Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

aLp.zN

[Resolvido] &nbspAnálise de Log

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

aLp.zN    0

aLp.zN
Postado

Olá amigos. Estou com um vírus de banco. Tento acessar meu bankline e abre uma janela que não fecha e acabo por reiniciar meu pc.

 

Log :

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:10:51, on 6/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

D:\Arquivos de programas\Nero\Nero 9\InCD\InCD.exe

D:\Arquivos de programas\Nero\Nero 9\InCD\NBHGui.exe

C:\WINDOWS\system32\LXSUPMON.EXE

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\temp.exe

D:\Arquivos de programas\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe

C:\Arquivos de programas\Cyberlink\Shared files\brs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Arquivos comuns\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe

C:\Arquivos de programas\Arquivos comuns\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe

D:\Arquivos de programas\Nero\Nero 9\InCD\InCDSrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

D:\Arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe

D:\Sony Ericsson PC Suite\SupServ.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

D:\Program Files\Garena\Garena.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

D:\Meus Documentos\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.minilua.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [inCD] D:\Arquivos de programas\Nero\Nero 9\InCD\InCD.exe

O4 - HKLM\..\Run: [NBHGui] D:\Arquivos de programas\Nero\Nero 9\InCD\NBHGui.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [temp] C:\WINDOWS\system32\temp.exe

O4 - HKLM\..\Run: [RemoteControl10] "D:\Arquivos de programas\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Arquivos de programas\Cyberlink\Shared files\brs.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bitTorrent] "D:\Arquivos de programas\BitTorrent\BitTorrent.exe"

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "D:\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: BrOffice.org 3.2.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: BrOffice.org 3.2.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe (User 'Default user')

O4 - Startup: BrOffice.org 3.2.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe

O4 - Global Startup: temp.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Arquivos de programas\Arquivos comuns\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe

O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Arquivos de programas\Arquivos comuns\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InCD Helper (InCDSrv) - Nero AG - D:\Arquivos de programas\Nero\Nero 9\InCD\InCDSrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - D:\Arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - D:\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Arquivos de programas\WinPcap\rpcapd.exe

 

--

End of file - 9250 bytes

 

 

 

brigado

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Olá aLp.zN

 

 

1.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

 

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao finalizar o scan, clique [sIM] > [OK] > [Mostrar Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado

Compartilhar este post

Link para o post
Compartilhar em outros sites

aLp.zN    0

aLp.zN
Postado

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4942

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

 

25/10/2010 15:11:53

mbam-log-2010-10-25 (15-11-53).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|)

Objetos escaneados: 289678

Tempo decorrido: 3 hora(s), 50 minuto(s), 3 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 5

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\WINDOWS\kle46rsysz146.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\kle46rsysz273.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\kle46rsysz2738.exe (Trojan.Agent) -> Quarantined and deleted successfully.

D:\Arquivos de programas\Project64 1.7.0.55\msvcr70.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\aviso.bak (Stolen.Data) -> Quarantined and deleted successfully.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Olá aLp.zN

 

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique [sIM] para instalar e depois [sIM] para continuar.

 

191d6c44ae.jpg

 

dd8ae98175.jpg

 

*Aguarde a conclusão de todas as etapas

 

etapas.jpg

 

*Evite usar o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER]

 

*Cole o relatório C:\combofix.txt

 

*Se for reiniciar o PC haverá uma opção, na inicialização, chamada Console de Recuperação. Não entre no Windows através do mesmo desde que devidamente orientado(a)!

Compartilhar este post

Link para o post
Compartilhar em outros sites

aLp.zN    0

aLp.zN
Postado

ComboFix 10-10-24.06 - Victor Ribeiro 25/10/2010 16:59:46.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.617 [GMT -2:00]

Executando de: d:\meus documentos\Downloads\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Dados de aplicativos\hpe4E.dll

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\1.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\a.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\b.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\c.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\d.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\e.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\f.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\g.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\h.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\i.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\J.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\k.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\l.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\m.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\mru.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\n.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\o.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\p.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\q.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\r.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\s.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\t.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\u.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\v.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\w.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\x.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\y.xml

c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\z.xml

c:\windows\system32\_packet.dlluninstall

c:\windows\system32\ccrpTmr6.dll

c:\windows\system32\vbzlib1.dll

E:\install.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-09-25 to 2010-10-25 ))))))))))))))))))))))))))))

.

 

2010-12-10 02:54 . 2010-12-10 02:54 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\IObit

2010-12-08 22:52 . 2010-12-08 22:52 -------- d-----w- c:\windows\Sun

2010-10-25 12:47 . 2010-10-25 12:47 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\Malwarebytes

2010-10-25 12:47 . 2010-04-29 17:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-25 12:47 . 2010-10-25 12:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-10-25 12:47 . 2010-04-29 17:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-25 10:36 . 2010-10-25 10:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2010-10-25 10:36 . 2010-10-25 10:36 -------- d-----r- c:\arquivos de programas\Skype

2010-10-17 03:51 . 2010-10-17 03:51 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\SKIDROW

2010-10-17 03:12 . 2010-10-17 03:12 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\InstallShield Installation Information

2010-10-17 03:12 . 2010-10-17 03:12 -------- d-----w- c:\arquivos de programas\DIFX

2010-10-17 03:11 . 2006-07-02 01:12 43520 ----a-w- c:\windows\system32\drivers\AmdK8.sys

2010-10-17 03:08 . 2010-10-17 03:08 -------- d-----w- c:\arquivos de programas\MSBuild

2010-10-17 03:04 . 2010-10-17 03:04 -------- d-----w- c:\windows\system32\XPSViewer

2010-10-17 03:03 . 2010-10-17 03:03 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2010-10-17 03:03 . 2006-10-14 18:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-10-17 03:02 . 2006-06-29 15:07 14048 ------w- c:\windows\system32\spmsg2.dll

2010-10-16 06:59 . 2010-10-16 06:59 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\Aspyr

2010-10-16 06:51 . 2010-10-16 06:51 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-10-15 20:46 . 2010-10-15 20:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nexon

2010-10-15 03:58 . 2010-10-15 08:17 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\PMB Files

2010-10-15 03:57 . 2010-10-15 03:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PMB Files

2010-10-14 17:08 . 2010-10-22 17:16 214864 ----a-w- c:\windows\system32\PnkBstrB.xtr

2010-10-14 17:08 . 2010-10-14 17:08 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\PunkBuster

2010-10-14 15:24 . 2004-10-22 05:16 180224 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2010-10-14 15:24 . 2010-10-14 15:24 192644 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2010-10-14 15:24 . 2004-10-22 05:18 749568 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2010-10-14 15:24 . 2004-10-22 05:17 69715 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2010-10-14 15:24 . 2004-10-22 05:17 274432 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2010-10-14 15:24 . 2004-10-22 05:16 5632 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2010-10-14 15:24 . 2010-10-14 15:24 323716 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2010-10-14 00:01 . 2010-10-25 18:03 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\skypePM

2010-10-14 00:00 . 2010-10-25 10:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2010-10-10 05:13 . 2010-10-10 05:13 -------- d-----w- c:\arquivos de programas\Real Alternative

2010-10-10 05:03 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll

2010-10-10 05:03 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll

2010-10-10 05:03 . 2010-01-17 15:18 151552 ----a-w- c:\windows\system32\ac3acm.acm

2010-10-10 05:03 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm

2010-10-10 05:03 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2010-10-10 05:03 . 2010-09-14 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-10-10 04:58 . 2010-10-10 05:03 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2010-10-10 04:43 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll

2010-10-10 00:08 . 2010-10-17 18:02 233992 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-10-10 00:08 . 2010-10-17 18:02 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-10-10 00:08 . 2010-10-17 18:02 233992 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-10-10 00:07 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-10-10 00:07 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll

2010-10-08 15:03 . 2010-06-02 07:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2010-10-08 15:03 . 2010-06-02 07:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2010-10-08 15:03 . 2010-06-02 07:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2010-10-08 15:03 . 2010-05-26 14:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2010-10-08 15:03 . 2010-05-26 14:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2010-10-08 15:03 . 2010-05-26 14:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2010-10-08 15:03 . 2010-05-26 14:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2010-10-08 15:03 . 2010-05-26 14:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2010-10-08 15:03 . 2010-02-04 13:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll

2010-10-08 15:03 . 2010-02-04 13:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll

2010-10-08 15:03 . 2010-02-04 13:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll

2010-10-08 15:03 . 2010-02-04 13:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2010-10-07 23:38 . 2010-10-07 23:38 -------- d-----w- C:\BIBLIA3G

2010-10-06 20:49 . 2010-10-06 20:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Electronic Arts

2010-10-06 20:48 . 2010-10-06 20:48 -------- d--h--r- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\SecuROM

2010-10-06 20:30 . 2010-10-22 17:17 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-10-06 20:30 . 2010-10-06 20:30 138056 ----a-w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PnkBstrK.sys

2010-10-06 20:30 . 2010-10-22 17:16 214864 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-10-06 20:30 . 2010-10-06 20:30 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-10-06 20:30 . 2010-10-06 20:30 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe

2010-10-06 19:50 . 2008-10-15 09:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2010-10-06 19:49 . 2005-05-26 18:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2010-10-06 19:48 . 2010-10-11 07:40 -------- d-----w- c:\windows\Logs

2010-10-05 19:02 . 2010-10-05 19:02 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\Cyberlink

2010-10-05 19:01 . 2010-10-05 19:02 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\CyberLink

2010-10-05 18:58 . 2010-10-05 19:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2010-10-05 18:58 . 2010-10-05 18:58 -------- d-----w- c:\arquivos de programas\Cyberlink

2010-10-05 18:58 . 2010-10-05 18:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\CyberLink

2010-10-05 18:56 . 2010-10-05 18:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Temp

2010-10-02 23:53 . 2010-10-02 23:53 -------- d-----w- c:\arquivos de programas\SopCast

2010-10-02 23:53 . 2010-10-02 23:53 -------- d-----w- c:\arquivos de programas\Orban

2010-09-30 13:48 . 2010-09-30 13:48 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys

2010-09-29 16:57 . 2010-09-29 16:57 15872 ----a-r- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe

2010-09-29 13:09 . 2010-10-15 00:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Sony Ericsson

2010-09-29 13:08 . 2010-10-15 00:37 -------- d-----w- c:\arquivos de programas\Sony Ericsson

2010-09-29 12:52 . 2010-09-29 12:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BVRP Software

2010-09-29 12:52 . 2007-11-02 14:47 103976 ----a-w- c:\windows\system32\drivers\s916mgmt.sys

2010-09-29 12:52 . 2007-11-02 14:47 15016 ----a-w- c:\windows\system32\drivers\s916mdfl.sys

2010-09-29 12:52 . 2007-11-02 14:47 12200 ----a-w- c:\windows\system32\drivers\s916cmnt.sys

2010-09-29 12:52 . 2007-11-02 14:47 12200 ----a-w- c:\windows\system32\drivers\s916cm.sys

2010-09-29 12:52 . 2007-11-02 14:47 109992 ----a-w- c:\windows\system32\drivers\s916mdm.sys

2010-09-29 12:52 . 2007-11-02 14:47 100008 ----a-w- c:\windows\system32\drivers\s916obex.sys

2010-09-29 12:52 . 2007-11-02 14:47 83496 ----a-w- c:\windows\system32\drivers\s916bus.sys

2010-09-29 12:52 . 2007-11-02 14:47 12200 ----a-w- c:\windows\system32\drivers\s916whnt.sys

2010-09-29 12:52 . 2007-11-02 14:47 12200 ----a-w- c:\windows\system32\drivers\s916wh.sys

2010-09-28 23:29 . 2010-09-28 23:29 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\Uniblue

2010-09-28 23:29 . 2010-09-28 23:29 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\OpenCandy

2010-09-28 23:29 . 2010-09-28 23:29 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\OpenCandy

2010-09-28 15:17 . 2010-10-10 00:19 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\BitTorrent

2010-09-28 15:13 . 2010-09-28 15:15 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\GetRightToGo

2010-09-28 12:39 . 2010-10-06 01:12 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\VT_Software

2010-09-28 12:37 . 2010-10-06 03:19 -------- d-----w- c:\arquivos de programas\WinPcap

2010-09-27 22:47 . 2010-09-27 22:47 159744 ----a-w- c:\arquivos de programas\Internet Explorer\Plugins\npqtplugin7.dll

2010-09-27 22:47 . 2010-09-27 22:47 159744 ----a-w- c:\arquivos de programas\Internet Explorer\Plugins\npqtplugin6.dll

2010-09-27 22:47 . 2010-09-27 22:47 159744 ----a-w- c:\arquivos de programas\Internet Explorer\Plugins\npqtplugin5.dll

2010-09-27 22:47 . 2010-09-27 22:47 159744 ----a-w- c:\arquivos de programas\Internet Explorer\Plugins\npqtplugin4.dll

2010-09-27 22:47 . 2010-09-27 22:47 159744 ----a-w- c:\arquivos de programas\Internet Explorer\Plugins\npqtplugin3.dll

2010-09-27 22:47 . 2010-09-27 22:47 159744 ----a-w- c:\arquivos de programas\Internet Explorer\Plugins\npqtplugin2.dll

2010-09-27 22:47 . 2010-09-27 22:47 159744 ----a-w- c:\arquivos de programas\Internet Explorer\Plugins\npqtplugin.dll

2010-09-27 22:46 . 2010-09-27 22:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-09-27 22:46 . 2010-09-27 22:46 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-09-27 21:57 . 2010-09-27 21:57 39424 ----a-w- c:\windows\winhgf00.exe

2010-09-26 03:04 . 2010-10-19 14:24 -------- d-----w- C:\Program Files

2010-09-26 02:20 . 2010-09-26 02:20 73728 ----a-w- c:\windows\system32\OdbcJdbcSetup.dll

2010-09-26 02:20 . 2010-09-26 02:20 212992 ----a-w- c:\windows\system32\IscDbc.dll

2010-09-26 02:20 . 2010-09-26 02:20 188416 ----a-w- c:\windows\system32\OdbcJdbc.dll

2010-09-25 21:57 . 2010-09-25 21:57 40960 ----a-r- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\Microsoft\Installer\{E8870D92-54F6-4AC7-82D0-7DCDFB1F00AE}\hltv.exe_E8870D9254F64AC782D07DCDFB1F00AE.exe

2010-09-25 21:57 . 2010-09-25 21:57 40960 ----a-r- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\Microsoft\Installer\{E8870D92-54F6-4AC7-82D0-7DCDFB1F00AE}\hlds.exe_E8870D9254F64AC782D07DCDFB1F00AE.exe

2010-09-25 21:25 . 2010-10-24 15:50 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\uTorrent

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-21 02:11 . 2010-08-12 21:55 436792 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-10-05 18:56 . 2010-08-12 22:38 505128 ----a-w- c:\windows\system32\msvcp71.dll

2010-10-05 18:56 . 2010-08-12 22:38 353576 ----a-w- c:\windows\system32\msvcr71.dll

2010-09-10 21:12 . 2010-09-10 21:09 2829 ----a-w- c:\windows\War3Unin.pif

2010-09-10 21:12 . 2010-09-10 21:09 139264 ----a-w- c:\windows\War3Unin.exe

2010-09-08 14:17 . 2010-09-08 14:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 14:17 . 2010-09-08 14:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-07 14:12 . 2010-08-13 21:43 38848 ----a-w- c:\windows\avastSS.scr

2010-09-07 14:11 . 2010-08-12 22:38 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-09-07 13:52 . 2010-08-12 22:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-09-07 13:52 . 2010-08-12 22:39 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-09-07 13:47 . 2010-08-12 22:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-09-07 13:47 . 2010-08-12 22:39 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-09-07 13:47 . 2010-08-12 22:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-09-07 13:47 . 2010-08-12 22:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-09-07 13:46 . 2010-08-12 22:39 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-08-20 13:44 . 2010-08-20 13:44 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-08-20 13:44 . 2010-08-20 13:44 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 21:56 . 2010-08-16 21:56 40960 ----a-w- c:\windows\system32\maplec.dll

2010-08-16 21:56 . 2010-08-16 21:56 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll

2010-08-16 21:56 . 2010-08-16 21:56 20480 ----a-w- c:\windows\system32\maplecompat.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{c69650dc-9644-4580-aa86-0ea329ee6c60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll" [2010-09-29 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

2010-09-29 19:16 2735200 ----a-w- c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c69650dc-9644-4580-aa86-0ea329ee6c60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll" [2010-09-29 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C69650DC-9644-4580-AA86-0EA329EE6C60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll" [2010-09-29 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-09-29 08:09 98328 ----a-w- d:\arquivos de programas\Nero\Nero 9\InCD\NBHshx.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"DAEMON Tools Lite"="d:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856]

"AlcoholAutomount"="d:\arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-10-11 14940040]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-21 925696]

"amd_dc_opt"="c:\arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"NBHGui"="d:\arquivos de programas\Nero\Nero 9\InCD\NBHGui.exe" [2008-09-29 2079256]

"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2001-09-13 818688]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="d:\arquivos de programas\QuickTime\QTTask.exe" [2010-09-08 421888]

"BDRegion"="c:\arquivos de programas\Cyberlink\Shared files\brs.exe" [2010-04-02 75048]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2008-09-29 08:09 1111064 ----a-w- d:\arquivos de programas\Nero\Nero 9\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]

2010-02-03 03:08 87336 ----a-w- d:\arquivos de programas\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Program Files\\Garena\\Garena.exe"=

"c:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Arquivos de programas\\Maple 12\\jre\\bin\\maple.exe"=

"d:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"d:\\Arquivos de programas\\Warcraft III\\war3.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"d:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"d:\\Arquivos de programas\\GHostOne\\ghost.exe"=

"d:\\Arquivos de programas\\GHostOne\\GHostOne.exe"=

"d:\\Arquivos de programas\\BitTorrent\\BitTorrent.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"d:\arquivos de programas\Combat Arms\CombatArms.exe"= d:\arquivos de programas\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"d:\arquivos de programas\Combat Arms\Engine.exe"= d:\arquivos de programas\Combat Arms\Engine.exe:*Enabled:Engine.exe

"d:\\Program Files\\Valve\\Counter-Strike 1.6 Sector Edition\\hl.exe"=

"d:\\Arquivos de programas\\Combat Arms\\NMService.exe"=

"e:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"=

"e:\\Arquivos de programas\\Wizards of the Coast LLC\\Magic The Gathering - Duels of the Planeswalkers\\DotP.exe"=

"d:\\Arquivos de programas\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57050:TCP"= 57050:TCP:Pando Media Booster

"57050:UDP"= 57050:UDP:Pando Media Booster

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/8/2010 20:39 165584]

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/05 15:58];d:\arquivos de programas\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl [2/4/2010 10:11 87536]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/8/2010 20:39 17744]

R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [29/9/2008 06:09 108568]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/6/2010 15:07 35088]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [30/9/2010 11:48 27632]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [16/8/2010 02:14 135664]

S2 OMSI download service;Sony Ericsson OMSI download service;d:\sony ericsson pc suite\SupServ.exe --> d:\sony ericsson pc suite\SupServ.exe [?]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\VICTOR~1\CONFIG~1\Temp\IRX1F.tmp --> c:\docume~1\VICTOR~1\CONFIG~1\Temp\IRX1F.tmp [?]

S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [12/8/2010 20:14 104960]

S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [12/8/2010 20:14 104960]

S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [12/8/2010 20:14 104960]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [29/9/2010 10:52 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [29/9/2010 10:52 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [29/9/2010 10:52 109992]

S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [29/9/2010 10:52 103976]

S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [29/9/2010 10:52 100008]

S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [15/8/2010 01:04 476672]

S3 ZSMC326;TD74 USB2.0 PC Camera(VC0323);c:\windows\system32\Drivers\usbvm323.sys --> c:\windows\system32\Drivers\usbvm323.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/8/2010 19:55 436792]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-08-16 04:14]

 

2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-08-16 04:14]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.daemon-search.com/startpage

.

- - - - ORFÃOS REMOVIDOS - - - -

 

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Worms Reloaded Update 2_is1 - d:\arquivos de programas\Team17\Worms Reloaded\Worms Reloaded\unins000.exe

AddRemove-Worms Reloaded_is1 - d:\arquivos de programas\Team17\Worms Reloaded\unins000.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-25 17:03

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\VICTOR~1\CONFIG~1\Temp\IRX1F.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]

"ImagePath"="\??\d:\arquivos de programas\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Tempo para conclusão: 2010-10-25 17:04:41

ComboFix-quarantined-files.txt 2010-10-25 19:04

 

Pré-execução: 1.983.148.032 bytes disponíveis

Pós execução: 2.290.610.176 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

 

- - End Of File - - 60A24ADC1AD584A8CA46281CF7976287

Compartilhar este post

Link para o post
Compartilhar em outros sites

aLp.zN    0

aLp.zN
Postado

Olá aLp.zN

 

 

1.

*Informe como está o PC.

 

 

Na hora de usar o ComboFix, o PC reiniciou e fez tudo quando inicializado. É normal nesse boot quase nenhum programa iniciar ? Por exemplo, não abriu o Avast nem os outros programas que inicializam junto com o boot.

E quanto a performance: está melhor, mais rápido.

Grato pela atenção

 

2.

*Envie o arquivo abaixo para análize em http://www.virustotal.com.br

 

c:\windows\winhgf00.exe

*Cole o link contendo o resultado.

 

MD5: a9bf467c941dc23577c0f4cb46ac3eb7

Date first seen: 2010-10-06 14:42:18 (UTC)

Date last seen: 2010-10-10 16:58:29 (UTC)

Detection ratio: 8/41

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Olá aLp.zN

 

*Abra o bloco de notas e cole nele o código abaixo:

 

File::

c:\windows\winhgf00.exe

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

b2ea2c6367.gif

 

*Importante: enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório C:\combofix.txt

Compartilhar este post

Link para o post
Compartilhar em outros sites

aLp.zN    0

aLp.zN
Postado
*Cole o relatório C:\combofix.txt

 

ComboFix 10-10-24.06 - Victor Ribeiro 26/10/2010 15:59:09.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.726 [GMT -2:00]

Executando de: c:\documents and settings\Victor Ribeiro\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Victor Ribeiro\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

FILE ::

"c:\windows\winhgf00.exe"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\winhgf00.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-09-26 to 2010-10-26 ))))))))))))))))))))))))))))

.

 

2010-12-10 02:54 . 2010-12-10 02:54 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\IObit

2010-12-08 22:52 . 2010-12-08 22:52 -------- d-----w- c:\windows\Sun

2010-10-26 01:36 . 2010-10-26 01:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2010-10-26 01:33 . 2010-10-26 01:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Pro

2010-10-26 01:19 . 2010-10-26 01:42 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\DAEMON Tools Pro

2010-10-25 23:53 . 2010-10-26 00:50 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\mIRC

2010-10-25 12:47 . 2010-10-25 12:47 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\Malwarebytes

2010-10-25 12:47 . 2010-04-29 17:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-25 12:47 . 2010-10-25 12:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-10-25 12:47 . 2010-04-29 17:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-25 10:36 . 2010-10-25 10:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2010-10-25 10:36 . 2010-10-25 10:36 -------- d-----r- c:\arquivos de programas\Skype

2010-10-17 03:51 . 2010-10-17 03:51 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\SKIDROW

2010-10-17 03:12 . 2010-10-17 03:12 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\InstallShield Installation Information

2010-10-17 03:12 . 2010-10-17 03:12 -------- d-----w- c:\arquivos de programas\DIFX

2010-10-17 03:11 . 2006-07-02 01:12 43520 ----a-w- c:\windows\system32\drivers\AmdK8.sys

2010-10-17 03:08 . 2010-10-17 03:08 -------- d-----w- c:\arquivos de programas\MSBuild

2010-10-17 03:04 . 2010-10-17 03:04 -------- d-----w- c:\windows\system32\XPSViewer

2010-10-17 03:03 . 2010-10-17 03:03 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2010-10-17 03:03 . 2006-10-14 18:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-10-17 03:02 . 2006-06-29 15:07 14048 ------w- c:\windows\system32\spmsg2.dll

2010-10-16 06:59 . 2010-10-16 06:59 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\Aspyr

2010-10-16 06:51 . 2010-10-16 06:51 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-10-15 20:46 . 2010-10-15 20:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nexon

2010-10-15 03:58 . 2010-10-15 08:17 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\PMB Files

2010-10-15 03:57 . 2010-10-15 03:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PMB Files

2010-10-14 17:08 . 2010-10-26 02:54 214864 ----a-w- c:\windows\system32\PnkBstrB.xtr

2010-10-14 17:08 . 2010-10-14 17:08 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\PunkBuster

2010-10-14 15:24 . 2004-10-22 05:16 180224 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2010-10-14 15:24 . 2010-10-14 15:24 192644 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2010-10-14 15:24 . 2004-10-22 05:18 749568 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2010-10-14 15:24 . 2004-10-22 05:17 69715 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2010-10-14 15:24 . 2004-10-22 05:17 274432 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2010-10-14 15:24 . 2004-10-22 05:16 5632 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2010-10-14 15:24 . 2010-10-14 15:24 323716 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2010-10-14 00:01 . 2010-10-26 10:00 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\skypePM

2010-10-14 00:00 . 2010-10-25 10:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2010-10-10 05:13 . 2010-10-10 05:13 -------- d-----w- c:\arquivos de programas\Real Alternative

2010-10-10 05:03 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll

2010-10-10 05:03 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll

2010-10-10 05:03 . 2010-01-17 15:18 151552 ----a-w- c:\windows\system32\ac3acm.acm

2010-10-10 05:03 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm

2010-10-10 05:03 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2010-10-10 05:03 . 2010-09-14 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-10-10 04:58 . 2010-10-10 05:03 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2010-10-10 04:43 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll

2010-10-10 00:08 . 2010-10-17 18:02 233992 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-10-10 00:08 . 2010-10-17 18:02 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-10-10 00:08 . 2010-10-17 18:02 233992 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-10-10 00:07 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-10-10 00:07 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll

2010-10-08 15:03 . 2010-06-02 07:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2010-10-08 15:03 . 2010-06-02 07:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2010-10-08 15:03 . 2010-06-02 07:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2010-10-08 15:03 . 2010-05-26 14:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2010-10-08 15:03 . 2010-05-26 14:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2010-10-08 15:03 . 2010-05-26 14:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2010-10-08 15:03 . 2010-05-26 14:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2010-10-08 15:03 . 2010-05-26 14:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2010-10-08 15:03 . 2010-02-04 13:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll

2010-10-08 15:03 . 2010-02-04 13:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll

2010-10-08 15:03 . 2010-02-04 13:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll

2010-10-08 15:03 . 2010-02-04 13:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2010-10-07 23:38 . 2010-10-07 23:38 -------- d-----w- C:\BIBLIA3G

2010-10-06 20:49 . 2010-10-06 20:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Electronic Arts

2010-10-06 20:48 . 2010-10-06 20:48 -------- d--h--r- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\SecuROM

2010-10-06 20:30 . 2010-10-26 02:56 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-10-06 20:30 . 2010-10-06 20:30 138056 ----a-w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PnkBstrK.sys

2010-10-06 20:30 . 2010-10-26 02:54 214864 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-10-06 20:30 . 2010-10-06 20:30 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-10-06 20:30 . 2010-10-06 20:30 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe

2010-10-06 19:50 . 2008-10-15 09:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2010-10-06 19:49 . 2005-05-26 18:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2010-10-06 19:48 . 2010-10-11 07:40 -------- d-----w- c:\windows\Logs

2010-10-05 19:02 . 2010-10-05 19:02 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\Cyberlink

2010-10-05 19:01 . 2010-10-05 19:02 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\CyberLink

2010-10-05 18:58 . 2010-10-05 19:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2010-10-05 18:58 . 2010-10-05 18:58 -------- d-----w- c:\arquivos de programas\Cyberlink

2010-10-05 18:58 . 2010-10-05 18:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\CyberLink

2010-10-05 18:56 . 2010-10-05 18:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Temp

2010-10-02 23:53 . 2010-10-02 23:53 -------- d-----w- c:\arquivos de programas\SopCast

2010-10-02 23:53 . 2010-10-02 23:53 -------- d-----w- c:\arquivos de programas\Orban

2010-09-30 13:48 . 2010-09-30 13:48 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys

2010-09-29 16:57 . 2010-09-29 16:57 15872 ----a-r- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe

2010-09-29 13:09 . 2010-10-15 00:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Sony Ericsson

2010-09-29 13:08 . 2010-10-15 00:37 -------- d-----w- c:\arquivos de programas\Sony Ericsson

2010-09-29 12:52 . 2010-09-29 12:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BVRP Software

2010-09-29 12:52 . 2007-11-02 14:47 103976 ----a-w- c:\windows\system32\drivers\s916mgmt.sys

2010-09-29 12:52 . 2007-11-02 14:47 15016 ----a-w- c:\windows\system32\drivers\s916mdfl.sys

2010-09-29 12:52 . 2007-11-02 14:47 12200 ----a-w- c:\windows\system32\drivers\s916cmnt.sys

2010-09-29 12:52 . 2007-11-02 14:47 12200 ----a-w- c:\windows\system32\drivers\s916cm.sys

2010-09-29 12:52 . 2007-11-02 14:47 109992 ----a-w- c:\windows\system32\drivers\s916mdm.sys

2010-09-29 12:52 . 2007-11-02 14:47 100008 ----a-w- c:\windows\system32\drivers\s916obex.sys

2010-09-29 12:52 . 2007-11-02 14:47 83496 ----a-w- c:\windows\system32\drivers\s916bus.sys

2010-09-29 12:52 . 2007-11-02 14:47 12200 ----a-w- c:\windows\system32\drivers\s916whnt.sys

2010-09-29 12:52 . 2007-11-02 14:47 12200 ----a-w- c:\windows\system32\drivers\s916wh.sys

2010-09-28 23:29 . 2010-09-28 23:29 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\Uniblue

2010-09-28 23:29 . 2010-09-28 23:29 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\OpenCandy

2010-09-28 23:29 . 2010-09-28 23:29 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\OpenCandy

2010-09-28 15:17 . 2010-10-10 00:19 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\BitTorrent

2010-09-28 15:13 . 2010-09-28 15:15 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\GetRightToGo

2010-09-28 12:39 . 2010-10-06 01:12 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\VT_Software

2010-09-28 12:37 . 2010-10-06 03:19 -------- d-----w- c:\arquivos de programas\WinPcap

2010-09-27 22:47 . 2010-09-27 22:47 159744 ----a-w- c:\arquivos de programas\Internet Explorer\Plugins\npqtplugin7.dll

2010-09-27 22:47 . 2010-09-27 22:47 159744 ----a-w- c:\arquivos de programas\Internet Explorer\Plugins\npqtplugin6.dll

2010-09-27 22:47 . 2010-09-27 22:47 159744 ----a-w- c:\arquivos de programas\Internet Explorer\Plugins\npqtplugin5.dll

2010-09-27 22:47 . 2010-09-27 22:47 159744 ----a-w- c:\arquivos de programas\Internet Explorer\Plugins\npqtplugin4.dll

2010-09-27 22:47 . 2010-09-27 22:47 159744 ----a-w- c:\arquivos de programas\Internet Explorer\Plugins\npqtplugin3.dll

2010-09-27 22:47 . 2010-09-27 22:47 159744 ----a-w- c:\arquivos de programas\Internet Explorer\Plugins\npqtplugin2.dll

2010-09-27 22:47 . 2010-09-27 22:47 159744 ----a-w- c:\arquivos de programas\Internet Explorer\Plugins\npqtplugin.dll

2010-09-27 22:46 . 2010-09-27 22:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-09-27 22:46 . 2010-09-27 22:46 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-26 01:37 . 2010-08-12 21:55 697328 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-10-05 18:56 . 2010-08-12 22:38 505128 ----a-w- c:\windows\system32\msvcp71.dll

2010-10-05 18:56 . 2010-08-12 22:38 353576 ----a-w- c:\windows\system32\msvcr71.dll

2010-09-26 02:20 . 2010-09-26 02:20 73728 ----a-w- c:\windows\system32\OdbcJdbcSetup.dll

2010-09-26 02:20 . 2010-09-26 02:20 212992 ----a-w- c:\windows\system32\IscDbc.dll

2010-09-26 02:20 . 2010-09-26 02:20 188416 ----a-w- c:\windows\system32\OdbcJdbc.dll

2010-09-25 21:57 . 2010-09-25 21:57 40960 ----a-r- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\Microsoft\Installer\{E8870D92-54F6-4AC7-82D0-7DCDFB1F00AE}\hltv.exe_E8870D9254F64AC782D07DCDFB1F00AE.exe

2010-09-25 21:57 . 2010-09-25 21:57 40960 ----a-r- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\Microsoft\Installer\{E8870D92-54F6-4AC7-82D0-7DCDFB1F00AE}\hlds.exe_E8870D9254F64AC782D07DCDFB1F00AE.exe

2010-09-10 21:12 . 2010-09-10 21:09 2829 ----a-w- c:\windows\War3Unin.pif

2010-09-10 21:12 . 2010-09-10 21:09 139264 ----a-w- c:\windows\War3Unin.exe

2010-09-08 14:17 . 2010-09-08 14:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 14:17 . 2010-09-08 14:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-07 14:12 . 2010-08-13 21:43 38848 ----a-w- c:\windows\avastSS.scr

2010-09-07 14:11 . 2010-08-12 22:38 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-09-07 13:52 . 2010-08-12 22:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-09-07 13:52 . 2010-08-12 22:39 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-09-07 13:47 . 2010-08-12 22:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-09-07 13:47 . 2010-08-12 22:39 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-09-07 13:47 . 2010-08-12 22:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-09-07 13:47 . 2010-08-12 22:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-09-07 13:46 . 2010-08-12 22:39 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-08-20 13:44 . 2010-08-20 13:44 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-08-20 13:44 . 2010-08-20 13:44 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 21:56 . 2010-08-16 21:56 40960 ----a-w- c:\windows\system32\maplec.dll

2010-08-16 21:56 . 2010-08-16 21:56 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll

2010-08-16 21:56 . 2010-08-16 21:56 20480 ----a-w- c:\windows\system32\maplecompat.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2010-10-25_19.03.14 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-26 17:56 . 2010-10-26 17:56 16384 c:\windows\Temp\Perflib_Perfdata_528.dat

+ 2010-10-26 01:18 . 2010-10-26 01:22 9728 c:\windows\system32\BASSMOD.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{c69650dc-9644-4580-aa86-0ea329ee6c60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll" [2010-09-29 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

2010-09-29 19:16 2735200 ----a-w- c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c69650dc-9644-4580-aa86-0ea329ee6c60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll" [2010-09-29 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C69650DC-9644-4580-AA86-0EA329EE6C60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll" [2010-09-29 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-09-29 08:09 98328 ----a-w- d:\arquivos de programas\Nero\Nero 9\InCD\NBHshx.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"AlcoholAutomount"="d:\arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-10-11 14940040]

"DAEMON Tools Pro Agent"="d:\arquivos de programas\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-21 925696]

"amd_dc_opt"="c:\arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"NBHGui"="d:\arquivos de programas\Nero\Nero 9\InCD\NBHGui.exe" [2008-09-29 2079256]

"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2001-09-13 818688]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="d:\arquivos de programas\QuickTime\QTTask.exe" [2010-09-08 421888]

"BDRegion"="c:\arquivos de programas\Cyberlink\Shared files\brs.exe" [2010-04-02 75048]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2008-09-29 08:09 1111064 ----a-w- d:\arquivos de programas\Nero\Nero 9\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]

2010-02-03 03:08 87336 ----a-w- d:\arquivos de programas\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Program Files\\Garena\\Garena.exe"=

"c:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Arquivos de programas\\Maple 12\\jre\\bin\\maple.exe"=

"d:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"d:\\Arquivos de programas\\Warcraft III\\war3.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"d:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"d:\\Arquivos de programas\\GHostOne\\ghost.exe"=

"d:\\Arquivos de programas\\GHostOne\\GHostOne.exe"=

"d:\\Arquivos de programas\\BitTorrent\\BitTorrent.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"d:\arquivos de programas\Combat Arms\CombatArms.exe"= d:\arquivos de programas\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"d:\arquivos de programas\Combat Arms\Engine.exe"= d:\arquivos de programas\Combat Arms\Engine.exe:*Enabled:Engine.exe

"d:\\Program Files\\Valve\\Counter-Strike 1.6 Sector Edition\\hl.exe"=

"d:\\Arquivos de programas\\Combat Arms\\NMService.exe"=

"e:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"=

"e:\\Arquivos de programas\\Wizards of the Coast LLC\\Magic The Gathering - Duels of the Planeswalkers\\DotP.exe"=

"d:\\Arquivos de programas\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"d:\\Arquivos de programas\\mIRC\\mirc.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57050:TCP"= 57050:TCP:Pando Media Booster

"57050:UDP"= 57050:UDP:Pando Media Booster

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/8/2010 20:39 165584]

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/05 15:58];d:\arquivos de programas\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl [2/4/2010 10:11 87536]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/8/2010 20:39 17744]

R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [29/9/2008 06:09 108568]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/6/2010 15:07 35088]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [30/9/2010 11:48 27632]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [16/8/2010 02:14 135664]

S2 OMSI download service;Sony Ericsson OMSI download service;d:\sony ericsson pc suite\SupServ.exe --> d:\sony ericsson pc suite\SupServ.exe [?]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\VICTOR~1\CONFIG~1\Temp\IRX1F.tmp --> c:\docume~1\VICTOR~1\CONFIG~1\Temp\IRX1F.tmp [?]

S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [12/8/2010 20:14 104960]

S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [12/8/2010 20:14 104960]

S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [12/8/2010 20:14 104960]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [29/9/2010 10:52 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [29/9/2010 10:52 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [29/9/2010 10:52 109992]

S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [29/9/2010 10:52 103976]

S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [29/9/2010 10:52 100008]

S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [15/8/2010 01:04 476672]

S3 ZSMC326;TD74 USB2.0 PC Camera(VC0323);c:\windows\system32\Drivers\usbvm323.sys --> c:\windows\system32\Drivers\usbvm323.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/8/2010 19:55 697328]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-08-16 04:14]

 

2010-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-08-16 04:14]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.daemon-search.com/startpage

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-26 16:03

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\VICTOR~1\CONFIG~1\Temp\IRX1F.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]

"ImagePath"="\??\d:\arquivos de programas\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Tempo para conclusão: 2010-10-26 16:04:48

ComboFix-quarantined-files.txt 2010-10-26 18:04

ComboFix2.txt 2010-10-25 19:04

 

Pré-execução: 2.295.259.136 bytes disponíveis

Pós execução: 2.297.913.344 bytes disponíveis

 

- - End Of File - - 80CFFF2B132AF74E1CD6C0796FBE5BDA

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Olá aLp.zN

 

O PC está limpo.

 

1.

*Clique em [iniciar] > [Executar] > copie e cole: Combofix /uninstall

 

9c7dcf5090.jpg

 

*Clique [OK] > [Executar]

*Aguarde surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

2.

*Clique em [iniciar] > [Executar] > digite: msconfig

*Clique [OK]

*Na aba "BOOT.INI", selecione a linha:

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

366734c8c1.jpg

 

*Clique [Verificar caminhos de inicialização] > [sIM] > [OK]

 

0a9fdb3c76.jpg

 

*Reinicie o PC

*Ao iniciar o Windows, clique em "Não mostrar esta mensagem ou iniciar o utilitário de configuração do sistema ao iniciar o Windows"

 

Um abraço.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito