

<!> Ps: Informe os resultados!

 

Abraços!

[Xullippa 0]

Boa noite,

 

 

Desculpe a demora...

Fiz os procedimentos e o programa cureit não encontrou infecções nos 2 modos de scanner.

Portanto, segue Log apenas do Hijackthis:

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:46:57, on 30/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Documents and Settings\Douglas Nobre\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Styler\Styler.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Documents and Settings\Douglas Nobre\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Douglas Nobre\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Douglas Nobre\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\HijackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Douglas Nobre\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Styler.lnk = C:\Arquivos de programas\Styler\Styler.exe

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\Microsoft Office\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\Microsoft Office\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261449751343

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 8166 bytes

 

 

 

Obrigado!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.