Ir ao conteúdo
  • Cadastre-se
Fear Factory

Análise Log HijackThis

Posts recomendados

Por favor, alguém poderia analisar esse log pra mim?

Eu desconfio de algumas coisas que podem ser removidas, mas como não tenho experiência, fico com medo de remover algo errado.

O malware fica abrindo pop-ups do IE (quando usando o Firefox) e direcionando para páginas chinesas (ex: http://www.hangye.com), tanto que ele pede a instalação do pacote de idioma Chinês simplificado.

Obrigado!

Bruno Said.

Logfile of HijackThis v1.99.1

Scan saved at 11:30:02, on 28/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Outlook Express\svchost.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE73A074-8959-4C80-9F86-F27E75000C21}: NameServer = 200.165.132.155 200.149.55.140

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Window Net Dns (MyDNS) - Unknown owner - C:\Program Files\Outlook Express\svchost.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download da ferramenta abaixo:

http://eric.71.mespages.googlepages.com/LopSD.exe

Para instalá-lo, na primeira tela escolha a opção "Je suis d'accord avec..." e clique em Suivant, depois em Quitter.

Na sua área de trabalho irá aparecer o ícone do Lop S&D. Clique sobre ele.

Na janela que abrir, na primeira tela pressione P de Português e aperte enter.

Na próxima tela pressione o numero 1 e enter.

Sua tela irá piscar. Isso é normal. Aguarde até que seja gerado um relatório.

Na sua próxima resposta, poste o relatório gerado pela ferramenta e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

O programa não achou nada e o problema ainda persiste. Estou ficando chateado já. Só não formato logo de uma vez essa droga porque dá um trabalho formatar e instalar as trocentas atualizações desse XP... ¬¬'

LOG do Lop S&D

-----------------------[ Lop S&D 4.1.0-3 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Bruno ] [ "C:\Lop SD" ]

[ dom 30/03/2008 | 12:56:52,78 ] [ PC : BRUNOMSAID ]

[ MAJ : 29-03-2008 | 19:52 ]

-------------[ Lista de pastas em Application Data ]------------

[28/03/2008|13:56] C:\DOCUME~1\ALLUSE~1\DADOSD~1\.

[28/03/2008|13:56] C:\DOCUME~1\ALLUSE~1\DADOSD~1\..

[28/03/2008|13:54] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[28/03/2008|13:56] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe Systems

[18/03/2008|15:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\desktop.ini

[18/03/2008|19:58] C:\DOCUME~1\ALLUSE~1\DADOSD~1\ESET

[29/03/2008|12:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\FLEXnet

[28/03/2008|11:57] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab Setup Files

[23/03/2008|12:15] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[24/03/2008|17:27] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Office Genuine Advantage

[24/03/2008|11:53] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[18/03/2008|20:03] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TuneUp Software

[22/03/2008|20:42] C:\DOCUME~1\ALLUSE~1\DADOSD~1\UDL

[18/03/2008|20:50] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[18/03/2008|20:38] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

[25/03/2008|21:20] C:\DOCUME~1\Bruno\DADOSD~1\.

[25/03/2008|21:20] C:\DOCUME~1\Bruno\DADOSD~1\..

[28/03/2008|22:23] C:\DOCUME~1\Bruno\DADOSD~1\Adobe

[19/03/2008|22:34] C:\DOCUME~1\Bruno\DADOSD~1\AdobeUM

[18/03/2008|21:34] C:\DOCUME~1\Bruno\DADOSD~1\Ahead

[25/03/2008|21:20] C:\DOCUME~1\Bruno\DADOSD~1\Corel

[18/03/2008|15:32] C:\DOCUME~1\Bruno\DADOSD~1\desktop.ini

[18/03/2008|20:00] C:\DOCUME~1\Bruno\DADOSD~1\ESET

[18/03/2008|18:47] C:\DOCUME~1\Bruno\DADOSD~1\Identities

[30/03/2008|12:46] C:\DOCUME~1\Bruno\DADOSD~1\Lightcomm

[18/03/2008|20:32] C:\DOCUME~1\Bruno\DADOSD~1\Macromedia

[24/03/2008|13:20] C:\DOCUME~1\Bruno\DADOSD~1\Microsoft

[18/03/2008|21:06] C:\DOCUME~1\Bruno\DADOSD~1\Mozilla

[24/03/2008|13:04] C:\DOCUME~1\Bruno\DADOSD~1\realtech VR

[18/03/2008|20:03] C:\DOCUME~1\Bruno\DADOSD~1\TuneUp Software

[29/03/2008|18:38] C:\DOCUME~1\Bruno\DADOSD~1\uTorrent

[18/03/2008|15:32] C:\DOCUME~1\DEFAUL~1\DADOSD~1\.

[18/03/2008|15:32] C:\DOCUME~1\DEFAUL~1\DADOSD~1\..

[18/03/2008|15:32] C:\DOCUME~1\DEFAUL~1\DADOSD~1\desktop.ini

[18/03/2008|18:41] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

[23/03/2008|12:06] C:\DOCUME~1\LOCALS~1\DADOSD~1\.

[23/03/2008|12:06] C:\DOCUME~1\LOCALS~1\DADOSD~1\..

[23/03/2008|12:06] C:\DOCUME~1\LOCALS~1\DADOSD~1\Adobe

[19/03/2008|11:21] C:\DOCUME~1\LOCALS~1\DADOSD~1\Macromedia

[18/03/2008|18:41] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

[18/03/2008|18:45] C:\DOCUME~1\NETWOR~1\DADOSD~1\.

[18/03/2008|18:45] C:\DOCUME~1\NETWOR~1\DADOSD~1\..

[18/03/2008|18:41] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

----------------[ Tarefas Agendadas na pasta C:\WINDOWS\Tasks ]---------------

[28/03/2008 17:32][--a------] C:\WINDOWS\tasks\1-Click Maintenance.job

[30/03/2008 12:46][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 15:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Lista de pastas em C:\Arquivos de programas ]--------------

[28/03/2008|17:29] C:\Arquivos de programas\.

[28/03/2008|17:29] C:\Arquivos de programas\..

[28/03/2008|17:45] C:\Arquivos de programas\Adobe

[18/03/2008|21:31] C:\Arquivos de programas\Ahead

[18/03/2008|19:02] C:\Arquivos de programas\Analog Devices

[28/03/2008|17:42] C:\Arquivos de programas\Arquivos comuns

[22/03/2008|17:54] C:\Arquivos de programas\Bonjour

[24/03/2008|11:54] C:\Arquivos de programas\CCleaner

[18/03/2008|23:15] C:\Arquivos de programas\Codemasters

[21/03/2008|13:36] C:\Arquivos de programas\Common Files

[18/03/2008|18:37] C:\Arquivos de programas\ComPlus Applications

[25/03/2008|20:56] C:\Arquivos de programas\Corel

[27/03/2008|20:18] C:\Arquivos de programas\eMule

[22/03/2008|20:42] C:\Arquivos de programas\EPSON

[18/03/2008|19:58] C:\Arquivos de programas\ESET

[25/03/2008|21:02] C:\Arquivos de programas\InstallShield Installation Information

[27/03/2008|13:06] C:\Arquivos de programas\Internet Explorer

[18/03/2008|18:42] C:\Arquivos de programas\microsoft frontpage

[25/03/2008|20:59] C:\Arquivos de programas\Microsoft Office

[18/03/2008|18:39] C:\Arquivos de programas\Movie Maker

[30/03/2008|12:46] C:\Arquivos de programas\Mozilla Firefox

[18/03/2008|18:37] C:\Arquivos de programas\MSN Gaming Zone

[19/03/2008|11:47] C:\Arquivos de programas\MSXML 6.0

[18/03/2008|18:39] C:\Arquivos de programas\NetMeeting

[18/03/2008|18:53] C:\Arquivos de programas\Oi Velox

[19/03/2008|11:30] C:\Arquivos de programas\Outlook Express

[24/03/2008|13:06] C:\Arquivos de programas\realtech VR

[18/03/2008|18:39] C:\Arquivos de programas\Servi‡os on-line

[18/03/2008|19:05] C:\Arquivos de programas\SiS305_V1.15

[24/03/2008|16:41] C:\Arquivos de programas\Softland

[24/03/2008|11:31] C:\Arquivos de programas\Spybot - Search & Destroy

[18/03/2008|20:03] C:\Arquivos de programas\TuneUp Utilities 2008

[23/03/2008|14:36] C:\Arquivos de programas\UltraISO

[18/03/2008|18:47] C:\Arquivos de programas\Uninstall Information

[18/03/2008|22:31] C:\Arquivos de programas\uTorrent

[18/03/2008|20:58] C:\Arquivos de programas\Windows Live

[18/03/2008|20:53] C:\Arquivos de programas\Windows Media Connect 2

[19/03/2008|13:16] C:\Arquivos de programas\Windows Media Player

[18/03/2008|18:37] C:\Arquivos de programas\Windows NT

[18/03/2008|18:39] C:\Arquivos de programas\WindowsUpdate

[18/03/2008|19:04] C:\Arquivos de programas\WinRAR

[21/03/2008|13:36] C:\Arquivos de programas\Xara

[18/03/2008|18:42] C:\Arquivos de programas\xerox

------[ Lista de pastas em C:\Arquivos de programas\Arquivos comuns ]------

[28/03/2008|17:42] C:\Arquivos de programas\Arquivos comuns\.

[28/03/2008|17:42] C:\Arquivos de programas\Arquivos comuns\..

[28/03/2008|17:45] C:\Arquivos de programas\Arquivos comuns\Adobe

[18/03/2008|21:30] C:\Arquivos de programas\Arquivos comuns\Ahead

[25/03/2008|20:57] C:\Arquivos de programas\Arquivos comuns\Corel

[25/03/2008|20:59] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[23/03/2008|14:36] C:\Arquivos de programas\Arquivos comuns\EZB Systems

[25/03/2008|20:36] C:\Arquivos de programas\Arquivos comuns\InstallShield

[22/03/2008|17:43] C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

[25/03/2008|20:59] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[18/03/2008|18:39] C:\Arquivos de programas\Arquivos comuns\MSSoap

[18/03/2008|15:32] C:\Arquivos de programas\Arquivos comuns\ODBC

[18/03/2008|18:39] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[18/03/2008|15:32] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[19/03/2008|11:30] C:\Arquivos de programas\Arquivos comuns\System

[18/03/2008|20:58] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

[18/03/2008|19:51] C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

----------------------[ Procura pelo S_Lop ]---------------------

Não foram encontradas pastas com o Lop!

-----------------[ Procura por Arquivos/Ficheiros e pastas do Lop ]-----------------

Não foram encontradas pastas com o Lop!

----------------------[ Procura no Registro ]----------------------

..... OK !

--------------------[ Verificando o Arquivos/Ficheiros Hosts ]---------------------

Arquivos/Ficheiros Hosts LIMPO

----------------[ Procurando Arquivos/Ficheiros ocultos com o Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-30 12:57:18

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden files ...

scan completed successfully

hidden files: 0

--------------------[ Procurando por outras infecções ]---------------------

Não foram encontradas outras infecções.

/!\ [Fich:743][Doss:129] C:\DOCUME~1\Bruno\CONFIG~1\Temp

/!\ [Fich:16][Doss:0] C:\DOCUME~1\Bruno\Cookies

/!\ [Fich:9][Doss:5] C:\DOCUME~1\Bruno\CONFIG~1\TEMPOR~1\content.IE5

--------------------[ Verificação completa em 12:57:30,09 ]----------------------

Log do HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 13:03:25, on 30/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Outlook Express\svchost.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE73A074-8959-4C80-9F86-F27E75000C21}: NameServer = 200.165.132.155 200.149.55.140

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Window Net Dns (MyDNS) - Unknown owner - C:\Program Files\Outlook Express\svchost.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obs.: Eu executei uma primeira vez o programa e no relatório ele disse que havia deletado um arquivo. Contudo, como executei conectado a internet, o malware acabou abrindo uma janela do IE. Então, passei por uma segunda vez, e o log abaixo refere-se justamente à segunda verificação.

LOG DO COMBOFIX

ComboFix 08-03-30.2 - Bruno 2008-03-31 0:44:07.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.502 [GMT -3:00]

Executando de: C:\Documents and Settings\Bruno\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

TimedOut: progfile.dat

((((((((((((((((((((((( Ficheiros criados de 2008-02-28 to 2008-03-31 ))))))))))))))))))))))))))))))))

.

2008-03-30 12:55 . 2008-03-30 13:38 <DIR> d-------- C:\Lop SD

2008-03-28 14:01 . 2008-03-28 14:01 <DIR> d-------- C:\Documents and Settings\Bruno\Configuraes locais

2008-03-28 13:56 . 2008-03-28 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-03-28 13:44 . 2008-03-28 13:44 47 --a------ C:\WINDOWS\WININIT.INI

2008-03-28 11:57 . 2008-03-28 11:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-03-28 11:44 . 2008-03-28 11:44 <DIR> d--h----- C:\WINDOWS\PIF

2008-03-27 12:51 . 2008-03-30 13:13 <DIR> d-------- C:\hijackthis

2008-03-27 12:44 . 2008-03-27 12:44 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-03-27 12:34 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll

2008-03-27 12:34 . 2001-08-17 22:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll

2008-03-26 19:43 . 2008-03-27 20:18 <DIR> d-------- C:\Arquivos de programas\eMule

2008-03-25 21:20 . 2008-03-25 21:20 <DIR> d-------- C:\Documents and Settings\Bruno\Dados de aplicativos\Corel

2008-03-25 20:59 . 2008-03-25 20:59 <DIR> d-------- C:\WINDOWS\Corel

2008-03-25 20:57 . 2008-03-25 20:57 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2008-03-25 20:56 . 2008-03-25 20:56 <DIR> d-------- C:\Arquivos de programas\Corel

2008-03-24 17:27 . 2008-03-24 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2008-03-24 17:00 . 2008-03-24 17:00 1,852 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-03-24 16:41 . 2008-03-24 16:41 <DIR> d-------- C:\Arquivos de programas\Softland

2008-03-24 16:41 . 2008-03-19 14:56 22,168 --a------ C:\WINDOWS\system32\dopdfmn6.dll

2008-03-24 16:41 . 2008-03-19 14:56 18,072 --a------ C:\WINDOWS\system32\dopdfmi6.dll

2008-03-24 16:41 . 2008-02-11 16:14 7,477 --a------ C:\WINDOWS\system32\dopdf6.ctm

2008-03-24 13:32 . 2008-03-24 13:32 132 -rahs---- C:\WINDOWS\Regbak.dat

2008-03-24 13:32 . 2008-03-24 13:32 93 -rahs---- C:\WINDOWS\system32\SftGrd.cfg

2008-03-24 13:04 . 2008-03-24 13:04 <DIR> d-------- C:\Documents and Settings\Bruno\Dados de aplicativos\realtech VR

2008-03-24 11:54 . 2008-03-24 11:54 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-03-24 11:31 . 2008-03-24 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-24 11:31 . 2008-03-24 11:31 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-03-23 14:36 . 2008-03-23 14:36 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\EZB Systems

2008-03-23 14:35 . 2008-03-23 14:36 <DIR> d-------- C:\Arquivos de programas\UltraISO

2008-03-22 20:42 . 2008-03-22 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\UDL

2008-03-22 20:35 . 2008-03-22 20:42 <DIR> d-------- C:\Arquivos de programas\EPSON

2008-03-22 20:35 . 2008-03-22 20:43 44 --a------ C:\WINDOWS\EPC79.ini

2008-03-22 17:54 . 2008-03-22 17:54 <DIR> d-------- C:\Arquivos de programas\Bonjour

2008-03-22 17:43 . 2008-03-22 17:43 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-03-21 23:13 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll

2008-03-21 23:13 . 2008-03-21 23:13 421 --a------ C:\WINDOWS\ODBC.INI

2008-03-21 23:11 . 2008-03-21 23:12 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-03-21 23:05 . 2008-03-21 23:05 <DIR> dr-h----- C:\MSOCache

2008-03-21 13:36 . 2008-03-21 13:36 <DIR> d-------- C:\Arquivos de programas\Xara

2008-03-21 13:36 . 2008-03-21 13:36 <DIR> d-------- C:\Arquivos de programas\Common Files

2008-03-19 23:38 . 2008-03-28 17:28 <DIR> d-------- C:\Torrents

2008-03-19 22:34 . 2008-03-19 22:34 <DIR> d-------- C:\Documents and Settings\Bruno\Dados de aplicativos\AdobeUM

2008-03-19 14:12 . 2008-03-29 18:46 49 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-19 14:08 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-03-19 14:05 . 2004-11-17 14:43 352,768 --a------ C:\WINDOWS\system32\hypertrm.dll

2008-03-19 14:04 . 2004-09-29 19:28 134,912 --a------ C:\WINDOWS\system32\drivers\ipnat.sys

2008-03-19 14:04 . 2004-09-29 19:28 134,912 --a--c--- C:\WINDOWS\system32\dllcache\ipnat.sys

2008-03-19 13:54 . 2007-04-18 13:13 2,854,400 --a------ C:\WINDOWS\system32\SET658.tmp

2008-03-19 13:49 . 2007-03-17 10:44 293,376 --a------ C:\WINDOWS\system32\SET61C.tmp

2008-03-19 13:48 . 2006-08-16 06:37 225,664 --a--c--- C:\WINDOWS\system32\dllcache\SET60A.tmp

2008-03-19 13:48 . 2006-08-16 08:59 100,352 --a------ C:\WINDOWS\system32\SET609.tmp

2008-03-19 13:48 . 2006-08-16 08:59 100,352 --a--c--- C:\WINDOWS\system32\dllcache\SET60B.tmp

2008-03-19 13:45 . 2005-08-23 00:39 124,416 --------- C:\WINDOWS\system32\SET587.tmp

2008-03-19 13:45 . 2006-01-04 00:35 68,096 --a------ C:\WINDOWS\system32\SET590.tmp

2008-03-19 13:42 . 2005-06-10 20:53 57,856 --------- C:\WINDOWS\system32\SET55C.tmp

2008-03-19 13:35 . 2007-12-06 22:07 1,494,528 --a------ C:\WINDOWS\system32\SET4A2.tmp

2008-03-19 13:35 . 2007-12-06 22:07 1,024,000 --a------ C:\WINDOWS\system32\SET4AF.tmp

2008-03-19 13:35 . 2007-12-06 22:07 661,504 --a------ C:\WINDOWS\system32\SET49F.tmp

2008-03-19 13:35 . 2007-12-06 22:07 616,448 --a------ C:\WINDOWS\system32\SET4A0.tmp

2008-03-19 13:35 . 2007-12-06 22:07 474,112 --a------ C:\WINDOWS\system32\SET4A1.tmp

2008-03-19 12:55 . 2005-07-08 13:29 249,344 --a------ C:\WINDOWS\system32\SET2AE.tmp

2008-03-19 12:53 . 2007-06-13 10:21 1,035,264 --a------ C:\WINDOWS\SET292.tmp

2008-03-19 12:40 . 2006-06-22 07:48 181,248 --a------ C:\WINDOWS\system32\SET109.tmp

2008-03-19 12:38 . 2004-12-07 16:34 96,768 --a------ C:\WINDOWS\system32\srvsvc.dll

2008-03-19 12:38 . 2004-12-07 16:34 96,768 --a--c--- C:\WINDOWS\system32\dllcache\srvsvc.dll

2008-03-19 11:47 . 2008-03-19 11:47 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2008-03-19 11:32 . 2007-02-28 13:02 2,184,576 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-03-19 11:32 . 2007-02-28 13:02 2,140,160 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-03-19 11:32 . 2007-02-28 13:02 2,061,824 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-03-19 11:32 . 2007-02-28 13:02 2,019,840 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-03-19 11:21 . 2008-03-19 11:21 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritos

2008-03-19 11:21 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-19 11:21 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-19 11:21 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-19 00:45 . 2008-03-19 00:45 65,536 --a------ C:\WINDOWS\IFinst27.exe

2008-03-18 23:19 . 2008-03-18 23:21 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll

2008-03-18 23:19 . 2008-03-18 23:21 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll

2008-03-18 23:19 . 2008-03-18 23:21 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll

2008-03-18 23:15 . 2008-03-18 23:15 <DIR> d-------- C:\Arquivos de programas\Codemasters

2008-03-18 23:15 . 1999-04-23 22:22 151,552 --a------ C:\WINDOWS\system32\MSOSS.DLL

2008-03-18 22:36 . 2008-03-18 22:36 <DIR> d-------- C:\Program Files

2008-03-18 22:31 . 2008-03-29 18:38 <DIR> d-------- C:\Documents and Settings\Bruno\Dados de aplicativos\uTorrent

2008-03-18 22:31 . 2008-03-18 22:31 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-03-18 21:34 . 2008-03-18 21:34 <DIR> d-------- C:\Documents and Settings\Bruno\Dados de aplicativos\Ahead

2008-03-18 21:30 . 2008-03-18 21:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-03-18 21:30 . 2008-03-18 21:31 <DIR> d-------- C:\Arquivos de programas\Ahead

2008-03-18 21:30 . 2001-07-06 10:41 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll

2008-03-18 21:30 . 2001-07-06 08:44 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll

2008-03-18 21:30 . 2001-07-06 14:24 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll

2008-03-18 21:30 . 2001-07-09 07:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe

2008-03-18 21:30 . 2000-06-26 07:45 106,496 -ra------ C:\WINDOWS\system32\TwnLib20.dll

2008-03-18 21:30 . 2001-06-26 04:15 38,912 -ra------ C:\WINDOWS\system32\picn20.dll

2008-03-18 21:13 . 2008-03-20 23:02 1,321 --a------ C:\WINDOWS\mozver.dat

2008-03-18 21:06 . 2008-03-18 21:06 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-18 20:59 . 2008-03-18 20:59 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-03-18 20:59 . 2008-03-18 20:59 <DIR> d-------- C:\Documents and Settings\Bruno\Contacts

2008-03-18 20:52 . 2008-03-18 20:53 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2008-03-18 20:51 . 2008-03-24 11:56 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-03-18 20:51 . 2008-03-18 20:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-03-18 20:51 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-31 03:42 --------- d-----w C:\Documents and Settings\Bruno\Dados de aplicativos\Lightcomm

2008-03-18 21:53 --------- d-----w C:\Arquivos de programas\Oi Velox

2008-03-18 21:42 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-03-18 21:39 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-03-18 21:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-03-18 18:14 86,073 ----a-w C:\WINDOWS\system32\usrfaxa.dll

2008-03-18 18:02 994,816 ----a-w C:\WINDOWS\system32\syssetup.dll

2007-12-07 23:07 3,080,192 ----a-w C:\WINDOWS\system32\SET4A7.tmp

2007-12-07 08:10 359,936 ----a-w C:\WINDOWS\system32\SET4B1.tmp

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2006-11-07 03:26 123904 C:\WINDOWS\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MaxRecentDocs"= 6 (0x6)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C79 Series]

--a------ 2006-02-23 00:00 131072 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

-ra------ 2001-07-09 07:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]

--a------ 2001-08-10 20:11 266499 C:\WINDOWS\system32\khooker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Tray]

--a------ 2001-08-10 20:11 262403 C:\WINDOWS\system32\sistray.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

--a------ 2003-05-05 08:57 143360 C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--a------ 2007-08-31 16:46 1460560 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 11:11]

R2 MyDNS;Window Net Dns;C:\Program Files\Outlook Express\svchost.exe [2008-03-10 02:50]

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-09-05 20:50]

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:45]

R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 18:28]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

R3 SiS300;SiS300;C:\WINDOWS\system32\DRIVERS\sis300p.sys [2002-02-22 08:56]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-18 20:03]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-31 00:45:16

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-03-31 0:45:46

ComboFix-quarantined-files.txt 2008-03-31 03:45:31

ComboFix2.txt 2008-03-31 03:41:00

Pre-Run: 17,276,399,616 bytes disponíveis

Post-Run: 17,268,109,312 bytes disponíveis

.

2008-03-24 03:27:38 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

Acho que agora deu certo.

Porque as janelas geralmente começavam a aparecer quando me conectava a internet e um tempo depois paravam.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Melo,

Desta vez resolvi o problema definitivamente. Tinha um svchost.exe dentro de uma pasta /Program Files/Outlook Express suspeita e eu já deletei. Certeza que era esse o exe que abria essas pop-ups do IE.

Obrigado pela ajuda!

Tópico resolvido.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Aprenda_a_Ler_Resistores_e_Capacitores-capa-3d-newsletter.jpg

ebook grátis "Aprenda a ler resistores e capacitores", de Gabriel Torres

GRÁTIS! BAIXE AGORA MESMO!