Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Cuesta

[Resolvido] &nbspAnalise de logs- HijackThis e Combofix

Recommended Posts

Ola!! amigos !! saudações !

Estou aqui com um problema... ao acessar 3 sites que trabalho ... atualisando ..etc.. cuestaadventure(.com.br)

canoagembrasil(.com.br) e mountainbikes(.com.br) coloquei (.com.br) para não aparecer as urls no google ...destes sites... bom... ao acessar estes sites... uso o IE , Mozilla , Opera , Crome ... eles travam, no caso do opera e do mozila depois eles nem fecham... nem com o gerenciador de tarefas... e a maquina não reinicia normalmente.... tenho que forçar o restart... no restante sem acessar estes sites parace normal... estes sites estão normais em outras maquinas e Lamhouse... estão no mesmo servidor que outros sites que administro que também acesso normalmente e liguei para o suporte e eles dizem estar tudo normal por lá...

Estes são os logs...

 

HijackThis

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:43:27, on 28/10/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Arquivos de programas\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Arquivos de programas\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCService.exe
C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe
C:\Arquivos de programas\BitComet\BitComet.exe
C:\Arquivos de programas\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\apache2triad\bin\httpd.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\apache2triad\mysql\bin\MySQLSystemTrayMonitor.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Macromedia\Flash Communication Server MX\FlashComAdmin.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\apache2triad\mysql\bin\mysqld.exe
C:\apache2triad\bin\httpd.exe
C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\apache2triad\mail\bin\XMail.exe
C:\Arquivos de programas\Macromedia\Flash Communication Server MX\FlashCom.exe
C:\Arquivos de programas\IObit\IObit Malware Fighter\IMF.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\HijackTHIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareware.Pro-PR - {06bcb18a-293e-43fa-9c2b-d167f2916f01} - C:\Arquivos de programas\Peer2Peer-PR\prxtbPee2.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll
O2 - BHO: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.6.22.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyB2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Shareware.Pro-PR Toolbar - {06bcb18a-293e-43fa-9c2b-d167f2916f01} - C:\Arquivos de programas\Peer2Peer-PR\prxtbPee2.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyB2.dll
O3 - Toolbar: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [iObit Malware Fighter] "C:\Arquivos de programas\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [COMODO] C:\Arquivos de programas\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKLM\..\Run: [CPA] C:\Arquivos de programas\COMODO\COMODO GeekBuddy\VALA.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-18 Startup: MySQL System Tray Monitor.lnk = C:\apache2triad\mysql\bin\MySQLSystemTrayMonitor.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MySQL System Tray Monitor.lnk = C:\apache2triad\mysql\bin\MySQLSystemTrayMonitor.exe (User 'Default user')
O4 - Startup: MySQL System Tray Monitor.lnk = C:\apache2triad\mysql\bin\MySQLSystemTrayMonitor.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &B&aixar todos os vídeos com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - C:\Arquivos%20de%20programas\Tweak%20Marketing\Advanced%20Email%20Extractor\AeeMSIE.dll (file missing)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - C:\Arquivos%20de%20programas\Tweak%20Marketing\Advanced%20Email%20Extractor\AeeMSIE.dll (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.6.22.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://189.111.156.229:8081/cab/OCXChecker_8320.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEDD515E-FCD2-441B-A271-6A2256FA4B12}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2B37FF2-CDA2-4410-BC30-F5FE87BAF82C}: NameServer = 8.26.56.26 156.154.70.22
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Arquivos de programas\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Flash Communication Server (FlashCom) - Macromedia, Inc. - C:\Arquivos de programas\Macromedia\Flash Communication Server MX\FlashCom.exe
O23 - Service: Flash Communication Admin Service (FlashComAdmin) - Macromedia, Inc. - C:\Arquivos de programas\Macromedia\Flash Communication Server MX\FlashComAdmin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Arquivos de programas\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

--
End of file - 12424 bytes

 

 

 

 

E este do Combofix ..

 

 

 

 

ComboFix 11-10-28.04 - Cuesta Adventure 28/10/2011  14:54:25.11.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.55.1046.18.895.446 [GMT -2:00]
Executando de: c:\documents and settings\Cuesta Adventure\Desktop\ComboFix.exe
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2011-09-28 to 2011-10-28  ))))))))))))))))))))))))))))
.
.
2011-10-28 15:41 . 2011-10-28 16:19	--------	d-----w-	C:\HijackTHIS
2011-10-28 13:38 . 2011-10-28 13:38	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2011-10-28 13:38 . 2011-10-28 13:38	--------	d-----w-	c:\arquivos de programas\Malwarebytes' Anti-Malware
2011-10-28 13:38 . 2011-08-31 19:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-27 22:28 . 2011-10-28 16:19	--------	d-----w-	c:\arquivos de programas\Crawler
2011-10-27 12:42 . 2011-10-27 12:42	--------	d-----w-	c:\arquivos de programas\File Recovery
2011-10-27 12:10 . 2001-08-17 22:13	16925	-c--a-w-	c:\windows\system32\dllcache\w940nd.sys
2011-10-27 12:09 . 2004-08-04 01:07	6912	-c--a-w-	c:\windows\system32\dllcache\smbclass.sys
2011-10-27 12:08 . 2001-08-18 00:07	19840	-c--a-w-	c:\windows\system32\dllcache\philtune.sys
2011-10-27 12:07 . 2001-08-17 23:48	6016	-c--a-w-	c:\windows\system32\dllcache\msfsio.sys
2011-10-27 12:06 . 2001-08-18 00:55	6144	-c--a-w-	c:\windows\system32\dllcache\kbd106.dll
2011-10-27 12:05 . 2001-09-06 01:50	19456	-c--a-w-	c:\windows\system32\dllcache\hr1w.dll
2011-10-27 12:04 . 2001-08-17 22:11	29696	-c--a-w-	c:\windows\system32\dllcache\dm9pci5.sys
2011-10-27 12:03 . 2001-09-06 01:12	14080	-c--a-w-	c:\windows\system32\dllcache\bulltlp3.sys
2011-10-27 12:02 . 2004-08-04 01:10	48128	-c--a-w-	c:\windows\system32\dllcache\61883.sys
2011-10-27 12:02 . 2001-09-06 01:50	98304	-c--a-w-	c:\windows\system32\dllcache\a3d.dll
2011-10-27 12:02 . 2001-09-06 01:49	38400	-c--a-w-	c:\windows\system32\dllcache\8514a.dll
2011-10-27 12:02 . 2004-08-04 01:00	12288	-c--a-w-	c:\windows\system32\dllcache\4mmdat.sys
2011-10-27 12:02 . 2001-08-17 22:48	148352	-c--a-w-	c:\windows\system32\dllcache\3dfxvsm.sys
2011-10-27 12:02 . 2004-08-04 04:10	53248	-c--a-w-	c:\windows\system32\dllcache\1394bus.sys
2011-10-27 12:02 . 2001-09-06 01:49	689216	-c--a-w-	c:\windows\system32\dllcache\3dfxvs.dll
2011-10-27 12:02 . 2001-08-18 00:06	11264	-c--a-w-	c:\windows\system32\dllcache\1394vdbg.sys
2011-10-27 12:02 . 2001-08-17 23:28	762780	-c--a-w-	c:\windows\system32\dllcache\3cwmcru.sys
2011-10-27 12:02 . 2001-09-06 01:49	66048	-c--a-w-	c:\windows\system32\dllcache\s3legacy.dll
2011-10-26 22:50 . 2011-10-26 22:54	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Comodo
2011-10-26 22:49 . 2011-10-26 22:50	--------	d-----w-	c:\arquivos de programas\COMODO
2011-10-26 22:49 . 2011-10-26 22:49	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Comodo Downloader
2011-10-26 22:27 . 2011-10-26 22:29	--------	dc-h--w-	c:\windows\ie8
2011-10-26 18:36 . 2011-10-26 18:36	--------	d-----w-	c:\documents and settings\Cuesta Adventure\Dados de aplicativos\VSRevoGroup
2011-10-26 17:58 . 2011-10-26 17:58	--------	d-----r-	c:\documents and settings\Cuesta Adventure\Meus documentos
2011-10-13 13:01 . 2011-10-13 13:01	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\regid.1986-12.com.adobe
2011-10-13 01:20 . 2011-10-13 01:20	--------	d-----w-	c:\documents and settings\Cuesta Adventure\Dados de aplicativos\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-10-13 01:20 . 2011-10-13 01:20	--------	d-----w-	c:\arquivos de programas\Adobe Download Assistant
2011-10-12 18:43 . 2011-10-12 18:43	--------	d-----w-	c:\arquivos de programas\VS Revo Group
2011-10-12 18:12 . 2011-10-12 18:12	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\IObit
2011-10-12 17:06 . 2010-05-06 10:34	743424	-c----w-	c:\windows\system32\dllcache\iedvtool.dll
2011-10-12 16:38 . 2006-06-29 16:07	14048	------w-	c:\windows\system32\spmsg2.dll
2011-10-12 16:04 . 2011-08-19 19:33	25944	----a-w-	c:\windows\system32\SmartDefragBootTime.exe
2011-10-12 16:04 . 2010-11-26 21:02	14776	----a-w-	c:\windows\system32\drivers\SmartDefragDriver.sys
2011-10-12 16:01 . 2011-10-12 16:04	--------	d-----w-	c:\documents and settings\Cuesta Adventure\Dados de aplicativos\IObit
2011-10-12 16:01 . 2011-10-12 16:04	--------	d-----w-	c:\arquivos de programas\IObit
2011-10-12 00:21 . 2011-10-12 00:21	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-10-12 00:12 . 2011-10-12 00:12	--------	d-----w-	c:\arquivos de programas\Bonjour
2011-10-12 00:12 . 2011-10-12 00:12	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Macrovision Shared
2011-10-11 23:02 . 2011-10-11 23:09	--------	d-----w-	c:\documents and settings\Documentos2\Adobe CS4
2011-10-11 15:15 . 2011-10-11 15:15	22372	----a-w-	c:\documents and settings\Documentos2\cc_20111011_121531.reg
2011-10-07 20:48 . 2011-10-07 20:48	97760	----a-w-	c:\windows\system32\drivers\inspect.sys
2011-10-07 20:48 . 2011-10-07 20:48	492768	----a-w-	c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 20:48 . 2011-10-07 20:48	31704	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 20:48 . 2011-10-07 20:48	18056	----a-w-	c:\windows\system32\drivers\cmderd.sys
2011-10-07 20:47 . 2011-10-07 20:47	33984	----a-w-	c:\windows\system32\cmdcsr.dll
2011-10-07 20:47 . 2011-10-07 20:47	300200	----a-w-	c:\windows\system32\guard32.dll
2011-10-06 19:23 . 2011-10-10 02:06	--------	d-----w-	c:\documents and settings\Documentos2\Video Edições
2011-10-05 00:20 . 2011-10-12 00:17	--------	d-----w-	c:\arquivos de programas\Boris FX, Inc
2011-10-05 00:13 . 2011-10-05 00:13	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Pinnacle
2011-10-05 00:12 . 2011-10-05 00:12	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Pinnacle Studio Ultimate
2011-10-05 00:01 . 2011-10-12 00:18	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Pinnacle
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-09-15 13:51 . 2006-10-26 11:45	1933312	-c--a-w-	c:\arquivos de programas\MyVoc7.exe
2011-09-29 07:30 . 2011-10-27 20:45	134104	----a-w-	c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot_2011-10-27_19.40.56   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-28 15:17 . 2011-10-28 15:17	16384              c:\windows\temp\Perflib_Perfdata_7f0.dat
+ 2001-10-28 12:07 . 2011-10-28 13:26	87162              c:\windows\system32\perfc009.dat
+ 2011-10-28 13:25 . 2011-10-28 15:17	32768              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-10-26 22:54 . 2011-10-27 18:26	32768              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-11-07 16:40 . 2011-10-28 15:17	49152              c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat
- 2004-11-07 16:40 . 2011-10-27 18:26	49152              c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-28 13:26 . 2011-10-28 13:25	32768              c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012011102820111029\index.dat
+ 2004-11-07 16:40 . 2011-10-28 15:17	32768              c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
- 2004-11-07 16:40 . 2011-10-27 18:26	32768              c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
+ 2001-10-28 12:07 . 2011-10-28 13:26	527066              c:\windows\system32\perfh016.dat
+ 2001-10-28 12:07 . 2011-10-28 13:26	486406              c:\windows\system32\perfh009.dat
+ 2001-10-28 12:07 . 2011-10-28 13:26	101086              c:\windows\system32\perfc016.dat
+ 2011-09-01 21:47 . 2011-10-28 15:17	229350              c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06bcb18a-293e-43fa-9c2b-d167f2916f01}]
2011-01-17 14:54	175912	----a-w-	c:\arquivos de programas\Peer2Peer-PR\prxtbPee2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\arquivos de programas\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-10-18 10:26	3908192	----a-w-	c:\arquivos de programas\myBabylon_English\tbmyB2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{06bcb18a-293e-43fa-9c2b-d167f2916f01}"= "c:\arquivos de programas\Peer2Peer-PR\prxtbPee2.dll" [2011-01-17 175912]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\arquivos de programas\myBabylon_English\tbmyB2.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\arquivos de programas\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{06bcb18a-293e-43fa-9c2b-d167f2916f01}]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{06BCB18A-293E-43FA-9C2B-D167F2916F01}"= "c:\arquivos de programas\Peer2Peer-PR\prxtbPee2.dll" [2011-01-17 175912]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\arquivos de programas\myBabylon_English\tbmyB2.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\arquivos de programas\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{06bcb18a-293e-43fa-9c2b-d167f2916f01}]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"="c:\arquivos de programas\BitComet\BitComet.exe" [2010-06-30 3205424]
"SpywareTerminatorUpdate"="c:\arquiv~1\SPYWAR~1\SpywareTerminatorUpdate.exe" [2011-03-05 3318784]
"Advanced SystemCare 4"="c:\arquivos de programas\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\arquiv~1\SPYWAR~1\SpywareTerminatorShield.exe" [2011-03-05 2216960]
"IObit Malware Fighter"="c:\arquivos de programas\IObit\IObit Malware Fighter\IMF.exe" [2011-07-20 4393816]
"COMODO"="c:\arquivos de programas\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 208184]
"CPA"="c:\arquivos de programas\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 182584]
"COMODO Internet Security"="c:\arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2007-06-29 286720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\Cuesta Adventure\Menu Iniciar\Programas\Inicializar\
MySQL System Tray Monitor.lnk - c:\apache2triad\mysql\bin\MySQLSystemTrayMonitor.exe [2007-10-30 986624]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
SnapDetect.lnk - c:\windows\Twain_32\CA561A\SnapDetect.exe [2005-1-25 65536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskLight]
2004-12-12 19:12	909824	-c--a-w-	c:\windows\DeskLight\DeskLight.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Arquivos de programas\\MMailMaster\\MMailMaster.exe"=
"c:\\Documents and Settings\\Cuesta Adventure\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Arquivos de programas\\BitComet\\BitComet.exe"=
"c:\\Arquivos de programas\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\apache2triad\\mail\\bin\\xmail.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6267:TCP"= 6267:TCP:msvyma
"24966:TCP"= 24966:TCP:BitComet 24966 TCP
"24966:UDP"= 24966:UDP:BitComet 24966 UDP
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [12/10/2011 14:04 14776]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [7/10/2011 18:48 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7/10/2011 18:48 31704]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [5/3/2011 12:13 142592]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\arquivos de programas\IObit\Advanced SystemCare 4\ASCService.exe [12/10/2011 14:01 328536]
R2 CLPSLS;COMODO livePCsupport Service;c:\arquivos de programas\COMODO\COMODO GeekBuddy\CLPSLS.exe [26/5/2011 01:43 154424]
R2 IMFservice;IMF Service;c:\arquivos de programas\IObit\IObit Malware Fighter\IMFsrv.exe [12/10/2011 14:04 820568]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe [24/10/2009 04:18 360224]
R3 FileMonitor;FileMonitor;c:\arquivos de programas\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [12/10/2011 14:04 239600]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [7/5/2002 01:12 47360]
R3 RegFilter;RegFilter;c:\arquivos de programas\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [12/10/2011 14:04 30368]
R3 UrlFilter;UrlFilter;c:\arquivos de programas\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [12/10/2011 14:04 16080]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [3/10/2008 12:06 81920]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [23/12/2007 15:23 515803]
S2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice --> c:\apache\APACHE.EXE [?]
S2 saudjhok;Config Windows;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336]
S2 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\xmail.exe [30/10/2007 23:36 339968]
S3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\httpd.exe [30/10/2007 23:35 17408]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [13/7/2007 22:42 152832]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [3/10/2008 12:08 100352]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [3/10/2008 12:08 100352]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [3/10/2008 12:08 100352]
S3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [30/10/2007 23:39 75207]
S3 SiS630;SiS630;c:\windows\system32\drivers\sis630p.sys [7/11/2004 14:47 124928]
S3 SwitchBoard;Adobe SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 14:37 517096]
S3 VBoxDrv;VBox Support Driver;\??\f:\documentosfree\Novos Dowlloads\VirtualBox\VBoxDrv.sys --> f:\documentosfree\Novos Dowlloads\VirtualBox\VBoxDrv.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-10-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-BUDA-Cuesta Adventure.job
- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-10-13 03:12]
.
2011-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]
.
2011-10-28 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\arquivos de programas\IObit\Advanced SystemCare 4\PMonitor.exe [2011-10-12 19:40]
.
2011-10-28 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\arquivos de programas\IObit\Smart Defrag 2\SmartDefrag.exe [2011-10-12 13:35]
.
2011-10-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-22 01:18]
.
.
------- Scan Suplementar -------
.
IE: &B&aixar &com o BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm
IE: &B&aixar todos os vídeos com o BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
IE: &B&aixar tudo usando o BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
IE: Crawler Search - tbr:iemenu
IE: {{AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://c:\arquivos%20de%20programas\Tweak%20Marketing\Advanced%20Email%20Extractor\AeeMSIE.dll/page.html
TCP: DhcpNameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{DEDD515E-FCD2-441B-A271-6A2256FA4B12}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E2B37FF2-CDA2-4410-BC30-F5FE87BAF82C}: NameServer = 8.26.56.26 156.154.70.22
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\ctbr.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Cuesta Adventure\Dados de aplicativos\Mozilla\Firefox\Profiles\3cfbuc5n.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 15:10
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
Procurando processos ocultos ... 
.
Procurando entradas auto inicializáveis ocultas ... 
.
Procurando ficheiros/arquivos ocultos ... 
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\saudjhok]
"ServiceDll"="c:\windows\system32\iqslehkw.dll"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-436374069-1060284298-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\B*a*b*e*l*P*a*d*.*‡eöN\DefaultIcon]
@="c:\\DOCUME~1\\DOCUME~1\\DOWNLO~1\\JO94F9~1\\BabelPad.exe,1"
.
[HKEY_LOCAL_MACHINE\software\Classes\B*a*b*e*l*P*a*d*.*‡eöN\shell\open\command]
@="c:\\DOCUME~1\\DOCUME~1\\DOWNLO~1\\JO94F9~1\\BabelPad.exe \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\B*a*b*e*l*P*a*d*.*‡eöN\shell\print\command]
@="c:\\DOCUME~1\\DOCUME~1\\DOWNLO~1\\JO94F9~1\\BabelPad.exe /p \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\B*a*b*e*l*P*a*d*.*‡eöN\shell\printto\command]
@="c:\\DOCUME~1\\DOCUME~1\\DOWNLO~1\\JO94F9~1\\BabelPad.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(20168)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\arquiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(808)
c:\windows\system32\cmdcsr.dll
.
Tempo para conclusão: 2011-10-28  15:16:26
ComboFix-quarantined-files.txt  2011-10-28 17:16
ComboFix2.txt  2011-10-27 19:47
ComboFix3.txt  2011-03-03 17:23
ComboFix4.txt  2009-09-04 15:15
ComboFix5.txt  2011-10-28 13:07
.
Pré-execução: 29 pasta(s) 155.700.367.360 bytes disponíveis
Pós execução: 30 pasta(s) 155.687.718.912 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
.
- - End Of File - - EF1B3309CC1845A6782263C00167AD31

 

Outro problema é que estes sites em meus navegadores , não estão a carregar algumas imagens ... banners de uns apoiadores... Gopro... ficando aguardando carregar... ex: http://www.ftjcfx.com/image-5388670-10902990...

Mas em outras maquinas ... lanhouses.. esta normal...

 

Agradeço antecipadamente...

Obrigado !!

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.