Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

LIPE BRITO

[Arquivado] &nbspProblemas com malwares

Recommended Posts

ComboFix 10-11-18.04 - Administrador 19/11/2010 10:59:20.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2038.1395 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\SpeedBit Video Downloader\Toolbar\tbhelper.dll

c:\documents and settings\Administrador\Dados de aplicativos\avdrn.dat

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\1.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\a.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\b.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\c.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\d.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\e.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\f.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\g.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\h.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\i.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\J.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\k.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\l.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\m.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\mru.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\n.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\o.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\p.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\q.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\r.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\s.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\t.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\u.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\v.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\w.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\x.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\y.xml

c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\z.xml

c:\documents and settings\All Users\Dados de aplicativos\dkwork.ini

c:\documents and settings\All Users\Dados de aplicativos\UpApp32.dll

c:\windows\infosapi.dll

c:\windows\jestertb.dll

c:\windows\system32\fjhdyfhsn.bat

c:\windows\system32\nmft64.dll

c:\windows\system32\Thumbs.db

 

A cópia de c:\windows\system32\midimap.dll foi encontrada e desinfectada

Cópia restaurada de - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-10-19 to 2010-11-19 ))))))))))))))))))))))))))))

.

 

2010-11-10 14:56 . 2010-11-10 14:56 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

 

------- Sigcheck -------

 

[7] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

[-] 2004-08-04 . 3550BFE59972A67AC2F7781041D28EA7 . 543744 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2004-08-04 . 3550BFE59972A67AC2F7781041D28EA7 . 543744 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe

 

[7] 2004-08-04 . 974FA6D27FE3413ADBAEA63017AEF1A4 . 111616 . . [5.4.3790.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe

[-] 2004-08-04 . 697F052D26B618B10978190CA2A8AD75 . 116736 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe

[-] 2004-08-04 . 697F052D26B618B10978190CA2A8AD75 . 116736 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe

 

[7] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

[-] 2004-08-04 . 74F92F672C3F1C5E3D9806D4C652C9EF . 636928 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2004-08-04 . 74F92F672C3F1C5E3D9806D4C652C9EF . 636928 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[7] 2004-08-04 . 3680CF24C64348BFDC89E290790398E7 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2001-10-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

 

[7] 2004-08-04 . 2D36439FE3C0FBD30F5ABD8FDBAA31B5 . 3003392 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll

[-] 2004-08-04 . BD4049569FE8E8908316520263236834 . 3332096 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll

[-] 2004-08-04 . BD4049569FE8E8908316520263236834 . 3332096 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll

 

[7] 2004-08-04 . 91448D27F6DFAF50DD1D5FD3D8C1F3BD . 2152448 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe

[-] 2004-08-04 . 68EB1CA90067F37948413DC585A04171 . 2312704 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe

 

[7] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[-] 2004-08-04 . 343803821BF9B682BE1F9A970D2A3B40 . 577536 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll

[-] 2004-08-04 . 343803821BF9B682BE1F9A970D2A3B40 . 577536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll

 

[7] 2004-08-04 . 398A619CE60090303042D1F8CC68F712 . 658432 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll

[-] 2004-08-04 . 40C0CE6EC4E17ED786EE14EBFF94A5CC . 768512 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll

[-] 2004-08-04 . 40C0CE6EC4E17ED786EE14EBFF94A5CC . 768512 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll

 

[-] 2004-08-04 . 54D6CE672AA517A3D59F4D646EB4A1DC . 1541120 . . [6.00.2900.2180] . . c:\windows\explorer.exe

[7] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

[-] 2004-08-04 . 54D6CE672AA517A3D59F4D646EB4A1DC . 1541120 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe

 

[7] 2004-08-04 . C44792D0F3070F7959E4DC4F49380595 . 1281024 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll

[-] 2004-08-04 . 9EF506B85A19398804E672EF24AF2CCB . 1306112 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll

[-] 2004-08-04 . 9EF506B85A19398804E672EF24AF2CCB . 1306112 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ole32.dll

 

[7] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

[-] 2004-08-04 . 42DD6AD5822AFEE70335BE2E9C4B6A9C . 40448 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2004-08-04 . 42DD6AD5822AFEE70335BE2E9C4B6A9C . 40448 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

 

[7] 2004-08-04 . 31DFE96B6B6FA4C9CA098CEAF21B29A5 . 2019328 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe

[-] 2004-08-04 . 43C5ED8DC7EFE89A3BF54263F7583E68 . 2179584 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe

 

[7] 2004-08-04 . 69E3202DCB3F4C432262100A2175BDD5 . 93184 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\IEXPLORE.EXE

[-] 2004-08-04 . 1A64EB8EBD5935326C2FECBA25A72273 . 102912 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\arquiv~1\DAP\SBSearch.dll" [2010-07-06 38384]

"{c69650dc-9644-4580-aa86-0ea329ee6c60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll" [2010-10-07 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]

[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]

[HKEY_CLASSES_ROOT\SearchHook.SrchHook]

 

[HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]

2010-07-06 12:24 2447360 ----a-w- c:\arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

2010-10-07 16:10 2735200 ----a-w- c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c69650dc-9644-4580-aa86-0ea329ee6c60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll" [2010-10-07 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C69650DC-9644-4580-AA86-0EA329EE6C60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll" [2010-10-07 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-01-21 135664]

"DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2010-07-06 2819584]

"PC Suite Tray"="d:\músicas e imagens f\felipe brito\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

"Nokia.PCSync"="d:\músicas e imagens f\felipe brito\Nokia PC Suite 7\PcSync2.exe" [2010-06-16 753664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"nwiz"="nwiz.exe" [2006-10-31 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]

"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-02 149280]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]

"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-09-25 33517568]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"DataMngr"="c:\arquiv~1\WI9130~1\DataMngr\DataMngrUI.exe" [2010-05-06 796608]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Prog"="c:\windows\twitcam.cpl-" [X]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 40448]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Microsoft Games\\Motocross Madness 2 Trial\\mcm2.exe"=

"c:\\Arquivos de programas\\DAP\\DAP.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [19/9/2009 12:52 874880]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-11-17 c:\windows\Tasks\WebReg HP Deskjet D1600 series.job

- c:\arquivos de programas\HP\Digital Imaging\bin\hpqwrg.exe [2009-05-21 23:40]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: {837D5E11-2F09-4B83-9B8A-282D549EAA1D} = 10.1.1.1

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\kay60b1y.default\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

SafeBoot-WudfPf

SafeBoot-WudfRd

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-19 11:02

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(688)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(744)

c:\windows\system32\setupapi.dll

c:\windows\system32\psbase.dll

 

- - - - - - - > 'Explorer.EXE'(1720)

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\LINKINFO.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\igfxsrvc.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

c:\arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

c:\arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-11-19 11:03:59 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-11-19 13:03

 

Pré-execução: 10 pasta(s) 36.787.634.176 bytes disponíveis

Pós execução: 12 pasta(s) 36.773.109.760 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 3E6AE2B2BBD6DA091329F8A4550B14E1

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Olá Lipe!

 

:seta: Siga, por gentileza, as dicas destes tutoriais:

 

'>http://www.caixadedicas.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

 

Tutorial do antivirus Nod32 Online

____________________________

 

:seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis e o log do Malwarebytes e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.