Ir para conteúdo
Entre para seguir isso  
oceanodrs

Solicito análise de log

Mensagem Recomendada

Já fiz todos os procedimentos solicitados no Tópico Oficial...

Olá. Ultimamente o PC tem se apresentado estranho... A data e horário não batem mais, mesmo arrumando. O PC fica lento de repente ou trava, e as vezes o Windows não dá o boot.

Fico no aguardo da análise do log. Obrigado

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:19:32, on 1/1/2006

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1270335302843

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1270335496453

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

--

End of file - 5860 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo pode ser problema de hardware. Baixe o Malwarebytes' Anti-Malware (MBAM) neste link ou neste aqui.

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, segue log do MBAM:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Versão da Base de Dados: v2012.11.30.10

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

User :: GILBERTO [administrador]

1/1/2006 01:16:06

mbam-log-2006-01-01 (01-16-06).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 223330

Tempo decorrido: 8 minuto(s), 29 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:27:40, on 1/1/2006

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270335302843

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270335496453

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

--

End of file - 5827 bytes

Editado por oceanodrs

''

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom, estou vendo que seu relógio não está configurado com a data correta, conforme você falou antes. É bem provável que seja a bateria da sua placa-mãe. Sabe trocar?

Execute as ferramentas abaixo pela ordem.

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

1 - Baixe o 2lsf8k9.png e salve no desktop.

Dê um duplo-clique sobre o adwcleaner.exe.

Clique no botão t8aneq.png. Dê o Ok na mensagem de que os programas abertos serão fechados.

Aguarde o exame terminar a ao final, será pedido para reiniciar o computador para completar a remoção. Dê o Ok.

Após reiniciar, será aberto o log AdwCleaner[s1].txt (fica salvo em C:\).

Mantenha seus programas de proteção desativados para não causar conflitos.

2 - Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta, juntamente com o conteúdo do AdwCleaner[s1].txt + um novo log do HijackThis.


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sim, desconfio também da bateria... nunca troquei, mas vou trocá-la então. E quando estava lendo seu último post, o Avira entrou com um aviso e moveu para quarentena um virus (imagem em anexo). Pq não apareceu nos escaneamentos anteriores?

Seguem os logs:

# AdwCleaner v2.010 - Logfile created 01/01/2006 at 03:58:50

# Updated 29/11/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : User - GILBERTO

# Boot Mode : Normal

# Running from : C:\Documents and Settings\User\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Arquivos de programas\Conduit

Folder Deleted : C:\Documents and Settings\User\Dados de aplicativos\PriceGong

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2727622

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\ImInstaller

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[s1].txt - [1279 octets] - [01/01/2006 03:58:50]

########## EOF - C:\AdwCleaner[s1].txt - [1339 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.7.0 (11.30.2012:3)

OS: Microsoft Windows XP x86

Ran by User on dom 01/01/2006 at 4:03:05,93

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on dom 01/01/2006 at 4:09:26,96

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 04:22:22, on 1/1/2006

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270335302843

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270335496453

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

--

End of file - 5827 bytes

post-332749-0-29672400-1354327547_thumb.

Compartilhar este post


Link para o post
Compartilhar em outros sites

System Volume Information\_restore = pasta da restauração do sistema

Em algum ponto de restauração foi encontrado este trojan. Na restauração, só seria ativado se usasse algum ponto infectado para restaurar o sistema. Certamente apareceu agora no Avira por alguma atualização do AV.

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix (by sUBs) e salve na área de trabalho.

  • Feche todas as janelas e programas.
  • Dê um duplo-clique no ComboFix.exe e tecle "Sim" para prosseguir.
  • Quando perguntado se deseja instalar o Console de Recuperação, clique em Sim e agüarde.
  • Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.

Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Selecione, copie e cole o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.

Importante:

  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete o Combofix.exe e baixe-o novamente. Veja bem: é somente para deletar o arquivo. NÃO É para desinstalá-lo.
  • Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação. Nos Windows Vista e acima, não aparecerá essa opção.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de segurança.


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Troquei a bateria, mas não resolveu... o windows ainda não consegue sincronizar a data/hora. Existe outra configuração?

E segue o log:

ComboFix 12-12-01.01 - User 01/01/2006 0:12.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.525 [GMT -3:00]

Executando de: c:\documents and settings\User\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\User\Meus documentos\~WRL0001.tmp

c:\documents and settings\User\Meus documentos\~WRL0002.tmp

c:\documents and settings\User\Meus documentos\~WRL0004.tmp

c:\documents and settings\User\Meus documentos\~WRL3455.tmp

c:\documents and settings\User\WINDOWS

c:\windows\IsUn0416.exe

c:\windows\system\winspool.drv

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\system32\winsusrm.dll

.

A cópia de c:\windows\system32\msgsvc.dll foi encontrada e desinfectada

Cópia restaurada de - c:\windows\ServicePackFiles\i386\msgsvc.dll

.

A cópia de c:\windows\system32\mqbkup.exe foi encontrada e desinfectada

Cópia restaurada de - c:\windows\ServicePackFiles\i386\mqbkup.exe

.

A cópia de c:\windows\system32\mqsvc.exe foi encontrada e desinfectada

Cópia restaurada de - c:\windows\ServicePackFiles\i386\mqsvc.exe

.

A cópia de c:\windows\system32\mqtgsvc.exe foi encontrada e desinfectada

Cópia restaurada de - c:\windows\ServicePackFiles\i386\mqtgsvc.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_USNJSVC

-------\Service_usnjsvc

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2005-12-01 to 2006-01-01 ))))))))))))))))))))))))))))

.

.

2012-11-11 05:53 . 2006-01-01 05:02 -------- d-----w- c:\documents and settings\User\Configurações locais\Dados de aplicativos\ApplicationHistory

2012-11-11 05:25 . 2008-04-13 22:20 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2012-11-10 17:05 . 2012-11-10 17:05 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Avira

2012-11-10 16:51 . 2012-11-19 13:47 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-11-10 16:51 . 2012-11-19 13:47 83432 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-11-10 16:51 . 2012-11-19 13:47 133824 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-11-10 16:51 . 2012-11-10 16:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2012-11-10 16:51 . 2012-11-10 16:51 -------- d-----w- c:\arquivos de programas\Avira

2012-11-10 16:26 . 2012-11-10 16:28 -------- d-----w- c:\documents and settings\User\Configurações locais\Dados de aplicativos\Google

2012-11-10 16:15 . 2012-11-10 16:15 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Windows Search

2012-11-10 09:38 . 2012-11-11 06:12 -------- d-----w- c:\windows\system32\XPSViewer

2012-11-10 09:38 . 2012-11-10 09:38 -------- d-----w- c:\arquivos de programas\MSBuild

2012-11-10 09:38 . 2012-11-10 09:38 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2012-11-10 09:38 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-11-10 09:37 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-11-10 09:37 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2012-11-10 09:37 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-11-10 09:37 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-11-10 09:37 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-11-10 09:37 . 2012-11-10 09:38 -------- d-----w- C:\8a96a709162c5840a9b594

2012-11-10 09:37 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-11-10 09:32 . 2012-11-11 05:14 -------- d-----w- c:\arquivos de programas\Windows Desktop Search

2012-11-10 09:32 . 2012-11-10 09:32 -------- d-----w- c:\windows\system32\GroupPolicy

2012-11-10 09:30 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2012-11-10 09:30 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2012-11-10 09:30 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2012-11-10 09:29 . 2012-11-10 09:29 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2012-11-10 09:27 . 2012-11-10 09:28 -------- d-----w- c:\windows\system32\drivers\UMDF

2012-11-10 09:27 . 2012-11-10 09:27 -------- d-----w- c:\windows\system32\LogFiles

2012-11-10 01:49 . 2012-11-10 02:02 -------- d-----w- c:\windows\SxsCaPendDel

2012-11-10 01:42 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2012-11-10 01:41 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2012-11-10 01:40 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2012-11-10 01:40 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2012-11-10 01:38 . 2012-08-28 15:18 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-11-10 01:38 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2012-11-10 01:36 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll

2012-11-10 01:33 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2012-11-10 00:09 . 2008-04-13 22:20 294912 ------w- c:\arquivos de programas\Windows Media Player\dlimport.exe

2012-11-10 00:09 . 2008-04-13 22:20 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2012-11-10 00:04 . 2006-12-28 15:01 19569 ----a-w- c:\windows\002781_.tmp

2012-10-31 07:09 . 2012-10-31 07:09 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2012-09-04 07:08 . 2012-09-04 07:08 -------- d-----w- c:\arquivos de programas\7-Zip

2012-09-03 00:30 . 2012-09-03 00:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Photo Notifier and Animation Creator

2012-09-03 00:30 . 2012-09-03 00:30 -------- d-----w- c:\arquivos de programas\Photo Notifier and Animation Creator

2012-09-03 00:30 . 2012-09-03 00:45 -------- d-----w- c:\documents and settings\User\Configurações locais\Dados de aplicativos\IM

2012-09-03 00:29 . 2012-09-03 00:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IM

2012-09-03 00:29 . 2012-09-03 00:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IncrediMail

2012-09-03 00:29 . 2012-09-03 01:46 -------- d-----w- c:\documents and settings\User\Configurações locais\Dados de aplicativos\Conduit

2012-09-03 00:29 . 2012-09-03 00:29 -------- d-----w- c:\documents and settings\User\Configurações locais\Dados de aplicativos\Temp

2012-07-06 13:58 . 2012-07-06 13:58 78336 -c----w- c:\windows\system32\dllcache\browser.dll

2012-06-12 02:07 . 2012-11-10 09:04 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-12 02:07 . 2012-11-10 09:04 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-01 16:50 . 2012-06-01 16:50 607232 -c----w- c:\windows\system32\dllcache\crypt32.dll

2012-02-29 14:09 . 2012-02-29 14:09 148480 -c----w- c:\windows\system32\dllcache\imagehlp.dll

2011-11-20 06:12 . 2011-11-20 06:12 60928 -c----w- c:\windows\system32\dllcache\packager.exe

2011-11-03 15:28 . 2011-11-03 15:28 386560 -c----w- c:\windows\system32\dllcache\qdvd.dll

2011-10-18 11:13 . 2011-10-18 11:13 186880 -c----w- c:\windows\system32\dllcache\encdec.dll

2011-10-14 14:47 . 2011-10-14 14:47 23040 -c----w- c:\windows\system32\dllcache\mciseq.dll

2011-09-26 14:41 . 2011-09-26 14:41 613376 ------w- c:\windows\system32\uiautomationcore.dll

2011-08-23 03:40 . 2012-10-31 21:30 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2011-08-23 03:40 . 2012-09-29 22:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-14 00:11 . 2011-05-14 00:11 641536 ----a-w- c:\arquivos de programas\Arquivos comuns\Microsoft Shared\você\msdia80.dll

2011-05-02 09:02 . 2011-05-02 09:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WEBREG

2011-04-19 07:47 . 2011-04-19 07:47 670032 ----a-w- c:\arquivos de programas\Arquivos comuns\Microsoft Shared\você\msdia90.dll

2011-02-20 02:03 . 2011-02-20 02:03 799568 ----a-w- c:\arquivos de programas\Arquivos comuns\Microsoft Shared\você\msdia100.dll

2011-02-08 13:33 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll

2011-02-02 07:58 . 2011-02-02 07:58 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll

2011-01-29 11:01 . 2011-01-29 11:01 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Media Player Classic

2011-01-27 11:57 . 2011-01-27 11:57 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe

2011-01-10 08:14 . 2011-01-10 08:14 -------- d-----w- c:\documents and settings\LocalService\Menu Iniciar

2011-01-10 07:57 . 2006-01-01 03:09 -------- d-----w- c:\arquivos de programas\CCleaner

2011-01-10 07:35 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-01-10 07:35 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-12-20 17:32 . 2010-12-20 17:32 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll

2010-12-09 07:38 . 2011-04-29 13:11 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\HP

2010-12-09 07:38 . 2006-12-03 22:32 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys

2010-12-09 07:38 . 2006-12-03 22:32 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys

2010-12-09 07:38 . 2010-12-09 07:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard

2010-12-09 07:37 . 2006-12-30 18:49 117760 ----a-w- c:\windows\system32\hpzll4v2.dll

2010-12-09 07:37 . 2006-12-29 12:57 273920 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp4v2.dll

2010-12-09 07:37 . 2007-01-13 08:31 258048 ----a-r- c:\windows\system32\hpzids01.dll

2010-12-09 07:37 . 2006-12-03 22:32 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys

2010-12-09 07:37 . 2007-03-05 23:43 294912 ----a-r- c:\windows\system32\hpovst11.dll

2010-12-09 07:37 . 2007-03-05 23:43 569344 ----a-r- c:\windows\system32\hpotscl4.dll

2010-12-09 07:37 . 2007-03-05 23:43 675840 ----a-r- c:\windows\system32\hpowiax4.dll

2010-12-09 07:37 . 2006-12-03 22:32 364544 ----a-r- c:\windows\system32\hppldcoi.dll

2010-12-09 07:37 . 2006-12-03 22:32 309760 ----a-r- c:\windows\system32\difxapi.dll

2010-12-09 07:34 . 2010-12-09 07:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-12-09 07:34 . 2010-12-09 07:34 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2010-12-09 07:33 . 2010-12-09 07:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2010-12-09 07:33 . 2010-12-09 07:33 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2010-12-09 07:32 . 2010-12-09 07:32 -------- d-----w- c:\windows\zhenghe2

2010-12-09 07:31 . 2010-12-09 07:35 -------- d-----w- c:\arquivos de programas\HP

2010-12-09 07:31 . 2008-04-13 14:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-12-09 07:31 . 2008-04-13 14:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2010-11-18 18:15 . 2010-11-18 18:15 86016 -c----w- c:\windows\system32\dllcache\isign32.dll

2010-11-09 14:52 . 2010-11-09 14:52 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll

2010-11-09 14:52 . 2010-11-09 14:52 200704 -c----w- c:\windows\system32\dllcache\msadox.dll

2010-11-09 14:52 . 2010-11-09 14:52 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll

2010-11-09 14:52 . 2010-11-09 14:52 143360 -c----w- c:\windows\system32\dllcache\msadco.dll

2010-11-09 14:52 . 2010-11-09 14:52 102400 -c----w- c:\windows\system32\dllcache\msjro.dll

2010-09-15 06:47 . 2010-12-19 09:43 -------- d-----w- C:\MDB_3

2010-09-14 15:21 . 2010-09-14 18:04 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\RipIt4Me

2010-08-08 18:38 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-08-08 17:48 . 2012-08-28 15:18 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-07-16 12:00 . 2011-11-01 16:07 1288192 -c----w- c:\windows\system32\dllcache\ole32.dll

2010-04-04 00:29 . 2010-04-04 00:29 -------- d-sh--w- c:\documents and settings\User\IECompatCache

2010-04-04 00:28 . 2010-04-04 00:28 -------- d-sh--w- c:\documents and settings\User\PrivacIE

2010-04-04 00:26 . 2010-04-04 00:26 -------- d-sh--w- c:\documents and settings\User\IETldCache

2010-04-04 00:19 . 2012-08-28 23:48 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-04-04 00:19 . 2012-08-28 15:18 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-04-04 00:19 . 2012-08-28 15:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-04-04 00:19 . 2012-08-28 15:18 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-04-04 00:19 . 2012-08-28 15:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-04-04 00:18 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-04-04 00:17 . 2012-11-11 05:12 -------- d-----w- c:\windows\system32\pt-BR

2010-04-04 00:17 . 2010-04-04 00:18 -------- dc-h--w- c:\windows\ie8

2010-04-04 00:09 . 2010-04-04 00:09 -------- d-----w- c:\arquivos de programas\Microsoft CAPICOM 2.1.0.2

2010-04-03 23:59 . 2012-11-10 00:10 -------- d-----w- c:\windows\ServicePackFiles

2010-04-03 23:33 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-04-03 23:33 . 2011-10-10 14:22 692736 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2010-04-03 23:32 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-04-03 23:30 . 2011-03-11 14:10 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-04-03 23:29 . 2012-08-23 06:27 2197120 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-22 19:56 . 2004-08-04 03:38 1866496 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04 . 2004-08-04 03:45 58368 ----a-w- c:\windows\system32\synceng.dll

2012-08-28 15:18 . 2004-08-04 03:45 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:18 . 2004-08-04 03:45 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:18 . 2004-08-04 03:45 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-04 03:37 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2004-08-04 03:45 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-23 06:27 . 2004-08-04 03:40 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 06:27 . 2004-08-04 00:40 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-07-06 13:58 . 2004-08-04 03:45 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2005-07-11 23:53 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-05 15:49 . 2004-08-04 03:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-08-04 03:45 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 18:19 . 2005-07-11 23:55 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 18:19 . 2005-07-11 23:55 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 18:19 . 2005-07-11 23:55 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 18:19 . 2005-07-11 23:55 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 18:19 . 2005-07-11 23:55 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 18:19 . 2005-05-26 07:16 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 18:19 . 2004-08-04 03:45 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 18:19 . 2005-07-11 23:55 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 18:19 . 2005-07-11 23:55 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-01 16:50 . 2004-08-04 03:45 607232 ----a-w- c:\windows\system32\crypt32.dll

2012-05-14 09:22 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll

2012-02-29 14:09 . 2004-08-04 03:45 148480 ----a-w- c:\windows\system32\imagehlp.dll

2011-11-25 21:57 . 2004-08-04 03:45 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-11-20 06:12 . 2004-08-04 03:45 60928 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21 . 2004-08-04 03:45 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-03 15:28 . 2004-08-04 03:45 386560 ----a-w- c:\windows\system32\qdvd.dll

2011-11-03 15:28 . 2004-08-04 03:45 1296896 ----a-w- c:\windows\system32\quartz.dll

2011-11-01 16:07 . 2004-08-04 03:45 1288192 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2004-08-04 03:45 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-18 11:13 . 2004-08-04 03:45 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-14 14:47 . 2004-08-04 03:45 179200 ----a-w- c:\windows\system32\winmm.dll

2011-10-14 14:47 . 2004-08-04 03:45 23040 ----a-w- c:\windows\system32\mciseq.dll

2011-10-10 14:22 . 2005-07-11 23:55 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-26 14:41 . 2001-10-28 15:07 22016 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 14:41 . 2001-10-28 15:07 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-08-17 13:49 . 2004-08-04 02:14 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-07-15 13:29 . 2004-08-04 02:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2001-10-28 15:07 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-04-21 13:37 . 2004-08-04 02:15 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-03-11 14:10 . 2004-08-04 03:45 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-04 06:36 . 2004-08-04 03:45 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-02-17 13:18 . 2004-08-04 02:14 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-15 12:56 . 2004-08-04 03:44 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2004-08-04 03:45 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-08 13:33 . 2004-08-04 03:45 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2004-08-04 03:45 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-02 07:58 . 2005-07-11 23:53 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2005-07-11 23:53 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2004-08-04 03:45 440832 ----a-w- c:\windows\system32\shimgvw.dll

2010-12-22 12:34 . 2004-08-04 03:45 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 17:32 . 2004-08-04 03:45 551936 ----a-w- c:\windows\system32\oleaut32.dll

2010-12-20 17:25 . 2004-08-04 03:45 732672 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-09 15:15 . 2004-08-04 03:45 734208 ----a-w- c:\windows\system32\ntdll.dll

2010-11-18 18:15 . 2005-07-11 23:55 86016 ----a-w- c:\windows\system32\isign32.dll

2010-11-09 14:52 . 2004-08-04 03:45 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-02 15:17 . 2001-10-28 15:07 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-09-18 06:53 . 2001-10-28 15:06 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2001-10-28 15:06 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-27 08:03 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:53 . 2004-08-04 03:45 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-23 16:12 . 2004-08-04 03:45 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:44 . 2004-08-04 03:45 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-06-17 14:03 . 2004-08-04 03:45 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-15 16:17 . 2001-10-28 15:06 143422 ----a-w- c:\windows\system32\l3codecx.ax

2010-06-14 14:31 . 2005-07-11 23:55 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-04-16 15:37 . 2004-08-04 03:45 406016 ----a-w- c:\windows\system32\usp10.dll

2010-03-30 03:52 . 2004-08-04 03:45 262416 ----a-w- c:\windows\system32\mpg4ds32.ax

2010-03-05 14:38 . 2004-08-04 03:45 65536 ----a-w- c:\windows\system32\asycfilt.dll

2010-02-12 04:34 . 2004-08-04 03:45 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-04 02:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2010-01-29 14:44 . 2004-08-04 03:44 307260 ----a-w- c:\windows\system32\l3codeca.acm

2010-01-13 14:01 . 2004-08-04 03:45 86528 ----a-w- c:\windows\system32\cabview.dll

2009-12-17 07:41 . 2005-07-11 23:53 345600 ----a-w- c:\windows\system32\mspaint.exe

2009-11-27 17:13 . 2004-08-04 00:45 17920 ----a-w- c:\windows\system32\msyuv.dll

2009-11-27 16:08 . 2001-09-05 23:50 8704 ----a-w- c:\windows\system32\tsbyuv.dll

2009-11-27 16:08 . 2004-08-04 03:45 11264 ----a-w- c:\windows\system32\msrle32.dll

2009-11-27 16:08 . 2004-08-04 03:45 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-11-27 16:08 . 2004-08-04 00:45 48128 ----a-w- c:\windows\system32\iyuv_32.dll

2009-11-27 16:08 . 2001-10-28 15:07 28672 ----a-w- c:\windows\system32\msvidc32.dll

2009-10-21 05:39 . 2004-08-04 03:45 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2004-08-04 03:45 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 02:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-15 16:32 . 2001-10-28 15:06 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-10-13 10:34 . 2004-08-04 03:45 271360 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:39 . 2004-08-04 03:45 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:39 . 2004-08-04 03:45 79872 ----a-w- c:\windows\system32\raschap.dll

2009-09-11 14:19 . 2004-08-04 03:45 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:04 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-09-01 14:47 . 2004-08-04 03:44 282654 ----a-w- c:\windows\system32\msaud32.acm

2009-08-26 08:01 . 2004-08-04 03:45 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-05 09:00 . 2004-08-04 03:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:03 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-17 16:17 . 2004-08-04 03:45 1439744 ----a-w- c:\windows\system32\query.dll

2009-07-14 02:43 . 2004-08-04 03:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-25 18:36 . 2004-08-04 03:45 95744 ----a-w- c:\windows\system32\mqsec.dll

2009-06-25 18:36 . 2004-08-04 03:45 661504 ----a-w- c:\windows\system32\mqqm.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2012-11-22 384800]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Picture Package Menu.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Picture Package Menu.lnk

backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Picture Package VCD Maker.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Picture Package VCD Maker.lnk

backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]

2006-09-05 20:28 540672 ----a-w- c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-12-23 21:05 143360 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 00:52 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-06 01:55 54832 -c--a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2007-01-19 14:54 5674352 ----a-w- c:\arquivos de programas\MSN Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 18:40 155648 -c--a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 18:10 56928 -c--a-w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]

2007-02-06 09:30 176128 ----a-w- c:\windows\system32\S3Trayp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2005-11-10 16:03 36975 -c--a-w- c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2006-09-21 18:36 53248 -c--a-w- c:\windows\system32\VTTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

2007-05-15 12:31 200704 -c--a-w- c:\windows\system32\VTTrayp.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\JOGOS\\EA GAMES\\MOHAA\\MOHAA.EXE"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/11/2012 13:51 36552]

R2 AntiVirSchedulerService;Avira Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [10/11/2012 13:51 85280]

S3 cwrwdm;SoundFusion WDM Driver;c:\windows\system32\DRIVERS\cwrwdm.sys --> c:\windows\system32\DRIVERS\cwrwdm.sys [?]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [3/4/2010 07:36 100736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2006-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-10 16:26]

.

2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-10 16:26]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.terra.com.br/

TCP: DhcpNameServer = 10.1.1.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

MSConfigStartUp-iBest - c:\arquivos de programas\Discador CresceNet\baloon.exe

MSConfigStartUp-SMSERIAL - sm56hlpr.exe

MSConfigStartUp-Symantec NetDriver Monitor - c:\arquiv~1\SYMNET~1\SNDMon.exe

AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0416.EXE

AddRemove-terradiscadorcomp - c:\arquivos de programas\Terra Discador - Versão Compacta\terradiscadorcomp u

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2006-01-01 00:22

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'explorer.exe'(2184)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Tempo para conclusão: 2006-01-01 00:29:03 - Máquina reiniciou

ComboFix-quarantined-files.txt 2006-01-01 03:29

.

Pré-execução: 23 pasta(s) 11.634.958.336 bytes disponíveis

Pós execução: 25 pasta(s) 11.742.863.360 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 10BD01C3A874A533822A53884353767C

Compartilhar este post


Link para o post
Compartilhar em outros sites

Provavelmente é hardware, mas vamos ver se algum malware pode estar causando isso.

Acesse o VirusTotal.com. Clique no botão Choose File e na janela Escolher arquivo a carregar siga o caminho até o arquivo em vermelho:

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\você\msdia80.dll

Clique no botão Scan it!. Agüarde a análise terminar, depois copie o link que estará na barra de endereço do seu navegador e cole na sua próxima resposta. Exemplo:

https://www.virustotal.com/file/be174c2ea137c2401cc50a92086c8a7cfde69f711176737737b1d7bdf91b9f4d/analysis/1331728637/

Faça o mesmo com esses:

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\você\msdia90.dll

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\você\msdia100.dll

Obs: Se você usar o VirusTotal, caso o arquivo já tenha sido analisado anteriormente pelo site, você verá uma imagem semelhante a esta:

virustotalrt7.jpg

Se isso acontecer, reanalise o arquivo.


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

Folder::

c:\documents and settings\User\Configurações locais\Dados de aplicativos\Conduit

DirLook::

C:\MDB_3

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, então reinicie manualmente.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Siga as instruções deste tópico, Logs do HijackThis ** leia antes de postar **, abra um tópico próprio e poste o log.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

Poste o novo log do ComboFix.


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tive que reiniciar manualmente no final... e o relógio desconfigura após reiniciar. ..segue o log:

ComboFix 12-12-01.02 - User 01/12/2012 19:10:31.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.479 [GMT -3:00]

Executando de: c:\documents and settings\User\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\User\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-01 to 2012-12-01 ))))))))))))))))))))))))))))

.

.

2012-11-11 05:53 . 2006-01-01 05:02 -------- d-----w- c:\documents and settings\User\Configurações locais\Dados de aplicativos\ApplicationHistory

2012-11-11 05:25 . 2008-04-13 22:20 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2012-11-10 17:05 . 2012-11-10 17:05 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Avira

2012-11-10 16:51 . 2012-11-19 13:47 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-11-10 16:51 . 2012-11-19 13:47 83432 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-11-10 16:51 . 2012-11-19 13:47 133824 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-11-10 16:51 . 2012-11-10 16:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2012-11-10 16:51 . 2012-11-10 16:51 -------- d-----w- c:\arquivos de programas\Avira

2012-11-10 16:26 . 2012-11-10 16:28 -------- d-----w- c:\documents and settings\User\Configurações locais\Dados de aplicativos\Google

2012-11-10 16:15 . 2012-11-10 16:15 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Windows Search

2012-11-10 09:38 . 2012-11-11 06:12 -------- d-----w- c:\windows\system32\XPSViewer

2012-11-10 09:38 . 2012-11-10 09:38 -------- d-----w- c:\arquivos de programas\MSBuild

2012-11-10 09:38 . 2012-11-10 09:38 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2012-11-10 09:38 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-11-10 09:37 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-11-10 09:37 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2012-11-10 09:37 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-11-10 09:37 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-11-10 09:37 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-11-10 09:37 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-11-10 09:37 . 2012-11-10 09:38 -------- d-----w- C:\8a96a709162c5840a9b594

2012-11-10 09:37 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2012-11-10 09:37 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-11-10 09:32 . 2012-11-11 05:14 -------- d-----w- c:\arquivos de programas\Windows Desktop Search

2012-11-10 09:32 . 2012-11-10 09:32 -------- d-----w- c:\windows\system32\GroupPolicy

2012-11-10 09:30 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2012-11-10 09:30 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2012-11-10 09:30 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2012-11-10 09:29 . 2012-11-10 09:29 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2012-11-10 09:27 . 2012-11-10 09:28 -------- d-----w- c:\windows\system32\drivers\UMDF

2012-11-10 09:27 . 2012-11-10 09:27 -------- d-----w- c:\windows\system32\LogFiles

2012-11-10 01:49 . 2012-11-10 02:02 -------- d-----w- c:\windows\SxsCaPendDel

2012-11-10 01:42 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2012-11-10 01:41 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2012-11-10 01:40 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2012-11-10 01:40 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2012-11-10 01:40 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2012-11-10 01:40 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2012-11-10 01:40 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2012-11-10 01:40 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2012-11-10 01:38 . 2012-08-28 15:18 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-11-10 01:38 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2012-11-10 01:36 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll

2012-11-10 01:35 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2012-11-10 01:33 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2012-11-10 01:30 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2012-11-10 00:09 . 2008-04-13 22:20 294912 ------w- c:\arquivos de programas\Windows Media Player\dlimport.exe

2012-11-10 00:09 . 2008-04-13 22:20 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2012-11-10 00:04 . 2006-12-28 15:01 19569 ----a-w- c:\windows\002781_.tmp

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-10 09:04 . 2012-06-12 02:07 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-10 09:04 . 2012-06-12 02:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-22 19:56 . 2004-08-04 03:38 1866496 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04 . 2004-08-04 03:45 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-29 22:54 . 2011-08-23 03:40 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

1999-04-01 18:53 . 1999-04-01 18:53 99840 ----a-w- c:\arquivos de programas\Arquivos comuns\IRAABOUT.DLL

1998-12-09 04:53 . 1998-12-09 04:53 70144 ----a-w- c:\arquivos de programas\Arquivos comuns\IRAMDMTR.DLL

1998-12-09 04:53 . 1998-12-09 04:53 48640 ----a-w- c:\arquivos de programas\Arquivos comuns\IRALPTTR.DLL

1998-12-09 04:53 . 1998-12-09 04:53 31744 ----a-w- c:\arquivos de programas\Arquivos comuns\IRAWEBTR.DLL

1998-12-09 04:53 . 1998-12-09 04:53 186368 ----a-w- c:\arquivos de programas\Arquivos comuns\IRAREG.DLL

1998-12-09 04:53 . 1998-12-09 04:53 17920 ----a-w- c:\arquivos de programas\Arquivos comuns\IRASRIAL.DLL

.

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of C:\MDB_3 ----

.

2010-09-15 07:02 . 2010-09-15 07:02 16384 ----a-w- c:\mdb_3\VIDEO_TS\VIDEO_TS.BUP

2010-09-15 07:02 . 2010-09-15 07:02 16384 ----a-w- c:\mdb_3\VIDEO_TS\VIDEO_TS.IFO

2010-09-15 07:02 . 2010-09-15 07:02 12288 ----a-w- c:\mdb_3\VIDEO_TS\VTS_03_0.BUP

2010-09-15 07:02 . 2010-09-15 07:02 12288 ----a-w- c:\mdb_3\VIDEO_TS\VTS_03_0.IFO

2010-09-15 07:02 . 2010-09-15 07:02 9578496 ----a-w- c:\mdb_3\VIDEO_TS\VTS_03_1.VOB

2010-09-15 07:02 . 2010-09-15 07:02 12288 ----a-w- c:\mdb_3\VIDEO_TS\VTS_02_0.BUP

2010-09-15 07:02 . 2010-09-15 07:02 12288 ----a-w- c:\mdb_3\VIDEO_TS\VTS_02_0.IFO

2010-09-15 07:01 . 2010-09-15 07:02 54882304 ----a-w- c:\mdb_3\VIDEO_TS\VTS_02_1.VOB

2010-09-15 07:01 . 2010-09-15 07:01 36864 ----a-w- c:\mdb_3\VIDEO_TS\VTS_01_0.BUP

2010-09-15 07:01 . 2010-09-15 07:01 36864 ----a-w- c:\mdb_3\VIDEO_TS\VTS_01_0.IFO

2010-09-15 07:01 . 2010-09-15 07:01 140326912 ----a-w- c:\mdb_3\VIDEO_TS\VTS_01_3.VOB

2010-09-15 06:54 . 2010-09-15 07:01 1073739776 ----a-w- c:\mdb_3\VIDEO_TS\VTS_01_2.VOB

2010-09-15 06:49 . 2010-09-15 06:54 1073739776 ----a-w- c:\mdb_3\VIDEO_TS\VTS_01_1.VOB

2010-09-15 06:48 . 2010-09-15 06:48 2543616 ----a-w- c:\mdb_3\VIDEO_TS\VTS_01_0.VOB

2010-09-15 06:48 . 2010-09-15 06:48 68528128 ----a-w- c:\mdb_3\VIDEO_TS\VIDEO_TS.VOB

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2012-11-22 384800]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Picture Package Menu.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Picture Package Menu.lnk

backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Picture Package VCD Maker.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Picture Package VCD Maker.lnk

backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]

2006-09-05 20:28 540672 ----a-w- c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-12-23 21:05 143360 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 00:52 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-06 01:55 54832 -c--a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2007-01-19 14:54 5674352 ----a-w- c:\arquivos de programas\MSN Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 18:40 155648 -c--a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 18:10 56928 -c--a-w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]

2007-02-06 09:30 176128 ----a-w- c:\windows\system32\S3Trayp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2005-11-10 16:03 36975 -c--a-w- c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2006-09-21 18:36 53248 -c--a-w- c:\windows\system32\VTTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

2007-05-15 12:31 200704 -c--a-w- c:\windows\system32\VTTrayp.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\JOGOS\\EA GAMES\\MOHAA\\MOHAA.EXE"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/11/2012 13:51 36552]

R2 AntiVirSchedulerService;Avira Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [10/11/2012 13:51 85280]

S3 cwrwdm;SoundFusion™ WDM Driver;c:\windows\system32\DRIVERS\cwrwdm.sys --> c:\windows\system32\DRIVERS\cwrwdm.sys [?]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [3/4/2010 07:36 100736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-10 16:26]

.

2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-10 16:26]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.terra.com.br/

TCP: DhcpNameServer = 10.1.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-01 19:16

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'explorer.exe'(3388)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2012-12-01 18:19:50

ComboFix-quarantined-files.txt 2012-12-01 21:19

ComboFix2.txt 2006-01-01 03:29

.

Pré-execução: 24 pasta(s) 12.210.278.400 bytes disponíveis

Pós execução: 25 pasta(s) 12.195.827.712 bytes disponíveis

.

- - End Of File - - 43ED73A41747E7396F5247668A0FD002

Editado por oceanodrs

''

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada.

Escolha a versão 10 e clique no botão Download

IMPORTANTE: Tem que ser a versão 10, pois as instruções abaixo são incompatíveis com a versão 11.

Salve-o em sua área de trabalho.

Execute o arquivo e vá seguindo os prompts. Quando terminar, marque a caixa ao lado de:


  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem.

Onde diz Ao detectar ameaça: Perguntar o que fazer mude para Perguntar ao concluir verificação, conforme imagens abaixo:

capture_26022011_114530.png

capture_26022011_100037.png

Clique no botão capture_26022011_114924.png

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Aplicar para todos os objetos e depois clique em Ignorar (queremos apenas o log).

capture_26022011_115902.png

Enquanto durar o exame, o botão Iniciar Verificação será substituído por um quadrado vermelho, com a mensagem Interromper Verificação

Quando o exame terminar, o botão Iniciar Verificação aparecerá novamente.

Caso a ferramenta tenha encontrado algo, este botão light_green.png ficará vermelho light_red.png

Quando terminar, clique no botão Relatório, no rodapé da janela.

Clique no sinal + ao lado do último Verificação automática: concluído da lista (o mais recente), para expandir o relatório.

capture_26022011_120057.png

Clique uma vez sobre Tarefa Iniciada para selecionar a linha, segure a tecla shift pressionada e depois clique uma vez sobre Tarefa Concluída

Clique com o direito sobre a seleção, depois clique em Copiar

Esta etapa deverá ficar como na imagem abaixo:

capture_26022011_120329.png

Vá em Iniciar > Executar e digite notepad

Quando o bloco de notas abrir, clique com o direito em qualquer lugar vazio e escolha a opção colar

Salve o log com o nome log.txt, em algum local de fácil acesso.

Copie todo o conteúdo deste log e cole na sua próxima resposta.

Saia do Kaspersky Removal Tool, clicando em Fechar na janela do Relatório, e depois em Sair, na janela do programa.

O programa lhe perguntará se você deseja desinstalá-lo.

Caso você continue com o programa e decida removê-lo no futuro:

Feche todas as janelas abertas, e salve o que achar necessário.

Entre na pasta Virus Removal Tool (estará na mesma pasta onde você salvou o arquivo de instalação), faça duplo clique sobre o arquivo unins000.exe

Clique em OK duas vezes.

Seu computador será reiniciado.


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Entre para seguir isso  

×