Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Monster

[Ajuda] Analise de Logfile Hijackthis

Recommended Posts

DDS (Ver_09-03-16.01) - NTFSx86

Run by Administrador at 12:58:55,11 on 09-04-2009

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.767.377 [GMT 1:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)

FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Process Lasso\processlasso.exe

C:\Programas\Process Lasso\processgovernor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\Programas\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programas\Raxco\PerfectDisk2008\PD91Agent.exe

svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programas\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe

C:\Programas\Opera\opera.exe

C:\Documents and Settings\Administrador\Ambiente de trabalho\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dufpy.com

uInternet Connection Wizard,ShellNext = hxxp://www.sapo.pt/

BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programas\ficheiros comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\programas\norton internet security\engine\16.1.0.33\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\programas\norton internet security\engine\16.1.0.33\IPSBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programas\java\jre6\bin\ssv.dll

BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programas\ficheiros comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\programas\norton internet security\engine\16.1.0.33\coIEPlg.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Adobe Reader Speed Launcher] "c:\programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [ProcessSupervisorGUI] c:\programas\process lasso\processlasso.exe

mRun: [ProcessGovernor] c:\programas\process lasso\processgovernor.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\programas\java\jre6\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\737oxc5c.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt/

FF - plugin: c:\programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\programas\mozilla firefox\plugins\np-mswmp.dll

FF - plugin: c:\programas\mozilla firefox\plugins\np32dsw.dll

FF - plugin: c:\programas\mozilla firefox\plugins\npdeploytk.dll

FF - plugin: c:\programas\mozilla firefox\plugins\npnul32.dll

FF - plugin: c:\programas\mozilla firefox\plugins\NPOFF12.DLL

FF - plugin: c:\programas\mozilla firefox\plugins\nppdf32.dll

FF - plugin: c:\programas\mozilla firefox\plugins\nppl3260.dll

FF - plugin: c:\programas\mozilla firefox\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1001000.021\SymEFA.sys [2009-4-8 309296]

R0 vfsfd;VIA File System Filter Driver;c:\windows\system32\drivers\vfsfd.sys [2008-9-11 12032]

R0 videfd;VIA IDE Filter Driver;c:\windows\system32\drivers\videfd.sys [2008-9-11 4864]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1001000.021\BHDrvx86.sys [2009-4-8 255536]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1001000.021\cchpx86.sys [2009-4-8 362544]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090331.007\IDSxpx86.sys [2009-4-8 276344]

R2 Norton Internet Security;Norton Internet Security;c:\programas\norton internet security\engine\16.1.0.33\ccSvcHst.exe [2009-4-8 115560]

R2 PD91Agent;PD91Agent;c:\programas\raxco\perfectdisk2008\PD91Agent.exe [2008-12-31 693512]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programas\ficheiros comuns\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-8 101936]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090408.003\NAVENG.SYS [2009-4-8 89104]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090408.003\NAVEX15.SYS [2009-4-8 876144]

S2 .norton2009Reset;Norton 2009 Reset;c:\documents and settings\all users\application data\norton\Norton2009Reset.exe [2009-4-8 281625]

S2 vvdsvc;VJVodServices;c:\windows\system32\svchost.exe -k vvdsvc [2004-9-21 14336]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys --> c:\windows\system32\drivers\avfwim.sys [?]

S3 PD91Engine;PD91Engine;c:\programas\raxco\perfectdisk2008\PD91Engine.exe [2008-12-31 910600]

S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [2008-11-11 9728]

=============== Created Last 30 ================

2009-04-08 21:07 35,888 a----r-- c:\windows\system32\drivers\SymIM.sys

2009-04-08 21:07 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS

2009-04-08 21:07 60,808 a------- c:\windows\system32\S32EVNT1.DLL

2009-04-08 21:07 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT

2009-04-08 21:07 806 a------- c:\windows\system32\drivers\SYMEVENT.INF

2009-04-08 21:07 <DIR> --d----- c:\programas\Symantec

2009-04-08 21:07 <DIR> --d----- c:\programas\ficheiros comuns\Symantec Shared

2009-04-08 21:06 <DIR> --d----- c:\windows\system32\drivers\NIS

2009-04-08 21:06 <DIR> --d----- c:\programas\Norton Internet Security

2009-04-08 21:06 <DIR> --d----- c:\programas\NortonInstaller

2009-04-08 18:16 <DIR> --d----- c:\programas\Trend Micro

2009-04-08 18:10 <DIR> --d----- c:\docume~1\admini~1\applic~1\KillProcess

2009-04-08 18:01 <DIR> --d----- c:\programas\KillProcess

2009-04-03 21:05 <DIR> --d----- c:\documents and settings\administrador\Tracing

2009-04-03 21:04 <DIR> --d----- c:\programas\Microsoft

2009-04-03 21:03 <DIR> --d----- c:\programas\Windows Live SkyDrive

2009-04-03 21:00 <DIR> --d----- c:\programas\ficheiros comuns\Windows Live

2009-04-03 20:51 268 a---h--- C:\sqmdata03.sqm

2009-04-03 20:51 244 a---h--- C:\sqmnoopt03.sqm

2009-03-28 12:41 <DIR> --d----- c:\programas\CSTools.net

2009-03-28 11:59 <DIR> --d----- c:\programas\THQ

2009-03-23 19:00 <DIR> --d----- c:\programas\XMPlay

==================== Find3M ====================

2009-03-29 12:46 484,034 a------- c:\windows\system32\perfh016.dat

2009-03-29 12:46 80,186 a------- c:\windows\system32\perfc016.dat

2009-03-28 12:10 20,480 a------- c:\windows\system32\H@tKeysH@@k.DLL

2009-02-09 15:05 1,846,912 a------- c:\windows\system32\win32k.sys

2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll

============= FINISH: 12:59:43,58 ===============

GMER 1.0.15.14966 - http://www.gmer.net

Rootkit scan 2009-04-09 13:04:15

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT sppj.sys ZwEnumerateKey [0xF742CCA2]

SSDT sppj.sys ZwEnumerateValueKey [0xF742D030]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82F6B1F8

AttachedDevice \FileSystem\Ntfs \Ntfs vfsfd.sys (VIA File System Filter Driver/Windows ® 2000 DDK provider)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Seria possivel alguem poder analisar o meu login?

Pois eu nao consigo perceber se existe algo de errado por desconhecimento.

Para nao estar a criar outro topico existe um erro que aparece no meu pc ao tentar terminar um processo que e o seguinte:

15gtohl.png

Eu gostaria de saber qual e a melhor maneira de terminar este processo pois ele gasta a maior parte do CPU

Desde ja agradeço toda a ajuda que me for prestada.

cumps

Editado por Monster

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Monster

Bem vindo à Remoção de Malware

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-la novamente.

Atente para o seguinte, por favor:

1) Estarei acompanhado os procedimentos de análise de seu log, retornarei tão logo que seja possível!;

2) Não tome nenhum procedimento até começarmos;

3) O que será passado aqui somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;

4) Caso tenha outro computador abra um novo tópico com seu respectivo log;

5) Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;

6) Sempre coloque suas respostas neste tópico... Não abra outro!

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • OK.

    Ja tive a oportunidade de ver os meus logs aqui analisados anteriormente e sempre com muita qualidade e dedicação, não preciso de mais nenhum local para o fazer, esta equipa e da minha total confiança.

    cumps

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Monster

    Ja tive a oportunidade de ver os meus logs aqui analisados anteriormente e sempre com muita qualidade e dedicação, não preciso de mais nenhum local para o fazer, esta equipa e da minha total confiança.
    Obrigado :joia:

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Aqui esta o log do combofix, penso que foi tudo efectuado como pedido.

    ComboFix 09-04-13.A2 - Administrador 2009-04-13 12:08.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.767.295 [GMT 1:00]

    Executando de: c:\documents and settings\Administrador\Ambiente de trabalho\ComboFix.exe

    AV: Norton Internet Security *On-access scanning disabled* (Updated)

    FW: Norton Internet Security *enabled*

    * Criado um novo ponto de restauro

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\windows\msvrc20.dll

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-03-13 to 2009-04-13 ))))))))))))))))))))))))))))

    .

    2009-04-09 16:42 . 2009-04-09 16:42 45 ----a-w c:\windows\system32\initdebug.nfo

    2009-04-08 20:07 . 2009-04-08 20:07 35888 ----a-r c:\windows\system32\drivers\SymIM.sys

    2009-04-08 20:07 . 2009-04-08 20:07 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

    2009-04-08 20:07 . 2009-04-08 20:07 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS

    2009-04-08 20:07 . 2009-04-08 20:07 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

    2009-04-08 20:07 . 2009-04-08 20:07 60808 ----a-w c:\windows\system32\S32EVNT1.DLL

    2009-04-08 20:06 . 2009-04-08 20:06 -------- d-----w c:\windows\system32\drivers\NIS

    2009-04-08 17:10 . 2009-04-08 17:10 -------- d-----w c:\documents and settings\Administrador\Application Data\KillProcess

    2009-04-03 20:05 . 2009-04-13 10:41 -------- d-----w c:\documents and settings\Administrador\Tracing

    2009-04-03 19:51 . 2009-04-03 19:51 268 ---ha-w C:\sqmdata03.sqm

    2009-04-03 19:51 . 2009-04-03 19:51 244 ---ha-w C:\sqmnoopt03.sqm

    2009-03-26 13:12 . 2009-03-26 13:12 -------- d-----w c:\documents and settings\Administrador\Definições locais\Application Data\Ares

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-04-12 21:20 . 2009-02-14 13:58 -------- d-----w c:\programas\Championship.Manager.2001.2002-PC-PT-RicaMatrix

    2009-04-12 14:13 . 2008-09-08 23:32 -------- d-----w c:\programas\IObit

    2009-04-09 16:44 . 2009-04-09 16:42 -------- d-----w c:\programas\SpeedFan

    2009-04-08 21:41 . 2009-04-08 20:07 -------- d-----w c:\programas\Ficheiros comuns\Symantec Shared

    2009-04-08 20:09 . 2009-01-03 21:27 -------- d-----w c:\documents and settings\All Users\Application Data\Norton

    2009-04-08 20:07 . 2009-04-08 20:07 -------- d-----w c:\programas\Symantec

    2009-04-08 20:06 . 2009-04-08 20:06 -------- d-----w c:\programas\Norton Internet Security

    2009-04-08 20:06 . 2009-04-08 20:06 -------- d-----w c:\programas\Windows Sidebar

    2009-04-08 20:06 . 2009-04-08 20:06 -------- d-----w c:\programas\NortonInstaller

    2009-04-08 20:00 . 2009-01-03 21:27 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller

    2009-04-08 17:16 . 2009-04-08 17:16 -------- d-----w c:\programas\Trend Micro

    2009-04-08 17:01 . 2009-04-08 17:01 -------- d-----w c:\programas\KillProcess

    2009-04-06 11:52 . 2008-09-08 23:38 -------- d-----w c:\programas\Process Lasso

    2009-04-03 20:04 . 2009-04-03 20:04 -------- d-----w c:\programas\Microsoft

    2009-04-03 20:04 . 2009-04-03 20:03 -------- d-----w c:\programas\Windows Live

    2009-04-03 20:03 . 2009-04-03 20:03 -------- d-----w c:\programas\Windows Live SkyDrive

    2009-04-03 20:00 . 2009-04-03 20:00 -------- d-----w c:\programas\Ficheiros comuns\Windows Live

    2009-04-02 21:35 . 2009-04-02 21:35 -------- d-----w c:\programas\Microsoft Silverlight

    2009-03-29 12:12 . 2008-09-08 23:38 -------- d-----w c:\documents and settings\Administrador\Application Data\ProcessLasso

    2009-03-29 11:46 . 2004-09-21 11:00 80186 ----a-w c:\windows\system32\perfc016.dat

    2009-03-29 11:46 . 2004-09-21 11:00 484034 ----a-w c:\windows\system32\perfh016.dat

    2009-03-28 12:55 . 2008-09-08 22:28 -------- d--h--w c:\programas\InstallShield Installation Information

    2009-03-28 11:41 . 2009-03-28 11:41 -------- d-----w c:\programas\CSTools.net

    2009-03-28 11:10 . 2008-09-12 13:21 20480 ----a-w c:\windows\system32\H@tKeysH@@k.DLL

    2009-03-28 10:59 . 2009-03-28 10:59 -------- d-----w c:\programas\THQ

    2009-03-23 18:16 . 2009-03-23 18:00 -------- d-----w c:\programas\XMPlay

    2009-03-13 10:33 . 2008-09-25 19:56 -------- d-----w c:\programas\Spybot - Search & Destroy

    2009-03-11 18:08 . 2008-09-08 22:32 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

    2009-03-06 21:10 . 2009-02-03 20:33 -------- d-----w c:\programas\Opera

    2009-02-24 19:38 . 2009-02-24 19:38 -------- d-----w c:\programas\sina

    2009-02-19 23:52 . 2008-09-25 19:56 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

    2009-02-09 14:05 . 2007-10-25 22:07 1846912 ----a-w c:\windows\system32\win32k.sys

    2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll

    2009-01-19 20:26 . 2008-09-08 21:58 46872 ----a-w c:\documents and settings\Administrador\Definições locais\Application Data\GDIPFONTCACHEV1.DAT

    2009-01-03 20:15 . 2008-09-08 22:19 2272 ----a-w c:\documents and settings\LocalService\Definições locais\Application Data\FontCache3.0.0.0.dat

    .

    ------- Sigcheck -------

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\explorer.exe

    [-] 2007-06-13 13:10 1035264 4B1174A06F3E4BD5341521D151B84DCE c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

    [-] 2007-06-13 13:22 1035264 E33D51ECE9047331FCF59DBFA4F4B856 c:\windows\$NtServicePackUninstall$\explorer.exe

    [7] 2004-09-21 11:00 1034240 7A28F6B962DCDBFD94280338B4A8E6FB c:\windows\$NtUninstallKB938828$\explorer.exe

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\ServicePackFiles\i386\explorer.exe

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\VIPv3\backup\explorer.exe

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\VIPv3\resources\explorer.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    "MSMSGS"="c:\programas\Messenger\msmsgs.exe" [2008-04-14 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-20 7680000]

    "Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

    "ProcessSupervisorGUI"="c:\programas\Process Lasso\processlasso.exe" [2009-04-05 357392]

    "ProcessGovernor"="c:\programas\Process Lasso\processgovernor.exe" [2009-04-05 150544]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "msacm.l3fhg"= mp3fhg.acm

    "msacm.divxa32"= divxa32.acm

    "VIDC.X264"= x264vfw.dll

    "VIDC.HFYU"= huffyuv.dll

    "vidc.i263"= i263_32.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

    @="FSFilter Activity Monitor"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Programas\\uTorrent\\uTorrent.exe"=

    "c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Programas\\SAGEM\\SAGEM F@st 800-840\\dslmon.exe"=

    "c:\\Programas\\Messenger\\msmsgs.exe"=

    R2 .norton2009Reset;Norton 2009 Reset;c:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe [2009-04-08 281625]

    R2 vvdsvc;VJVodServices;c:\windows\System32\svchost.exe [2008-04-14 14336]

    R3 avfwim;AvFw Packet Filter Miniport; [x]

    R3 PD91Engine;PD91Engine;c:\programas\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]

    R3 viafilter;VIA USB Filter;c:\windows\System32\Drivers\viausb1.sys [2001-09-19 9728]

    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1001000.021\SYMEFA.SYS [2009-04-08 309296]

    S0 vfsfd;VIA File System Filter Driver;c:\windows\system32\drivers\vfsfd.sys [2003-01-09 12032]

    S0 videfd;VIA IDE Filter Driver;c:\windows\system32\drivers\videfd.sys [2003-01-02 4864]

    S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1001000.021\BHDrvx86.sys [2009-04-08 255536]

    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1001000.021\ccHPx86.sys [2009-04-08 362544]

    S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090331.007\IDSxpx86.sys [2009-01-29 276344]

    S2 Norton Internet Security;Norton Internet Security;c:\programas\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe [2009-04-08 115560]

    S2 PD91Agent;PD91Agent;c:\programas\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]

    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programas\Ficheiros comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-08 101936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    vvdsvc REG_MULTI_SZ vvdsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5477fde0-8a0d-11dd-8e6a-4d6564696130}]

    \Shell\AutoRun\command - J:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5477fde1-8a0d-11dd-8e6a-4d6564696130}]

    \Shell\AutoRun\command - fooool.exe

    \Shell\explore\Command - fooool.exe

    \Shell\open\Command - fooool.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7e16031-7f93-11dd-8e4e-806d6172696f}]

    \Shell\AutoRun\command - H:\autorun.exe

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.dufpy.com

    uInternet Connection Wizard,ShellNext = hxxp://www.sapo.pt/

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    TCP: {59729E3E-D2AD-463C-8081-D701582431AD} = 212.55.154.174 212.55.154.190

    DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab

    FF - ProfilePath - c:\documents and settings\Administrador\Application Data\Mozilla\Firefox\Profiles\737oxc5c.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt/

    FF - plugin: c:\programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

    FF - plugin: c:\programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\np-mswmp.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\np32dsw.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\npdeploytk.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\npnul32.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\NPOFF12.DLL

    FF - plugin: c:\programas\Mozilla Firefox\plugins\nppdf32.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\nppl3260.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\nprpjplug.dll

    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-04-13 12:10

    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]

    "ImagePath"="\"c:\programas\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programas\Norton Internet Security\Engine\16.1.0.33\diMaster.dll\" /prefetch:1"

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'winlogon.exe'(600)

    c:\windows\system32\SETUPAPI.dll

    - - - - - - - > 'lsass.exe'(660)

    c:\windows\system32\SETUPAPI.dll

    .

    Tempo para conclusão: 2009-04-13 12:13

    ComboFix-quarantined-files.txt 2009-04-13 11:13

    Pré-execução: 43.329.880.064 bytes livres

    Pós execução: 43,319,967,744 bytes livres

    WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    188 --- E O F --- 2009-03-11 18:08

    Mais uma vez obrigado pela ajuda.

    cumps:)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Monster

    Me desculpe a demora...

    >>>> Por acaso você deixou programado algum chkdsk (scandik)?

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    Atenção: conecte pendrive, mp3 player, etc antes da execução.

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

    File::
    H:\autorun.exe
    J:\LaunchU3.exe
    c:\windows\system32\H@tKeysH@@k.DLL

    Firefox::
    FF - ProfilePath - c:\documents and settings\Administrador\Application Data\Mozilla\Firefox\Profiles\737oxc5c.default\
    FF - prefs.js: browser.startup.homepage -

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5477fde0-8a0d-11dd-8e6a-4d6564696130}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5477fde1-8a0d-11dd-8e6a-4d6564696130}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7e16031-7f93-11dd-8e4e-806d6172696f}]

    Salve este arquivo como: CFScript.txt

    2872959479_997d4500c4_o.gif

    Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Eu tive o cuidado antes de utilizar o combofix de desligar todas as protecçoes como foi indicado.

    Aqui fica o novo log do combofix apos a realização dos procedientos atras explicados.

    ComboFix 09-04-13.A2 - Administrador 2009-04-17 19:35.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.767.429 [GMT 1:00]

    Executando de: c:\documents and settings\Administrador\Ambiente de trabalho\ComboFix.exe

    Comandos utilizados :: H:\CFScript.txt

    AV: Norton Internet Security *On-access scanning disabled* (Updated)

    FW: Norton Internet Security *enabled*

    * Criado um novo ponto de restauro

    FILE ::

    c:\windows\system32\H@tKeysH@@k.DLL

    H:\autorun.exe

    J:\LaunchU3.exe

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\windows\system32\H@tKeysH@@k.DLL

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-03-17 to 2009-04-17 ))))))))))))))))))))))))))))

    .

    2009-04-15 21:40 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

    2009-04-15 21:40 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll

    2009-04-15 21:40 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe

    2009-04-15 21:40 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

    2009-04-15 21:40 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

    2009-04-15 21:40 . 2009-02-09 10:53 732672 -c----w c:\windows\system32\dllcache\lsasrv.dll

    2009-04-15 21:40 . 2009-02-09 10:53 684032 -c----w c:\windows\system32\dllcache\advapi32.dll

    2009-04-15 21:40 . 2009-02-09 10:53 737792 -c----w c:\windows\system32\dllcache\ntdll.dll

    2009-04-15 21:40 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

    2009-04-15 21:37 . 2009-03-27 06:53 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb

    2009-04-15 21:37 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe

    2009-04-15 12:11 . 2009-04-15 12:11 35888 ----a-r c:\windows\system32\drivers\SymIM.sys

    2009-04-15 12:11 . 2009-04-15 12:11 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

    2009-04-15 12:11 . 2009-04-15 12:11 60808 ----a-w c:\windows\system32\S32EVNT1.DLL

    2009-04-15 12:11 . 2009-04-15 12:11 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS

    2009-04-15 12:11 . 2009-04-15 12:11 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

    2009-04-15 12:10 . 2009-04-15 12:10 -------- d-----w c:\windows\system32\drivers\NIS

    2009-04-09 16:42 . 2009-04-09 16:42 45 ----a-w c:\windows\system32\initdebug.nfo

    2009-04-08 17:10 . 2009-04-08 17:10 -------- d-----w c:\documents and settings\Administrador\Application Data\KillProcess

    2009-04-03 20:05 . 2009-04-17 18:29 -------- d-----w c:\documents and settings\Administrador\Tracing

    2009-04-03 19:51 . 2009-04-03 19:51 268 ---ha-w C:\sqmdata03.sqm

    2009-04-03 19:51 . 2009-04-03 19:51 244 ---ha-w C:\sqmnoopt03.sqm

    2009-03-26 13:12 . 2009-03-26 13:12 -------- d-----w c:\documents and settings\Administrador\Definições locais\Application Data\Ares

    2009-03-21 14:07 . 2009-03-21 14:07 1039360 -c----w c:\windows\system32\dllcache\kernel32.dll

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-04-16 15:39 . 2009-02-14 13:58 -------- d-----w c:\programas\Championship.Manager.2001.2002-PC-PT-RicaMatrix

    2009-04-15 22:23 . 2008-09-08 22:32 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

    2009-04-15 13:06 . 2009-04-15 12:11 -------- d-----w c:\programas\Ficheiros comuns\Symantec Shared

    2009-04-15 12:11 . 2009-04-15 12:11 -------- d-----w c:\programas\Symantec

    2009-04-15 12:11 . 2009-04-15 12:10 -------- d-----w c:\programas\Norton Internet Security

    2009-04-15 12:10 . 2009-04-15 12:10 -------- d-----w c:\programas\Windows Sidebar

    2009-04-15 12:10 . 2009-01-03 21:27 -------- d-----w c:\documents and settings\All Users\Application Data\Norton

    2009-04-15 12:10 . 2009-04-15 12:10 -------- d-----w c:\programas\NortonInstaller

    2009-04-12 14:13 . 2008-09-08 23:32 -------- d-----w c:\programas\IObit

    2009-04-09 16:44 . 2009-04-09 16:42 -------- d-----w c:\programas\SpeedFan

    2009-04-08 20:00 . 2009-01-03 21:27 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller

    2009-04-08 17:16 . 2009-04-08 17:16 -------- d-----w c:\programas\Trend Micro

    2009-04-03 20:04 . 2009-04-03 20:04 -------- d-----w c:\programas\Microsoft

    2009-04-03 20:04 . 2009-04-03 20:03 -------- d-----w c:\programas\Windows Live

    2009-04-03 20:03 . 2009-04-03 20:03 -------- d-----w c:\programas\Windows Live SkyDrive

    2009-04-03 20:00 . 2009-04-03 20:00 -------- d-----w c:\programas\Ficheiros comuns\Windows Live

    2009-04-02 21:35 . 2009-04-02 21:35 -------- d-----w c:\programas\Microsoft Silverlight

    2009-03-29 11:46 . 2004-09-21 11:00 80186 ----a-w c:\windows\system32\perfc016.dat

    2009-03-29 11:46 . 2004-09-21 11:00 484034 ----a-w c:\windows\system32\perfh016.dat

    2009-03-28 12:55 . 2008-09-08 22:28 -------- d--h--w c:\programas\InstallShield Installation Information

    2009-03-28 11:41 . 2009-03-28 11:41 -------- d-----w c:\programas\CSTools.net

    2009-03-28 10:59 . 2009-03-28 10:59 -------- d-----w c:\programas\THQ

    2009-03-23 18:16 . 2009-03-23 18:00 -------- d-----w c:\programas\XMPlay

    2009-03-13 10:33 . 2008-09-25 19:56 -------- d-----w c:\programas\Spybot - Search & Destroy

    2009-03-06 21:10 . 2009-02-03 20:33 -------- d-----w c:\programas\Opera

    2009-03-06 14:20 . 2004-09-21 11:00 286720 ----a-w c:\windows\system32\pdh.dll

    2009-02-24 19:38 . 2009-02-24 19:38 -------- d-----w c:\programas\sina

    2009-02-20 08:10 . 2004-09-21 11:00 669184 ----a-w c:\windows\system32\wininet.dll

    2009-02-20 08:10 . 2004-09-21 11:00 81920 ----a-w c:\windows\system32\ieencode.dll

    2009-02-19 23:52 . 2008-09-25 19:56 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

    2009-02-10 18:05 . 2007-02-28 08:07 2069888 ----a-w c:\windows\system32\ntkrnlpa.exe

    2009-02-09 14:05 . 2007-10-25 22:07 1846912 ----a-w c:\windows\system32\win32k.sys

    2009-02-09 11:23 . 2007-10-25 22:16 2192896 ----a-w c:\windows\system32\ntoskrnl.exe

    2009-02-09 11:23 . 2004-09-21 11:00 111104 ----a-w c:\windows\system32\services.exe

    2009-02-09 10:53 . 2007-10-25 22:06 732672 ----a-w c:\windows\system32\lsasrv.dll

    2009-02-09 10:53 . 2007-10-25 21:12 401408 ----a-w c:\windows\system32\rpcss.dll

    2009-02-09 10:53 . 2004-09-21 11:00 737792 ----a-w c:\windows\system32\ntdll.dll

    2009-02-09 10:53 . 2004-09-21 11:00 684032 ----a-w c:\windows\system32\advapi32.dll

    2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll

    2009-02-06 10:39 . 2004-09-21 11:00 35328 ----a-w c:\windows\system32\sc.exe

    2009-02-03 19:57 . 2004-09-21 11:00 56832 ----a-w c:\windows\system32\secur32.dll

    2009-01-19 20:26 . 2008-09-08 21:58 46872 ----a-w c:\documents and settings\Administrador\Definições locais\Application Data\GDIPFONTCACHEV1.DAT

    2009-01-03 20:15 . 2008-09-08 22:19 2272 ----a-w c:\documents and settings\LocalService\Definições locais\Application Data\FontCache3.0.0.0.dat

    2008-09-17 13:17 . 2008-09-30 06:12 291267 ---ha-r c:\programas\Norton2009Reset.exe

    .

    ------- Sigcheck -------

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\explorer.exe

    [-] 2007-06-13 13:10 1035264 4B1174A06F3E4BD5341521D151B84DCE c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

    [-] 2007-06-13 13:22 1035264 E33D51ECE9047331FCF59DBFA4F4B856 c:\windows\$NtServicePackUninstall$\explorer.exe

    [7] 2004-09-21 11:00 1034240 7A28F6B962DCDBFD94280338B4A8E6FB c:\windows\$NtUninstallKB938828$\explorer.exe

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\ServicePackFiles\i386\explorer.exe

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\VIPv3\backup\explorer.exe

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\VIPv3\resources\explorer.exe

    .

    ((((((((((((((((((((((((((((( SnapShot@2009-04-13_12.11.37,93 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2009-04-17 18:14 . 2009-04-17 18:14 16384 c:\windows\Temp\Perflib_Perfdata_5a0.dat

    + 2009-04-17 18:14 . 2009-04-17 18:14 16384 c:\windows\Temp\Perflib_Perfdata_588.dat

    + 2008-09-08 22:05 . 2008-07-09 07:57 26488 c:\windows\system32\spupdsvc.exe

    - 2008-09-08 22:05 . 2007-07-27 09:41 26488 c:\windows\system32\spupdsvc.exe

    + 2008-09-08 22:22 . 2007-11-30 12:40 18296 c:\windows\system32\spmsg.dll

    - 2008-09-08 22:22 . 2007-11-30 11:21 18296 c:\windows\system32\spmsg.dll

    + 2004-09-21 11:00 . 2009-02-03 19:57 56832 c:\windows\system32\secur32.dll

    + 2004-09-21 11:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe

    - 2009-04-08 20:07 . 2009-04-08 20:07 60808 c:\windows\system32\S32EVNT1.DLL

    + 2009-04-15 12:11 . 2009-04-15 12:11 60808 c:\windows\system32\S32EVNT1.DLL

    - 2008-09-08 21:45 . 2008-04-14 16:09 91648 c:\windows\system32\mtxoci.dll

    + 2008-09-08 21:45 . 2008-06-12 14:22 91648 c:\windows\system32\mtxoci.dll

    - 2007-10-25 21:14 . 2008-04-14 16:09 66560 c:\windows\system32\mtxclu.dll

    + 2007-10-25 21:14 . 2008-06-12 14:22 66560 c:\windows\system32\mtxclu.dll

    - 2008-09-08 21:45 . 2008-04-14 16:09 58880 c:\windows\system32\msdtclog.dll

    + 2008-09-08 21:45 . 2008-06-12 14:22 58880 c:\windows\system32\msdtclog.dll

    - 2004-09-21 11:00 . 2008-04-14 16:09 81920 c:\windows\system32\ieencode.dll

    + 2004-09-21 11:00 . 2009-02-20 08:10 81920 c:\windows\system32\ieencode.dll

    + 2009-04-15 12:11 . 2009-04-15 12:11 35888 c:\windows\system32\drivers\SymIM.sys

    - 2009-04-08 20:07 . 2009-04-08 20:07 35888 c:\windows\system32\drivers\SymIM.sys

    - 2009-04-08 20:07 . 2009-04-08 20:07 24752 c:\windows\system32\drivers\NIS\1001000.021\symredrv.sys

    + 2009-04-15 12:11 . 2009-04-15 12:11 24752 c:\windows\system32\drivers\NIS\1001000.021\symredrv.sys

    + 2009-04-15 12:11 . 2009-04-15 12:11 40496 c:\windows\system32\drivers\NIS\1001000.021\symndisv.sys

    - 2009-04-08 20:07 . 2009-04-08 20:07 40496 c:\windows\system32\drivers\NIS\1001000.021\symndisv.sys

    + 2009-04-15 12:11 . 2009-04-15 12:11 37424 c:\windows\system32\drivers\NIS\1001000.021\symndis.sys

    - 2009-04-08 20:07 . 2009-04-08 20:07 37424 c:\windows\system32\drivers\NIS\1001000.021\symndis.sys

    - 2009-04-08 20:07 . 2009-04-08 20:07 34608 c:\windows\system32\drivers\NIS\1001000.021\symids.sys

    + 2009-04-15 12:11 . 2009-04-15 12:11 34608 c:\windows\system32\drivers\NIS\1001000.021\symids.sys

    - 2009-04-08 20:07 . 2009-04-08 20:07 89904 c:\windows\system32\drivers\NIS\1001000.021\symfw.sys

    + 2009-04-15 12:11 . 2009-04-15 12:11 89904 c:\windows\system32\drivers\NIS\1001000.021\symfw.sys

    - 2009-04-08 20:07 . 2009-04-08 20:07 12976 c:\windows\system32\drivers\NIS\1001000.021\symdns.sys

    + 2009-04-15 12:11 . 2009-04-15 12:11 12976 c:\windows\system32\drivers\NIS\1001000.021\symdns.sys

    - 2009-04-08 20:07 . 2009-04-08 20:07 43696 c:\windows\system32\drivers\NIS\1001000.021\srtspx.sys

    + 2009-04-15 12:11 . 2009-04-15 12:11 43696 c:\windows\system32\drivers\NIS\1001000.021\srtspx.sys

    + 2009-02-03 19:57 . 2009-02-03 19:57 56832 c:\windows\system32\dllcache\secur32.dll

    + 2004-09-21 11:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe

    + 2008-06-12 14:22 . 2008-06-12 14:22 91648 c:\windows\system32\dllcache\mtxoci.dll

    + 2008-06-12 14:22 . 2008-06-12 14:22 66560 c:\windows\system32\dllcache\mtxclu.dll

    + 2008-06-12 14:22 . 2008-06-12 14:22 58880 c:\windows\system32\dllcache\msdtclog.dll

    + 2009-02-20 08:10 . 2009-02-20 08:10 81920 c:\windows\system32\dllcache\ieencode.dll

    - 2008-09-08 22:38 . 2009-03-11 18:08 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

    + 2008-09-08 22:38 . 2009-04-15 22:23 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

    + 2008-09-08 22:38 . 2009-04-15 22:23 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

    - 2008-09-08 22:38 . 2009-03-11 18:08 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

    + 2008-09-08 22:38 . 2009-04-15 22:23 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

    - 2008-09-08 22:38 . 2009-03-11 18:08 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

    + 2008-05-05 06:25 . 2008-05-05 06:25 3072 c:\windows\system32\xpsp4res.dll

    + 2004-09-21 11:00 . 2009-02-20 08:10 669184 c:\windows\system32\wininet.dll

    - 2004-09-21 11:00 . 2008-10-16 01:01 669184 c:\windows\system32\wininet.dll

    - 2004-09-21 11:00 . 2008-04-14 16:09 354304 c:\windows\system32\winhttp.dll

    + 2004-09-21 11:00 . 2008-12-16 12:31 354304 c:\windows\system32\winhttp.dll

    + 2008-09-08 21:45 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe

    + 2008-09-08 21:45 . 2009-02-09 10:53 453120 c:\windows\system32\wbem\wmiprvsd.dll

    + 2008-09-08 21:45 . 2009-02-09 10:53 473600 c:\windows\system32\wbem\fastprox.dll

    + 2004-09-21 11:00 . 2009-02-20 08:10 620032 c:\windows\system32\urlmon.dll

    - 2004-09-21 11:00 . 2008-10-16 01:01 620032 c:\windows\system32\urlmon.dll

    + 2004-09-21 11:00 . 2009-02-09 11:23 111104 c:\windows\system32\services.exe

    + 2007-10-25 21:12 . 2009-02-09 10:53 401408 c:\windows\system32\rpcss.dll

    + 2004-09-21 11:00 . 2009-03-06 14:20 286720 c:\windows\system32\pdh.dll

    + 2004-09-21 11:00 . 2009-02-09 10:53 737792 c:\windows\system32\ntdll.dll

    + 2008-09-08 21:45 . 2008-06-12 14:22 161792 c:\windows\system32\msdtcuiu.dll

    - 2008-09-08 21:45 . 2008-04-14 16:09 161792 c:\windows\system32\msdtcuiu.dll

    + 2008-09-08 21:45 . 2008-06-12 14:22 956928 c:\windows\system32\msdtctm.dll

    - 2008-09-08 21:45 . 2008-04-14 16:09 956928 c:\windows\system32\msdtctm.dll

    + 2008-09-08 21:45 . 2008-06-12 14:22 428032 c:\windows\system32\msdtcprx.dll

    + 2007-10-25 22:06 . 2009-02-09 10:53 732672 c:\windows\system32\lsasrv.dll

    + 2009-04-15 12:11 . 2009-04-15 12:11 124464 c:\windows\system32\drivers\SYMEVENT.SYS

    - 2009-04-08 20:07 . 2009-04-08 20:07 124464 c:\windows\system32\drivers\SYMEVENT.SYS

    - 2009-04-08 20:07 . 2009-04-08 20:07 198192 c:\windows\system32\drivers\NIS\1001000.021\symtdi.sys

    + 2009-04-15 12:11 . 2009-04-15 12:11 198192 c:\windows\system32\drivers\NIS\1001000.021\symtdi.sys

    - 2009-04-08 20:07 . 2009-04-08 20:07 309296 c:\windows\system32\drivers\NIS\1001000.021\SymEFA.sys

    + 2009-04-15 12:11 . 2009-04-15 12:11 309296 c:\windows\system32\drivers\NIS\1001000.021\SymEFA.sys

    - 2009-04-08 20:07 . 2009-04-08 20:07 306736 c:\windows\system32\drivers\NIS\1001000.021\srtsp.sys

    + 2009-04-15 12:11 . 2009-04-15 12:11 306736 c:\windows\system32\drivers\NIS\1001000.021\srtsp.sys

    - 2009-04-08 20:07 . 2009-04-08 20:07 362544 c:\windows\system32\drivers\NIS\1001000.021\cchpx86.sys

    + 2009-04-15 12:11 . 2009-04-15 12:11 362544 c:\windows\system32\drivers\NIS\1001000.021\cchpx86.sys

    - 2009-04-08 20:07 . 2009-04-08 20:07 255536 c:\windows\system32\drivers\NIS\1001000.021\BHDrvx86.sys

    + 2009-04-15 12:11 . 2009-04-15 12:11 255536 c:\windows\system32\drivers\NIS\1001000.021\BHDrvx86.sys

    + 2009-04-15 21:37 . 2008-04-21 21:15 219136 c:\windows\system32\dllcache\wordpad.exe

    + 2009-04-15 21:40 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe

    + 2009-04-15 21:40 . 2009-02-09 10:53 453120 c:\windows\system32\dllcache\wmiprvsd.dll

    - 2008-06-23 15:10 . 2008-10-16 01:01 669184 c:\windows\system32\dllcache\wininet.dll

    + 2008-06-23 15:10 . 2009-02-20 08:10 669184 c:\windows\system32\dllcache\wininet.dll

    + 2008-12-16 12:31 . 2008-12-16 12:31 354304 c:\windows\system32\dllcache\winhttp.dll

    + 2008-06-26 08:13 . 2009-02-20 08:10 620032 c:\windows\system32\dllcache\urlmon.dll

    - 2008-06-26 08:13 . 2008-10-16 01:01 620032 c:\windows\system32\dllcache\urlmon.dll

    + 2009-04-15 21:40 . 2009-02-09 11:23 111104 c:\windows\system32\dllcache\services.exe

    + 2009-04-15 21:40 . 2009-02-09 10:53 401408 c:\windows\system32\dllcache\rpcss.dll

    + 2009-04-15 21:40 . 2009-03-06 14:20 286720 c:\windows\system32\dllcache\pdh.dll

    + 2009-04-15 21:40 . 2009-02-09 10:53 737792 c:\windows\system32\dllcache\ntdll.dll

    + 2008-06-12 14:22 . 2008-06-12 14:22 161792 c:\windows\system32\dllcache\msdtcuiu.dll

    + 2008-06-12 14:22 . 2008-06-12 14:22 956928 c:\windows\system32\dllcache\msdtctm.dll

    + 2008-06-12 14:22 . 2008-06-12 14:22 428032 c:\windows\system32\dllcache\msdtcprx.dll

    + 2009-04-15 21:40 . 2009-02-09 10:53 732672 c:\windows\system32\dllcache\lsasrv.dll

    + 2009-04-15 21:40 . 2009-02-09 10:53 473600 c:\windows\system32\dllcache\fastprox.dll

    + 2009-04-15 21:40 . 2009-02-09 10:53 684032 c:\windows\system32\dllcache\advapi32.dll

    + 2004-09-21 11:00 . 2009-02-09 10:53 684032 c:\windows\system32\advapi32.dll

    - 2004-09-21 11:00 . 2008-04-14 16:09 684032 c:\windows\system32\advapi32.dll

    - 2008-09-08 22:38 . 2009-03-11 18:08 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

    + 2008-09-08 22:38 . 2009-04-15 22:23 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

    - 2008-09-08 22:38 . 2009-03-11 18:08 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

    + 2008-09-08 22:38 . 2009-04-15 22:23 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

    - 2008-09-08 22:38 . 2009-03-11 18:08 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

    + 2008-09-08 22:38 . 2009-04-15 22:23 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

    + 2008-09-08 22:38 . 2009-04-15 22:23 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

    - 2008-09-08 22:38 . 2009-03-11 18:08 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

    + 2008-09-08 22:38 . 2009-04-15 22:23 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

    - 2008-09-08 22:38 . 2009-03-11 18:08 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

    + 2008-09-08 22:38 . 2009-04-15 22:23 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

    - 2008-09-08 22:38 . 2009-03-11 18:08 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

    - 2008-09-08 22:38 . 2009-03-11 18:08 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

    + 2008-09-08 22:38 . 2009-04-15 22:23 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

    + 2004-09-21 11:00 . 2009-03-02 23:10 1499136 c:\windows\system32\shdocvw.dll

    - 2004-09-21 11:00 . 2008-10-16 01:01 1499136 c:\windows\system32\shdocvw.dll

    - 2007-10-25 21:12 . 2008-05-07 05:11 1294848 c:\windows\system32\quartz.dll

    + 2007-10-25 21:12 . 2008-12-20 22:14 1294848 c:\windows\system32\quartz.dll

    + 2007-10-25 22:16 . 2009-02-09 11:23 2192896 c:\windows\system32\ntoskrnl.exe

    + 2007-02-28 08:07 . 2009-02-10 18:05 2069888 c:\windows\system32\ntkrnlpa.exe

    - 2007-02-28 08:07 . 2008-08-14 13:23 2069888 c:\windows\system32\ntkrnlpa.exe

    + 2004-09-21 11:00 . 2009-02-20 08:10 3089408 c:\windows\system32\mshtml.dll

    + 2007-10-25 22:16 . 2009-03-21 14:07 1039360 c:\windows\system32\kernel32.dll

    - 2007-10-25 22:16 . 2008-04-14 16:09 1039360 c:\windows\system32\kernel32.dll

    + 2008-06-26 08:13 . 2009-03-02 23:10 1499136 c:\windows\system32\dllcache\shdocvw.dll

    - 2008-06-26 08:13 . 2008-10-16 01:01 1499136 c:\windows\system32\dllcache\shdocvw.dll

    - 2008-09-12 12:45 . 2008-05-07 05:11 1294848 c:\windows\system32\dllcache\quartz.dll

    + 2008-09-12 12:45 . 2008-12-20 22:14 1294848 c:\windows\system32\dllcache\quartz.dll

    + 2008-10-16 07:01 . 2009-02-09 11:23 2192896 c:\windows\system32\dllcache\ntoskrnl.exe

    - 2008-10-16 07:01 . 2008-08-14 13:23 2028032 c:\windows\system32\dllcache\ntkrpamp.exe

    + 2008-10-16 07:01 . 2009-02-09 11:23 2028032 c:\windows\system32\dllcache\ntkrpamp.exe

    - 2008-10-16 07:01 . 2008-08-14 13:23 2069888 c:\windows\system32\dllcache\ntkrnlpa.exe

    + 2008-10-16 07:01 . 2009-02-10 18:05 2069888 c:\windows\system32\dllcache\ntkrnlpa.exe

    - 2008-10-16 07:01 . 2008-08-14 13:23 2149376 c:\windows\system32\dllcache\ntkrnlmp.exe

    + 2008-10-16 07:01 . 2009-02-09 11:23 2149376 c:\windows\system32\dllcache\ntkrnlmp.exe

    + 2008-06-23 15:10 . 2009-02-20 08:10 3089408 c:\windows\system32\dllcache\mshtml.dll

    + 2009-03-21 14:07 . 2009-03-21 14:07 1039360 c:\windows\system32\dllcache\kernel32.dll

    + 2008-09-08 22:38 . 2009-04-15 22:23 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

    - 2008-09-08 22:38 . 2009-03-11 18:08 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

    - 2008-09-08 22:38 . 2009-03-11 18:08 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

    + 2008-09-08 22:38 . 2009-04-15 22:23 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

    + 2008-10-16 07:01 . 2009-02-09 11:23 2192896 c:\windows\Driver Cache\i386\ntoskrnl.exe

    + 2008-10-16 07:01 . 2009-02-09 11:23 2028032 c:\windows\Driver Cache\i386\ntkrpamp.exe

    - 2008-10-16 07:01 . 2008-08-14 13:23 2028032 c:\windows\Driver Cache\i386\ntkrpamp.exe

    + 2008-10-16 07:01 . 2009-02-10 18:05 2069888 c:\windows\Driver Cache\i386\ntkrnlpa.exe

    - 2008-10-16 07:01 . 2008-08-14 13:23 2069888 c:\windows\Driver Cache\i386\ntkrnlpa.exe

    - 2008-10-16 07:01 . 2008-08-14 13:23 2149376 c:\windows\Driver Cache\i386\ntkrnlmp.exe

    + 2008-10-16 07:01 . 2009-02-09 11:23 2149376 c:\windows\Driver Cache\i386\ntkrnlmp.exe

    .

    -- Snapshot resetado para data atual --

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    "MSMSGS"="c:\programas\Messenger\msmsgs.exe" [2008-04-14 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-20 7680000]

    "Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "msacm.l3fhg"= mp3fhg.acm

    "msacm.divxa32"= divxa32.acm

    "VIDC.X264"= x264vfw.dll

    "VIDC.HFYU"= huffyuv.dll

    "vidc.i263"= i263_32.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

    @="FSFilter Activity Monitor"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Programas\\uTorrent\\uTorrent.exe"=

    "c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Programas\\SAGEM\\SAGEM F@st 800-840\\dslmon.exe"=

    "c:\\Programas\\Messenger\\msmsgs.exe"=

    R2 .norton2009Reset;Norton2009 Reset;c:\programas\Norton2009Reset.exe [2008-09-17 291267]

    R2 PD91Agent;PD91Agent;c:\programas\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]

    R2 vvdsvc;VJVodServices;c:\windows\System32\svchost.exe [2008-04-14 14336]

    R3 avfwim;AvFw Packet Filter Miniport; [x]

    R3 PD91Engine;PD91Engine;c:\programas\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]

    R3 viafilter;VIA USB Filter;c:\windows\System32\Drivers\viausb1.sys [2001-09-19 9728]

    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1001000.021\SYMEFA.SYS [2009-04-15 309296]

    S0 vfsfd;VIA File System Filter Driver;c:\windows\system32\drivers\vfsfd.sys [2003-01-09 12032]

    S0 videfd;VIA IDE Filter Driver;c:\windows\system32\drivers\videfd.sys [2003-01-02 4864]

    S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1001000.021\BHDrvx86.sys [2009-04-15 255536]

    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1001000.021\ccHPx86.sys [2009-04-15 362544]

    S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-04-15 274808]

    S2 Norton Internet Security;Norton Internet Security;c:\programas\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe [2009-04-15 115560]

    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programas\Ficheiros comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-14 101936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    vvdsvc REG_MULTI_SZ vvdsvc

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.dufpy.com

    uInternet Connection Wizard,ShellNext = hxxp://www.sapo.pt/

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    TCP: {59729E3E-D2AD-463C-8081-D701582431AD} = 212.55.154.174 212.55.154.190

    DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab

    FF - ProfilePath - c:\documents and settings\Administrador\Application Data\Mozilla\Firefox\Profiles\737oxc5c.default\

    FF - plugin: c:\programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

    FF - plugin: c:\programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\np-mswmp.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\np32dsw.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\npdeploytk.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\npnul32.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\NPOFF12.DLL

    FF - plugin: c:\programas\Mozilla Firefox\plugins\nppdf32.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\nppl3260.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\nprpjplug.dll

    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-04-17 19:37

    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]

    "ImagePath"="\"c:\programas\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programas\Norton Internet Security\Engine\16.1.0.33\diMaster.dll\" /prefetch:1"

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'winlogon.exe'(600)

    c:\windows\system32\SETUPAPI.dll

    - - - - - - - > 'lsass.exe'(656)

    c:\windows\system32\setupapi.dll

    .

    Tempo para conclusão: 2009-04-17 19:40

    ComboFix-quarantined-files.txt 2009-04-17 18:39

    ComboFix2.txt 2009-04-13 11:13

    Pré-execução: 42.683.183.104 bytes livres

    Pós execução: 42,813,726,720 bytes livres

    348 --- E O F --- 2009-04-15 22:24

    Obrigado pela continuação de ajuda.

    cumps

    Editado por RenatoMejias
    Remoção do CODE

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Monster

    Vá até 4y6d3b8.gif"Jotti's malware scan"

    • Na caixa que fica em cima (File to upload & scan);
    • Copie e cole o seguinte:
      c:\programas\Norton2009Reset.exe
    • Clique no botão 688godt.jpg
    • O arquivo irá ser examinado por diferentes programas antivirus, por favor aguarde.
    • Copie e cole esse resultado, juntamente com novo log do HijackThis.

    Se o site acima estiver muito congestionado, tente num desses sites:

    Alternativa 1

    Alternativa 2

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • File: Norton2009Reset.exe

    Status: OK

    MD5: 93ba49e513bc9efa49184f697aa16f5a

    Packers detected: PE_PATCH.UPX, UPX

    Scan taken on 18 Apr 2009 11:42:11 (GMT)

    A-Squared: Found nothing

    AntiVir: Found nothing

    ArcaVir: Found nothing

    Avast: Found nothing

    AVG Antivirus: Found nothing

    BitDefender: Found nothing

    ClamAV: Found nothing

    CPsecure: Found nothing

    Dr.Web: Found nothing

    F-Prot Antivirus: Found nothing

    F-Secure Anti-Virus: Found nothing

    Ikarus: Found nothing

    Kaspersky Anti-Virus: Found nothing

    NOD32: Found nothing

    Norman Virus Control: Found nothing

    Panda Antivirus: Found nothing

    Quick Heal: Found nothing

    Sophos Antivirus: Found nothing

    VirusBuster: Found nothing

    VBA32: Found nothing

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 12:48:41, on 18-04-2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Programas\Java\jre6\bin\jqs.exe

    C:\Programas\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Programas\Raxco\PerfectDisk2008\PD91Agent.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\Programas\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe

    C:\WINDOWS\system32\wbem\wmiapsrv.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Programas\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dufpy.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sapo.pt/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programas\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programas\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll

    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programas\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

    O4 - Startup: StartupFaster

    O4 - Global Startup: StartupFaster

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre6\bin\jp2iexp.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre6\bin\jp2iexp.dll

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220917720495

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220917708047

    O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab

    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programas\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (file missing)

    O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Programas\Norton2009Reset.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Programas\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programas\Raxco\PerfectDisk2008\PD91Agent.exe

    O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programas\Raxco\PerfectDisk2008\PD91Engine.exe

    --

    End of file - 6658 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Monster

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

    File::
    c:\programas\Norton2009Reset.exe

    Driver::
    .norton2009Reset

    Salve este arquivo como: CFScript.txt

    2872959479_997d4500c4_o.gif

    Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 09-04-13.A2 - Administrador 2009-04-19 20:56.3 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.767.448 [GMT 1:00]

    Executando de: c:\documents and settings\Administrador\Ambiente de trabalho\ComboFix.exe

    Comandos utilizados :: c:\documents and settings\Administrador\Ambiente de trabalho\CFScript.txt

    AV: Norton Internet Security *On-access scanning disabled* (Updated)

    FW: Norton Internet Security *disabled*

    * Criado um novo ponto de restauro

    FILE ::

    c:\programas\Norton2009Reset.exe

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\programas\Norton2009Reset.exe

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Service_.norton2009Reset

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-03-19 to 2009-04-19 ))))))))))))))))))))))))))))

    .

    2009-04-18 16:22 . 2009-04-18 16:22 -------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks

    2009-04-18 16:22 . 2009-04-18 16:22 -------- d-----w c:\documents and settings\Administrador\Definições locais\Application Data\TVU Networks

    2009-04-18 16:22 . 2009-04-18 16:22 -------- d-----w c:\documents and settings\Administrador\Definições locais\Application Data\LocalLow

    2009-04-18 11:56 . 2009-04-18 11:56 103 ----a-w c:\windows\pro.INI

    2009-04-15 21:40 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

    2009-04-15 21:40 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll

    2009-04-15 21:40 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe

    2009-04-15 21:40 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

    2009-04-15 21:40 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

    2009-04-15 21:40 . 2009-02-09 10:53 732672 -c----w c:\windows\system32\dllcache\lsasrv.dll

    2009-04-15 21:40 . 2009-02-09 10:53 684032 -c----w c:\windows\system32\dllcache\advapi32.dll

    2009-04-15 21:40 . 2009-02-09 10:53 737792 -c----w c:\windows\system32\dllcache\ntdll.dll

    2009-04-15 21:40 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

    2009-04-15 21:37 . 2009-03-27 06:53 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb

    2009-04-15 21:37 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe

    2009-04-15 12:11 . 2009-04-15 12:11 35888 ----a-r c:\windows\system32\drivers\SymIM.sys

    2009-04-15 12:11 . 2009-04-15 12:11 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

    2009-04-15 12:11 . 2009-04-15 12:11 60808 ----a-w c:\windows\system32\S32EVNT1.DLL

    2009-04-15 12:11 . 2009-04-15 12:11 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS

    2009-04-15 12:11 . 2009-04-15 12:11 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

    2009-04-15 12:10 . 2009-04-15 12:10 -------- d-----w c:\windows\system32\drivers\NIS

    2009-04-09 16:42 . 2009-04-09 16:42 45 ----a-w c:\windows\system32\initdebug.nfo

    2009-04-08 17:10 . 2009-04-08 17:10 -------- d-----w c:\documents and settings\Administrador\Application Data\KillProcess

    2009-04-03 20:05 . 2009-04-18 20:58 -------- d-----w c:\documents and settings\Administrador\Tracing

    2009-04-03 19:51 . 2009-04-03 19:51 268 ---ha-w C:\sqmdata03.sqm

    2009-04-03 19:51 . 2009-04-03 19:51 244 ---ha-w C:\sqmnoopt03.sqm

    2009-03-26 13:12 . 2009-03-26 13:12 -------- d-----w c:\documents and settings\Administrador\Definições locais\Application Data\Ares

    2009-03-26 10:07 . 2009-03-26 10:07 59904 ----a-w c:\windows\system32\zlib1.dll

    2009-03-26 10:03 . 2009-03-26 10:03 286720 ----a-w c:\windows\system32\libcurl.dll

    2009-03-26 10:03 . 2009-03-26 10:03 196608 ----a-w c:\windows\system32\ssleay32.dll

    2009-03-26 10:03 . 2009-03-26 10:03 1028096 ----a-w c:\windows\system32\libeay32.dll

    2009-03-26 10:03 . 2009-03-26 10:03 143360 ----a-w c:\windows\system32\libexpatw.dll

    2009-03-21 14:07 . 2009-03-21 14:07 1039360 -c----w c:\windows\system32\dllcache\kernel32.dll

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-04-19 19:11 . 2009-04-19 19:11 -------- d-----w c:\programas\Veetle

    2009-04-18 11:56 . 2009-04-18 11:53 -------- d-----w c:\programas\Teleport Pro

    2009-04-16 15:39 . 2009-02-14 13:58 -------- d-----w c:\programas\Championship.Manager.2001.2002-PC-PT-RicaMatrix

    2009-04-15 22:23 . 2008-09-08 22:32 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

    2009-04-15 13:06 . 2009-04-15 12:11 -------- d-----w c:\programas\Ficheiros comuns\Symantec Shared

    2009-04-15 12:11 . 2009-04-15 12:11 -------- d-----w c:\programas\Symantec

    2009-04-15 12:11 . 2009-04-15 12:10 -------- d-----w c:\programas\Norton Internet Security

    2009-04-15 12:10 . 2009-04-15 12:10 -------- d-----w c:\programas\Windows Sidebar

    2009-04-15 12:10 . 2009-01-03 21:27 -------- d-----w c:\documents and settings\All Users\Application Data\Norton

    2009-04-15 12:10 . 2009-04-15 12:10 -------- d-----w c:\programas\NortonInstaller

    2009-04-12 14:13 . 2008-09-08 23:32 -------- d-----w c:\programas\IObit

    2009-04-09 16:44 . 2009-04-09 16:42 -------- d-----w c:\programas\SpeedFan

    2009-04-08 20:00 . 2009-01-03 21:27 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller

    2009-04-08 17:16 . 2009-04-08 17:16 -------- d-----w c:\programas\Trend Micro

    2009-04-03 20:04 . 2009-04-03 20:04 -------- d-----w c:\programas\Microsoft

    2009-04-03 20:04 . 2009-04-03 20:03 -------- d-----w c:\programas\Windows Live

    2009-04-03 20:03 . 2009-04-03 20:03 -------- d-----w c:\programas\Windows Live SkyDrive

    2009-04-03 20:00 . 2009-04-03 20:00 -------- d-----w c:\programas\Ficheiros comuns\Windows Live

    2009-04-02 21:35 . 2009-04-02 21:35 -------- d-----w c:\programas\Microsoft Silverlight

    2009-03-29 11:46 . 2004-09-21 11:00 80186 ----a-w c:\windows\system32\perfc016.dat

    2009-03-29 11:46 . 2004-09-21 11:00 484034 ----a-w c:\windows\system32\perfh016.dat

    2009-03-28 12:55 . 2008-09-08 22:28 -------- d--h--w c:\programas\InstallShield Installation Information

    2009-03-28 11:41 . 2009-03-28 11:41 -------- d-----w c:\programas\CSTools.net

    2009-03-28 10:59 . 2009-03-28 10:59 -------- d-----w c:\programas\THQ

    2009-03-23 18:16 . 2009-03-23 18:00 -------- d-----w c:\programas\XMPlay

    2009-03-13 10:33 . 2008-09-25 19:56 -------- d-----w c:\programas\Spybot - Search & Destroy

    2009-03-06 21:10 . 2009-02-03 20:33 -------- d-----w c:\programas\Opera

    2009-03-06 14:20 . 2004-09-21 11:00 286720 ----a-w c:\windows\system32\pdh.dll

    2009-02-24 19:38 . 2009-02-24 19:38 -------- d-----w c:\programas\sina

    2009-02-20 08:10 . 2004-09-21 11:00 669184 ----a-w c:\windows\system32\wininet.dll

    2009-02-20 08:10 . 2004-09-21 11:00 81920 ----a-w c:\windows\system32\ieencode.dll

    2009-02-19 23:52 . 2008-09-25 19:56 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

    2009-02-10 18:05 . 2007-02-28 08:07 2069888 ----a-w c:\windows\system32\ntkrnlpa.exe

    2009-02-09 14:05 . 2007-10-25 22:07 1846912 ----a-w c:\windows\system32\win32k.sys

    2009-02-09 11:23 . 2007-10-25 22:16 2192896 ----a-w c:\windows\system32\ntoskrnl.exe

    2009-02-09 11:23 . 2004-09-21 11:00 111104 ----a-w c:\windows\system32\services.exe

    2009-02-09 10:53 . 2007-10-25 22:06 732672 ----a-w c:\windows\system32\lsasrv.dll

    2009-02-09 10:53 . 2007-10-25 21:12 401408 ----a-w c:\windows\system32\rpcss.dll

    2009-02-09 10:53 . 2004-09-21 11:00 737792 ----a-w c:\windows\system32\ntdll.dll

    2009-02-09 10:53 . 2004-09-21 11:00 684032 ----a-w c:\windows\system32\advapi32.dll

    2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll

    2009-02-06 10:39 . 2004-09-21 11:00 35328 ----a-w c:\windows\system32\sc.exe

    2009-02-03 19:57 . 2004-09-21 11:00 56832 ----a-w c:\windows\system32\secur32.dll

    2009-01-19 20:26 . 2008-09-08 21:58 46872 ----a-w c:\documents and settings\Administrador\Definições locais\Application Data\GDIPFONTCACHEV1.DAT

    2009-01-03 20:15 . 2008-09-08 22:19 2272 ----a-w c:\documents and settings\LocalService\Definições locais\Application Data\FontCache3.0.0.0.dat

    .

    ------- Sigcheck -------

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\explorer.exe

    [-] 2007-06-13 13:10 1035264 4B1174A06F3E4BD5341521D151B84DCE c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

    [-] 2007-06-13 13:22 1035264 E33D51ECE9047331FCF59DBFA4F4B856 c:\windows\$NtServicePackUninstall$\explorer.exe

    [7] 2004-09-21 11:00 1034240 7A28F6B962DCDBFD94280338B4A8E6FB c:\windows\$NtUninstallKB938828$\explorer.exe

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\ServicePackFiles\i386\explorer.exe

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\VIPv3\backup\explorer.exe

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\VIPv3\resources\explorer.exe

    .

    ((((((((((((((((((((((((((((( SnapShot_2009-04-17_19.38.09,90 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2009-04-19 20:00 . 2009-04-19 20:00 16384 c:\windows\Temp\Perflib_Perfdata_574.dat

    + 2009-04-19 20:00 . 2009-04-19 20:00 16384 c:\windows\Temp\Perflib_Perfdata_55c.dat

    + 2009-03-26 10:07 . 2009-03-26 10:07 59904 c:\windows\system32\zlib1.dll

    + 2009-03-26 10:03 . 2009-03-26 10:03 196608 c:\windows\system32\ssleay32.dll

    + 2009-03-26 10:03 . 2009-03-26 10:03 143360 c:\windows\system32\libexpatw.dll

    + 2009-03-26 10:03 . 2009-03-26 10:03 286720 c:\windows\system32\libcurl.dll

    + 2009-04-19 19:58 . 2005-10-20 19:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE

    + 2009-03-26 10:03 . 2009-03-26 10:03 1028096 c:\windows\system32\libeay32.dll

    + 2009-03-26 10:10 . 2009-03-26 10:10 2076672 c:\windows\Downloaded Program Files\npTVUAx.dll

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    "MSMSGS"="c:\programas\Messenger\msmsgs.exe" [2008-04-14 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-20 7680000]

    "Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "msacm.l3fhg"= mp3fhg.acm

    "msacm.divxa32"= divxa32.acm

    "VIDC.X264"= x264vfw.dll

    "VIDC.HFYU"= huffyuv.dll

    "vidc.i263"= i263_32.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

    @="FSFilter Activity Monitor"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Programas\\uTorrent\\uTorrent.exe"=

    "c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Programas\\SAGEM\\SAGEM F@st 800-840\\dslmon.exe"=

    "c:\\Programas\\Messenger\\msmsgs.exe"=

    R2 vvdsvc;VJVodServices;c:\windows\System32\svchost.exe [2008-04-14 14336]

    R3 avfwim;AvFw Packet Filter Miniport; [x]

    R3 PD91Engine;PD91Engine;c:\programas\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]

    R3 viafilter;VIA USB Filter;c:\windows\System32\Drivers\viausb1.sys [2001-09-19 9728]

    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1001000.021\SYMEFA.SYS [2009-04-15 309296]

    S0 vfsfd;VIA File System Filter Driver;c:\windows\system32\drivers\vfsfd.sys [2003-01-09 12032]

    S0 videfd;VIA IDE Filter Driver;c:\windows\system32\drivers\videfd.sys [2003-01-02 4864]

    S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1001000.021\BHDrvx86.sys [2009-04-15 255536]

    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1001000.021\ccHPx86.sys [2009-04-15 362544]

    S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-04-15 274808]

    S2 Norton Internet Security;Norton Internet Security;c:\programas\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe [2009-04-15 115560]

    S2 PD91Agent;PD91Agent;c:\programas\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]

    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programas\Ficheiros comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-14 101936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    vvdsvc REG_MULTI_SZ vvdsvc

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.dufpy.com

    uInternet Connection Wizard,ShellNext = hxxp://www.sapo.pt/

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab

    FF - ProfilePath - c:\documents and settings\Administrador\Application Data\Mozilla\Firefox\Profiles\737oxc5c.default\

    FF - plugin: c:\programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

    FF - plugin: c:\programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\np-mswmp.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\np32dsw.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\npdeploytk.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\npnul32.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\NPOFF12.DLL

    FF - plugin: c:\programas\Mozilla Firefox\plugins\nppdf32.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\nppl3260.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\nprpjplug.dll

    FF - plugin: c:\programas\Veetle\Player\npvlc.dll

    FF - plugin: c:\programas\Veetle\plugins\npVeetle.dll

    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-04-19 21:00

    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]

    "ImagePath"="\"c:\programas\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programas\Norton Internet Security\Engine\16.1.0.33\diMaster.dll\" /prefetch:1"

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'winlogon.exe'(604)

    c:\windows\system32\SETUPAPI.dll

    - - - - - - - > 'lsass.exe'(660)

    c:\windows\system32\setupapi.dll

    - - - - - - - > 'explorer.exe'(4060)

    c:\progra~1\WINDOW~2\wmpband.dll

    c:\windows\system32\NETSHELL.dll

    c:\windows\system32\credui.dll

    c:\windows\system32\SETUPAPI.dll

    c:\windows\system32\WPDShServiceObj.dll

    c:\windows\system32\PortableDeviceTypes.dll

    c:\windows\system32\PortableDeviceApi.dll

    c:\programas\WinRAR\rarext.dll

    c:\programas\Drag'n'Crypt ULTRA\dcu.dll

    c:\programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\PDFShell.dll

    c:\programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\programas\Java\jre6\bin\jqs.exe

    c:\windows\system32\nvsvc32.exe

    c:\windows\system32\wscntfy.exe

    c:\windows\system32\wbem\wmiapsrv.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2009-04-19 21:03 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2009-04-19 20:03

    ComboFix2.txt 2009-04-17 18:40

    ComboFix3.txt 2009-04-13 11:13

    Pré-execução: 42.805.907.456 bytes livres

    Pós execução: 42,724,790,272 bytes livres

    242 --- E O F --- 2009-04-15 22:24

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Caro Monster

    Você conhece este serviço: VJVodServices?

    Abraços :D

    Não Diego, desconheço esse serviço.

    cumps

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Monster

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

    Driver::
    vvdsvc

    Salve este arquivo como: CFScript.txt

    2872959479_997d4500c4_o.gif

    Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 09-04-13.A2 - Administrador 2009-04-25 21:43.4 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.767.419 [GMT 1:00]

    Executando de: c:\documents and settings\Administrador\Ambiente de trabalho\ComboFix.exe

    Comandos utilizados :: c:\documents and settings\Administrador\Ambiente de trabalho\CFScript.txt.txt

    AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated)

    FW: ESET Personal firewall *disabled*

    * Criado um novo ponto de restauro

    .

    - MODO DE FUNCIONALIDADE REDUZIDA -

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-03-25 to 2009-04-25 ))))))))))))))))))))))))))))

    .

    2009-04-23 19:19 . 2009-04-23 19:19 -------- d-----w c:\documents and settings\NetworkService\Definições locais\Application Data\ESET

    2009-04-23 19:19 . 2009-04-23 19:19 -------- d-----w c:\documents and settings\NetworkService\Definições locais\Application Data\ESET

    2009-04-23 19:19 . 2009-04-23 19:19 -------- d-----w c:\documents and settings\NetworkService\Definições locais\Application Data\ESET

    2009-04-22 19:39 . 2009-04-22 19:39 -------- d-----w c:\documents and settings\Administrador\Application Data\Octoshape

    2009-04-22 19:26 . 2009-04-22 19:26 -------- d-----w c:\documents and settings\Administrador\Definições locais\Application Data\ESET

    2009-04-22 17:10 . 2009-04-22 17:10 -------- d-----w c:\documents and settings\Administrador\Application Data\ESET

    2009-04-22 17:07 . 2009-04-22 17:07 -------- d-----w c:\documents and settings\All Users\Application Data\ESET

    2009-04-18 16:22 . 2009-04-18 16:22 -------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks

    2009-04-18 16:22 . 2009-04-18 16:22 -------- d-----w c:\documents and settings\Administrador\Definições locais\Application Data\TVU Networks

    2009-04-18 16:22 . 2009-04-18 16:22 -------- d-----w c:\documents and settings\Administrador\Definições locais\Application Data\LocalLow

    2009-04-18 11:56 . 2009-04-18 11:56 103 ----a-w c:\windows\pro.INI

    2009-04-15 21:40 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

    2009-04-15 21:40 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll

    2009-04-15 21:40 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe

    2009-04-15 21:40 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

    2009-04-15 21:40 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

    2009-04-15 21:40 . 2009-02-09 10:53 732672 -c----w c:\windows\system32\dllcache\lsasrv.dll

    2009-04-15 21:40 . 2009-02-09 10:53 684032 -c----w c:\windows\system32\dllcache\advapi32.dll

    2009-04-15 21:40 . 2009-02-09 10:53 737792 -c----w c:\windows\system32\dllcache\ntdll.dll

    2009-04-15 21:40 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

    2009-04-15 21:37 . 2009-03-27 06:53 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb

    2009-04-15 21:37 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe

    2009-04-15 12:10 . 2009-04-15 12:10 -------- d-----w c:\windows\system32\drivers\NIS

    2009-04-09 16:42 . 2009-04-09 16:42 45 ----a-w c:\windows\system32\initdebug.nfo

    2009-04-09 14:21 . 2009-04-09 14:21 55768 ----a-w c:\windows\system32\drivers\epfwtdi.sys

    2009-04-09 14:21 . 2009-04-09 14:21 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys

    2009-04-09 14:21 . 2009-04-09 14:21 133000 ----a-w c:\windows\system32\drivers\epfw.sys

    2009-04-09 14:18 . 2009-04-09 14:18 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys

    2009-04-09 14:10 . 2009-04-09 14:10 113960 ----a-w c:\windows\system32\drivers\eamon.sys

    2009-04-08 17:10 . 2009-04-08 17:10 -------- d-----w c:\documents and settings\Administrador\Application Data\KillProcess

    2009-04-03 20:05 . 2009-04-25 19:38 -------- d-----w c:\documents and settings\Administrador\Tracing

    2009-04-03 19:51 . 2009-04-03 19:51 268 ---ha-w C:\sqmdata03.sqm

    2009-04-03 19:51 . 2009-04-03 19:51 244 ---ha-w C:\sqmnoopt03.sqm

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-04-23 10:28 . 2009-04-23 10:27 -------- d-----w c:\programas\BT Next Evolution

    2009-04-22 17:07 . 2009-04-22 17:07 -------- d-----w c:\programas\ESET

    2009-04-22 17:04 . 2009-01-03 21:27 -------- d-----w c:\documents and settings\All Users\Application Data\Norton

    2009-04-19 19:11 . 2009-04-19 19:11 -------- d-----w c:\programas\Veetle

    2009-04-18 11:56 . 2009-04-18 11:53 -------- d-----w c:\programas\Teleport Pro

    2009-04-16 15:39 . 2009-02-14 13:58 -------- d-----w c:\programas\Championship.Manager.2001.2002-PC-PT-RicaMatrix

    2009-04-15 22:23 . 2008-09-08 22:32 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

    2009-04-12 14:13 . 2008-09-08 23:32 -------- d-----w c:\programas\IObit

    2009-04-09 16:44 . 2009-04-09 16:42 -------- d-----w c:\programas\SpeedFan

    2009-04-08 20:00 . 2009-01-03 21:27 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller

    2009-04-08 17:16 . 2009-04-08 17:16 -------- d-----w c:\programas\Trend Micro

    2009-04-03 20:04 . 2009-04-03 20:04 -------- d-----w c:\programas\Microsoft

    2009-04-03 20:04 . 2009-04-03 20:03 -------- d-----w c:\programas\Windows Live

    2009-04-03 20:03 . 2009-04-03 20:03 -------- d-----w c:\programas\Windows Live SkyDrive

    2009-04-03 20:00 . 2009-04-03 20:00 -------- d-----w c:\programas\Ficheiros comuns\Windows Live

    2009-04-02 21:35 . 2009-04-02 21:35 -------- d-----w c:\programas\Microsoft Silverlight

    2009-03-29 11:46 . 2004-09-21 11:00 80186 ----a-w c:\windows\system32\perfc016.dat

    2009-03-29 11:46 . 2004-09-21 11:00 484034 ----a-w c:\windows\system32\perfh016.dat

    2009-03-28 12:55 . 2008-09-08 22:28 -------- d--h--w c:\programas\InstallShield Installation Information

    2009-03-28 11:41 . 2009-03-28 11:41 -------- d-----w c:\programas\CSTools.net

    2009-03-28 10:59 . 2009-03-28 10:59 -------- d-----w c:\programas\THQ

    2009-03-26 10:07 . 2009-03-26 10:07 59904 ----a-w c:\windows\system32\zlib1.dll

    2009-03-26 10:03 . 2009-03-26 10:03 286720 ----a-w c:\windows\system32\libcurl.dll

    2009-03-26 10:03 . 2009-03-26 10:03 196608 ----a-w c:\windows\system32\ssleay32.dll

    2009-03-26 10:03 . 2009-03-26 10:03 1028096 ----a-w c:\windows\system32\libeay32.dll

    2009-03-26 10:03 . 2009-03-26 10:03 143360 ----a-w c:\windows\system32\libexpatw.dll

    2009-03-23 18:16 . 2009-03-23 18:00 -------- d-----w c:\programas\XMPlay

    2009-03-13 10:33 . 2008-09-25 19:56 -------- d-----w c:\programas\Spybot - Search & Destroy

    2009-03-06 21:10 . 2009-02-03 20:33 -------- d-----w c:\programas\Opera

    2009-03-06 14:20 . 2004-09-21 11:00 286720 ----a-w c:\windows\system32\pdh.dll

    2009-02-20 08:10 . 2004-09-21 11:00 669184 ----a-w c:\windows\system32\wininet.dll

    2009-02-20 08:10 . 2004-09-21 11:00 81920 ----a-w c:\windows\system32\ieencode.dll

    2009-02-10 18:05 . 2007-02-28 08:07 2069888 ----a-w c:\windows\system32\ntkrnlpa.exe

    2009-02-09 14:05 . 2007-10-25 22:07 1846912 ----a-w c:\windows\system32\win32k.sys

    2009-02-09 11:23 . 2007-10-25 22:16 2192896 ----a-w c:\windows\system32\ntoskrnl.exe

    2009-02-09 11:23 . 2004-09-21 11:00 111104 ----a-w c:\windows\system32\services.exe

    2009-02-09 10:53 . 2007-10-25 22:06 732672 ----a-w c:\windows\system32\lsasrv.dll

    2009-02-09 10:53 . 2007-10-25 21:12 401408 ----a-w c:\windows\system32\rpcss.dll

    2009-02-09 10:53 . 2004-09-21 11:00 737792 ----a-w c:\windows\system32\ntdll.dll

    2009-02-09 10:53 . 2004-09-21 11:00 684032 ----a-w c:\windows\system32\advapi32.dll

    2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll

    2009-02-06 10:39 . 2004-09-21 11:00 35328 ----a-w c:\windows\system32\sc.exe

    2009-02-03 19:57 . 2004-09-21 11:00 56832 ----a-w c:\windows\system32\secur32.dll

    2009-01-19 20:26 . 2008-09-08 21:58 46872 ----a-w c:\documents and settings\Administrador\Definições locais\Application Data\GDIPFONTCACHEV1.DAT

    2009-01-03 20:15 . 2008-09-08 22:19 2272 ----a-w c:\documents and settings\LocalService\Definições locais\Application Data\FontCache3.0.0.0.dat

    .

    ------- Sigcheck -------

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\explorer.exe

    [-] 2007-06-13 13:10 1035264 4B1174A06F3E4BD5341521D151B84DCE c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

    [-] 2007-06-13 13:22 1035264 E33D51ECE9047331FCF59DBFA4F4B856 c:\windows\$NtServicePackUninstall$\explorer.exe

    [7] 2004-09-21 11:00 1034240 7A28F6B962DCDBFD94280338B4A8E6FB c:\windows\$NtUninstallKB938828$\explorer.exe

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\ServicePackFiles\i386\explorer.exe

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\VIPv3\backup\explorer.exe

    [-] 2008-04-14 16:09 1407488 14A239E9276706CB31B55CF8B7EE289C c:\windows\VIPv3\resources\explorer.exe

    .

    ((((((((((((((((((((((((((((( SnapShot_2009-04-17_19.38.09,90 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2009-04-17 18:14 . 2009-04-17 18:14 16384 c:\windows\Temp\Perflib_Perfdata_588.dat

    + 2009-04-24 17:56 . 2009-04-24 17:56 16384 c:\windows\Temp\Perflib_Perfdata_588.dat

    + 2009-03-26 10:07 . 2009-03-26 10:07 59904 c:\windows\system32\zlib1.dll

    + 2009-04-09 14:21 . 2009-04-09 14:21 55768 c:\windows\system32\drivers\epfwtdi.sys

    + 2009-04-09 14:21 . 2009-04-09 14:21 33096 c:\windows\system32\drivers\epfwndis.sys

    + 2009-04-22 17:10 . 2009-04-22 17:10 97360 c:\windows\Installer\{EDD5DA26-1D0A-4AF4-9B7C-E21ADD578A96}\egui.exe

    + 2009-04-22 17:10 . 2009-04-22 17:10 10134 c:\windows\Installer\{EDD5DA26-1D0A-4AF4-9B7C-E21ADD578A96}\callmsi.exe

    + 2009-03-26 10:03 . 2009-03-26 10:03 196608 c:\windows\system32\ssleay32.dll

    + 2009-03-26 10:03 . 2009-03-26 10:03 143360 c:\windows\system32\libexpatw.dll

    + 2009-03-26 10:03 . 2009-03-26 10:03 286720 c:\windows\system32\libcurl.dll

    + 2009-04-09 14:21 . 2009-04-09 14:21 133000 c:\windows\system32\drivers\epfw.sys

    + 2009-04-09 14:18 . 2009-04-09 14:18 107256 c:\windows\system32\drivers\ehdrv.sys

    + 2009-04-09 14:10 . 2009-04-09 14:10 113960 c:\windows\system32\drivers\eamon.sys

    + 2009-04-19 19:58 . 2005-10-20 19:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE

    + 2009-03-26 10:03 . 2009-03-26 10:03 1028096 c:\windows\system32\libeay32.dll

    + 2009-03-26 10:10 . 2009-03-26 10:10 2076672 c:\windows\Downloaded Program Files\npTVUAx.dll

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "egui"="c:\programas\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]

    "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 197632]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-20 7680000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "msacm.l3fhg"= mp3fhg.acm

    "msacm.divxa32"= divxa32.acm

    "VIDC.X264"= x264vfw.dll

    "VIDC.HFYU"= huffyuv.dll

    "vidc.i263"= i263_32.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

    @="FSFilter Activity Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

    --a------ 2008-10-15 02:04 39792 c:\programas\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

    --a------ 2008-04-14 17:09 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --------- 2008-04-14 17:09 1695232 c:\programas\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

    --a------ 2006-09-20 04:25 7680000 c:\windows\system32\nvcpl.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Programas\\uTorrent\\uTorrent.exe"=

    "c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Programas\\SAGEM\\SAGEM F@st 800-840\\dslmon.exe"=

    "c:\\Programas\\Messenger\\msmsgs.exe"=

    R2 vvdsvc;VJVodServices;c:\windows\System32\svchost.exe [2008-04-14 14336]

    R3 avfwim;AvFw Packet Filter Miniport; [x]

    R3 PD91Engine;PD91Engine;c:\programas\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]

    R3 viafilter;VIA USB Filter;c:\windows\System32\Drivers\viausb1.sys [2001-09-19 9728]

    S0 vfsfd;VIA File System Filter Driver;c:\windows\system32\drivers\vfsfd.sys [2003-01-09 12032]

    S0 videfd;VIA IDE Filter Driver;c:\windows\system32\drivers\videfd.sys [2003-01-02 4864]

    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]

    S2 ekrn;ESET Service;c:\programas\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]

    S2 PD91Agent;PD91Agent;c:\programas\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    vvdsvc REG_MULTI_SZ vvdsvc

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.dufpy.com

    uInternet Connection Wizard,ShellNext = hxxp://www.sapo.pt/

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab

    FF - ProfilePath - c:\documents and settings\Administrador\Application Data\Mozilla\Firefox\Profiles\737oxc5c.default\

    FF - plugin: c:\programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

    FF - plugin: c:\programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\np-mswmp.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\np32dsw.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\npdeploytk.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\npnul32.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\NPOFF12.DLL

    FF - plugin: c:\programas\Mozilla Firefox\plugins\nppdf32.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\nppl3260.dll

    FF - plugin: c:\programas\Mozilla Firefox\plugins\nprpjplug.dll

    FF - plugin: c:\programas\Veetle\Player\npvlc.dll

    FF - plugin: c:\programas\Veetle\plugins\npVeetle.dll

    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-04-25 21:43

    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'winlogon.exe'(620)

    c:\windows\system32\SETUPAPI.dll

    - - - - - - - > 'lsass.exe'(676)

    c:\windows\system32\setupapi.dll

    - - - - - - - > 'explorer.exe'(2408)

    c:\progra~1\WINDOW~2\wmpband.dll

    c:\windows\system32\NETSHELL.dll

    c:\windows\system32\credui.dll

    c:\windows\system32\SETUPAPI.dll

    c:\windows\system32\WPDShServiceObj.dll

    c:\windows\system32\PortableDeviceTypes.dll

    c:\windows\system32\PortableDeviceApi.dll

    .

    Tempo para conclusão: 2009-04-25 21:45

    ComboFix-quarantined-files.txt 2009-04-25 20:45

    ComboFix2.txt 2009-04-19 20:03

    ComboFix3.txt 2009-04-17 18:40

    ComboFix4.txt 2009-04-13 11:13

    Pré-execução: 42.323.382.272 bytes livres

    Pós execução: 42,449,788,928 bytes livres

    232 --- E O F --- 2009-04-15 22:24

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Monster

    # Etapa nº 1 #

    >>>> Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização)

    Agora clique em,

    iniciar > executar e digite cmd. No prompt de comando digite:

    sc stop vvdsvc < enter >

    sc delete vvdsvc < enter >

    Então por fim digite exit < enter >

    Reinicie o computador em Modo Normal.

    # Etapa nº 2 #

    Faça um novo log com o DDS e poste aqui!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Obrigado pela continuação de ajuda.

    Aqui fica o log do DDS depois de efectuar as etapas pedidas.

    DDS (Ver_09-03-16.01) - NTFSx86

    Run by Administrador at 11:31:06,09 on 27-04-2009

    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11

    Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.767.470 [GMT 1:00]

    AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated)

    FW: ESET Personal firewall *enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Programas\ESET\ESET Smart Security\ekrn.exe

    C:\Programas\Java\jre6\bin\jqs.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Programas\Raxco\PerfectDisk2008\PD91Agent.exe

    C:\Programas\Raxco\PerfectDisk2008\PD91Engine.exe

    C:\Programas\ESET\ESET Smart Security\egui.exe

    C:\WINDOWS\system32\ctfmon.exe

    svchost.exe

    C:\WINDOWS\system32\wbem\wmiapsrv.exe

    C:\Documents and Settings\Administrador\Ambiente de trabalho\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.dufpy.com

    uInternet Connection Wizard,ShellNext = hxxp://www.sapo.pt/

    BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programas\ficheiros comuns\adobe\acrobat\activex\AcroIEHelper.dll

    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programas\java\jre6\bin\ssv.dll

    BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programas\ficheiros comuns\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programas\java\jre6\bin\jp2ssv.dll

    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    mRun: [egui] "c:\programas\eset\eset smart security\egui.exe" /hide /waitservice

    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

    dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

    IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe

    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\programas\java\jre6\bin\jp2iexp.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll

    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220917720495

    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220917708047

    DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\737oxc5c.default\

    FF - plugin: c:\programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

    FF - plugin: c:\programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

    FF - plugin: c:\programas\mozilla firefox\plugins\np-mswmp.dll

    FF - plugin: c:\programas\mozilla firefox\plugins\np32dsw.dll

    FF - plugin: c:\programas\mozilla firefox\plugins\npdeploytk.dll

    FF - plugin: c:\programas\mozilla firefox\plugins\npnul32.dll

    FF - plugin: c:\programas\mozilla firefox\plugins\NPOFF12.DLL

    FF - plugin: c:\programas\mozilla firefox\plugins\nppdf32.dll

    FF - plugin: c:\programas\mozilla firefox\plugins\nppl3260.dll

    FF - plugin: c:\programas\mozilla firefox\plugins\nprpjplug.dll

    FF - plugin: c:\programas\veetle\player\npvlc.dll

    FF - plugin: c:\programas\veetle\plugins\npVeetle.dll

    ============= SERVICES / DRIVERS ===============

    R0 vfsfd;VIA File System Filter Driver;c:\windows\system32\drivers\vfsfd.sys [2008-9-11 12032]

    R0 videfd;VIA IDE Filter Driver;c:\windows\system32\drivers\videfd.sys [2008-9-11 4864]

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 107256]

    R2 ekrn;ESET Service;c:\programas\eset\eset smart security\ekrn.exe [2009-4-9 731840]

    R2 PD91Agent;PD91Agent;c:\programas\raxco\perfectdisk2008\PD91Agent.exe [2008-12-31 693512]

    S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys --> c:\windows\system32\drivers\avfwim.sys [?]

    S3 PD91Engine;PD91Engine;c:\programas\raxco\perfectdisk2008\PD91Engine.exe [2008-12-31 910600]

    S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [2008-11-11 9728]

    =============== Created Last 30 ================

    2009-04-25 21:41 <DIR> --d----- C:\ComboFix

    2009-04-24 18:31 <DIR> --d----- c:\windows\pss

    2009-04-23 11:27 <DIR> --d----- c:\programas\BT Next Evolution

    2009-04-22 20:39 <DIR> --d----- c:\docume~1\admini~1\applic~1\Octoshape

    2009-04-22 18:10 <DIR> --d----- c:\docume~1\admini~1\applic~1\ESET

    2009-04-22 18:07 <DIR> --d----- c:\programas\ESET

    2009-04-19 20:11 <DIR> --d----- c:\programas\Veetle

    2009-04-18 17:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks

    2009-04-18 12:56 103 a------- c:\windows\pro.INI

    2009-04-18 12:53 <DIR> --d----- c:\programas\Teleport Pro

    2009-04-15 22:40 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe

    2009-04-15 22:40 286,720 -c------ c:\windows\system32\dllcache\pdh.dll

    2009-04-15 22:40 111,104 -c------ c:\windows\system32\dllcache\services.exe

    2009-04-15 22:40 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll

    2009-04-15 22:40 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll

    2009-04-15 22:40 732,672 -c------ c:\windows\system32\dllcache\lsasrv.dll

    2009-04-15 22:40 684,032 -c------ c:\windows\system32\dllcache\advapi32.dll

    2009-04-15 22:40 737,792 -c------ c:\windows\system32\dllcache\ntdll.dll

    2009-04-15 22:40 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll

    2009-04-15 22:37 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb

    2009-04-15 22:37 219,136 -c------ c:\windows\system32\dllcache\wordpad.exe

    2009-04-15 13:10 <DIR> --d----- c:\windows\system32\drivers\NIS

    2009-04-13 12:08 <DIR> a-dshr-- C:\cmdcons

    2009-04-13 12:06 161,792 a------- c:\windows\SWREG.exe

    2009-04-13 12:06 98,816 a------- c:\windows\sed.exe

    2009-04-09 17:42 <DIR> --d----- c:\programas\SpeedFan

    2009-04-09 17:42 45 a------- c:\windows\system32\initdebug.nfo

    2009-04-09 15:21 55,768 a------- c:\windows\system32\drivers\epfwtdi.sys

    2009-04-09 15:21 33,096 a------- c:\windows\system32\drivers\epfwndis.sys

    2009-04-09 15:21 133,000 a------- c:\windows\system32\drivers\epfw.sys

    2009-04-09 15:18 107,256 a------- c:\windows\system32\drivers\ehdrv.sys

    2009-04-09 15:10 113,960 a------- c:\windows\system32\drivers\eamon.sys

    2009-04-08 18:16 <DIR> --d----- c:\programas\Trend Micro

    2009-04-08 18:10 <DIR> --d----- c:\docume~1\admini~1\applic~1\KillProcess

    2009-04-03 21:05 <DIR> --d----- c:\documents and settings\administrador\Tracing

    2009-04-03 21:04 <DIR> --d----- c:\programas\Microsoft

    2009-04-03 21:03 <DIR> --d----- c:\programas\Windows Live SkyDrive

    2009-04-03 21:00 <DIR> --d----- c:\programas\ficheiros comuns\Windows Live

    2009-04-03 20:51 268 a---h--- C:\sqmdata03.sqm

    2009-04-03 20:51 244 a---h--- C:\sqmnoopt03.sqm

    2009-03-28 12:41 <DIR> --d----- c:\programas\CSTools.net

    2009-03-28 11:59 <DIR> --d----- c:\programas\THQ

    ==================== Find3M ====================

    2009-03-29 12:46 484,034 a------- c:\windows\system32\perfh016.dat

    2009-03-29 12:46 80,186 a------- c:\windows\system32\perfc016.dat

    2009-03-26 11:07 59,904 a------- c:\windows\system32\zlib1.dll

    2009-03-26 11:03 286,720 a------- c:\windows\system32\libcurl.dll

    2009-03-26 11:03 1,028,096 a------- c:\windows\system32\libeay32.dll

    2009-03-26 11:03 196,608 a------- c:\windows\system32\ssleay32.dll

    2009-03-26 11:03 143,360 a------- c:\windows\system32\libexpatw.dll

    2009-03-06 15:20 286,720 a------- c:\windows\system32\pdh.dll

    2009-02-20 09:10 669,184 a------- c:\windows\system32\wininet.dll

    2009-02-20 09:10 81,920 a------- c:\windows\system32\ieencode.dll

    2009-02-10 19:05 2,069,888 a------- c:\windows\system32\ntkrnlpa.exe

    2009-02-09 15:05 1,846,912 a------- c:\windows\system32\win32k.sys

    2009-02-09 12:23 2,192,896 a------- c:\windows\system32\ntoskrnl.exe

    2009-02-09 12:23 111,104 a------- c:\windows\system32\services.exe

    2009-02-09 11:53 737,792 a------- c:\windows\system32\ntdll.dll

    2009-02-09 11:53 732,672 a------- c:\windows\system32\lsasrv.dll

    2009-02-09 11:53 684,032 a------- c:\windows\system32\advapi32.dll

    2009-02-09 11:53 401,408 a------- c:\windows\system32\rpcss.dll

    2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll

    2009-02-06 11:39 35,328 a------- c:\windows\system32\sc.exe

    2009-02-03 20:57 56,832 a------- c:\windows\system32\secur32.dll

    ============= FINISH: 11:31:44,31 ===============

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Monster

    Temporariamente desative o seu anti-virus!

    Faça um Online Scan em kaspersky Virusscanner

    • Clique em Clipboard01-1.jpg
    • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
    • Aguarde a instalação e a atualização e depois clique em Clipboard013.jpg
    • Clique agora em Clipboard016.jpg
    • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
      • Scan using the following Anti-Virus database:

      • Extended (if available otherwise Standard)
    • Scan Options:

    • Scan Archives Scan Mail Bases
    Clique Clipboard014.jpgClique em My Computer para que seja feito um Scan completo no seu sistema.Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.No final do Scan, clique no botão Save as TextSalve o log com os resultados e cole o conteúdo na sua próxima mensagem.Gere e cole também um novo log do HijackThis.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×