Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
jgmarcos

Análise de log...micro não desliga

Recommended Posts

Meu micro não está mais desligando depois que abri um e-mail.

Não sai da tela da Area de Trabalho quando tento desligá-lo.

As vezes os ícones da Barra de Feramenta do lado direito desaparecem quando passo a seta do mouse por cima deles.

Passei o anti-viris e o CCleaner porém o problema persiste.

Logfile of HijackThis v1.99.1

Scan saved at 03:54:01, on 7/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\windows\system32\IEXPLORES.EXE

C:\WINDOWS\system\msnmsssgser.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\Hijack This\HijackThis.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Microsoft Internet Explorer] C:\windows\system32\IEXPLORES.EXE

O4 - HKCU\..\Run: [msnmsg] C:\WINDOWS\system\msnmsssgser.exe

O4 - Startup: Registration .LNK = C:\Arquivos de programas\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\support\Register\Reg.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Bom dia...

Baixei o Combofix e está aí o resultado, porém agora a pouco as Instalações Automáticas do Windows entrarm em funcionamento e depois de baixar as atualizações o micro passou a deligar normalmente, mesmo assim te passo e resultado do Combofix...

Obrigado mais um vez...:)

ComboFix 08-04-08.7 - beto 2008-04-09 1:53:18.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.51 [GMT -3:00]

Executando de: E:\Instaladores\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\monitorado.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))

.

2008-04-09 01:40 . 2008-04-09 01:40 118 --a------ C:\WINDOWS\system32\MRT.INI

2008-04-09 01:38 . 2008-04-09 01:41 1,355 --a------ C:\WINDOWS\imsins.BAK

2008-04-08 11:48 . 2008-04-08 11:48 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\ESET

2008-04-08 11:48 . 2008-04-08 11:48 <DIR> d-------- C:\Arquivos de programas\ESET

2008-04-07 03:00 . 2008-04-07 03:00 284 --a------ C:\WINDOWS\system\KEYBOARD1.DRV

2008-04-07 02:50 . 2008-04-07 02:50 353,280 ---hs---- C:\WINDOWS\system\msnmsssgser.exe

2008-03-30 16:02 . 2008-03-30 16:02 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-03-26 20:42 . 2008-03-26 20:42 1,190 --a------ C:\WINDOWS\mozver.dat

2008-03-25 16:17 . 2008-03-25 16:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-03-25 16:13 . 2008-03-25 16:25 <DIR> d-------- C:\Documents and Settings\beto\.housecall6.6

2008-03-25 15:56 . 2008-03-29 22:07 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-25 15:56 . 2008-03-29 22:07 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-24 23:49 . 2008-03-24 23:49 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-19 01:53 . 2008-03-19 01:53 <DIR> d-------- C:\Arquivos de programas\IObit

2008-03-17 14:34 . 2008-04-07 03:56 <DIR> d-------- C:\Hijack This

2008-03-17 12:49 . 2008-04-03 16:55 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2008-03-17 12:49 . 2008-04-03 16:55 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-03-17 10:58 . 2008-03-17 11:21 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP

2008-03-13 16:52 . 2008-03-13 16:52 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys

2008-03-13 16:44 . 2008-03-13 16:44 29,704 --a------ C:\WINDOWS\system32\drivers\easdrv.sys

2008-03-13 16:43 . 2008-03-13 16:43 40,456 --a------ C:\WINDOWS\system32\drivers\eamon.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-09 04:04 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\AVG7

2008-04-07 19:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\avg7

2008-03-30 19:51 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\AdobeUM

2008-03-30 01:29 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-03-20 22:00 17,448 ----a-w C:\Documents and Settings\beto\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-17 17:17 --------- d-----w C:\Arquivos de programas\Common Files

2008-03-17 17:17 --------- d-----w C:\Arquivos de programas\Assistente Tecnico Speedy

2008-03-12 17:05 --------- d-----w C:\Arquivos de programas\IrfanView

2008-03-11 13:38 --------- d-----w C:\Arquivos de programas\MYMA Decoder and Viewer

2008-03-05 20:25 --------- d-----w C:\Arquivos de programas\Windows Live

2008-03-05 20:21 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-05 20:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\WLInstaller

2008-03-05 20:00 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\Kazaa Lite

2008-03-05 19:30 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\DivX

2008-03-05 19:30 --------- d-----w C:\Arquivos de programas\DivX

2008-03-05 16:08 --------- d-----w C:\Arquivos de programas\Java

2008-03-05 16:06 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-03-05 14:01 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\Leadertech

2008-03-05 13:53 --------- d-----w C:\Arquivos de programas\Programas RFB

2008-03-04 01:42 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\eMule

2008-03-04 01:42 --------- d-----w C:\Arquivos de programas\eMule

2008-03-03 23:28 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-03-03 22:34 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\Motive

2008-03-03 22:34 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Motive

2008-03-03 22:29 155,995 ----a-w C:\WINDOWS\java\Packages\0ICZRLNF.ZIP

2008-03-03 22:24 --------- d-----w C:\Arquivos de programas\Telefonica

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-24 12:42 --------- d-----w C:\Arquivos de programas\Programas SRF

2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\PxCpyI64.exe

2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\PxInsI64.exe

2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2004-10-01 17:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((( snapshot@2008-03-25_ 9.40.21,42 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-03-20 07:57:58 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll

+ 2008-02-20 05:20:26 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll

+ 2008-02-20 18:50:28 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll

+ 2008-02-20 06:53:07 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll

- 2000-08-31 11:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2005-10-20 23:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2000-08-31 11:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe

+ 2000-08-31 11:00:00 80,412 ----a-w C:\WINDOWS\grep.exe

+ 2007-12-07 02:09:20 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll

+ 2007-12-19 22:53:59 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll

+ 2007-12-07 02:09:20 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll

+ 2007-12-07 02:09:20 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll

+ 2007-12-07 02:09:20 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll

+ 2007-12-06 11:05:55 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe

+ 2007-12-07 02:09:20 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll

+ 2007-12-07 02:09:20 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll

+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll

+ 2007-12-07 02:09:20 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll

+ 2007-12-07 02:09:20 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll

+ 2007-12-07 02:09:21 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll

+ 2007-12-07 02:09:21 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll

+ 2007-12-07 02:09:21 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll

+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe

+ 2007-12-06 11:06:21 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe

+ 2007-12-07 02:09:21 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll

+ 2007-12-07 02:09:21 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll

+ 2007-12-07 02:09:21 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll

+ 2007-12-08 05:09:22 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll

+ 2007-12-07 02:09:22 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll

+ 2007-12-07 02:09:22 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll

+ 2007-12-07 02:09:22 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll

+ 2007-12-07 02:09:22 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll

+ 2008-01-11 05:37:21 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll

+ 2007-03-06 01:01:00 215,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:02:08 384,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll

+ 2007-12-07 02:09:22 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll

+ 2007-12-07 02:09:22 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll

+ 2007-12-07 02:09:22 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll

+ 2007-12-07 02:09:22 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll

+ 2008-04-08 14:49:43 10,134 ----a-r C:\WINDOWS\Installer\{86A6E235-C08F-4A14-B14C-793C7D8844A0}\callmsi.exe

+ 2008-04-08 14:49:43 136,448 ----a-r C:\WINDOWS\Installer\{86A6E235-C08F-4A14-B14C-793C7D8844A0}\egui.exe

+ 2008-03-30 19:00:35 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1046-7B44-A70900000002}\SC_Reader.exe

+ 2000-08-31 11:00:00 98,816 ----a-w C:\WINDOWS\sed.exe

+ 2000-08-31 11:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe

+ 2000-08-31 11:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe

+ 2000-08-31 11:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe

- 2007-12-07 02:09:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2008-03-01 13:02:08 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2006-08-02 15:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe

- 2007-12-07 02:09:20 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-03-01 13:02:08 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll

- 2006-06-26 17:41:41 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

+ 2008-02-20 05:37:59 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

- 2004-08-04 03:45:22 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

+ 2008-02-20 05:37:59 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

- 2007-12-19 22:53:59 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-03-01 13:02:09 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2007-12-07 02:09:20 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-03-01 13:02:09 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2007-12-07 02:09:20 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-03-01 13:02:09 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2007-06-19 13:31:22 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll

+ 2008-02-20 06:51:35 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll

- 2007-12-07 02:09:20 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

+ 2008-03-01 13:02:09 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

- 2007-12-06 11:05:55 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2008-02-29 08:59:58 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2007-12-07 02:09:20 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2008-03-01 13:02:09 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2007-12-07 02:09:20 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2008-03-01 13:02:09 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2007-12-06 04:59:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

- 2007-12-07 02:09:20 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

+ 2008-03-01 13:02:09 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

- 2007-12-07 02:09:20 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2008-03-01 13:02:09 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2007-12-07 02:09:21 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

+ 2008-03-01 13:02:10 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

- 2007-12-07 02:09:21 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2008-03-01 13:02:10 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2007-12-07 02:09:21 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

+ 2008-03-01 13:02:10 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

- 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

- 2007-12-06 11:06:21 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe

+ 2008-02-29 09:00:27 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe

- 2007-12-07 02:09:21 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-03-01 13:02:10 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2007-12-07 02:09:21 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

+ 2008-03-01 13:02:10 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

- 2007-12-07 02:09:21 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

+ 2008-03-01 13:02:10 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

- 2007-12-08 05:09:22 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-03-01 21:32:12 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2007-12-07 02:09:22 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-03-01 13:02:12 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2007-12-07 02:09:22 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-03-01 13:02:12 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

- 2007-12-07 02:09:22 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-03-01 13:02:12 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

- 2007-12-07 02:09:22 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

+ 2008-03-01 13:02:12 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

- 2008-01-11 05:37:21 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-03-01 13:02:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2007-12-07 02:09:22 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll

+ 2008-03-01 13:02:12 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll

- 2007-12-07 02:09:22 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-03-01 13:02:12 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2007-12-07 02:09:22 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2008-03-01 13:02:12 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2007-03-08 15:33:32 1,843,712 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys

+ 2008-03-20 08:09:41 1,845,376 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys

- 2007-12-07 02:09:22 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-03-01 13:02:12 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

- 2006-06-26 17:41:41 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll

+ 2008-02-20 05:37:59 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

- 2007-12-19 22:53:59 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-03-01 13:02:09 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2007-12-07 02:09:20 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-03-01 13:02:09 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2007-12-07 02:09:20 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

+ 2008-03-01 13:02:09 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

- 2008-03-04 02:11:09 113,376 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-04-09 04:45:06 113,376 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2007-12-07 02:09:20 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

+ 2008-03-01 13:02:09 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2007-12-06 11:05:55 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

+ 2008-02-29 08:59:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

- 2007-12-07 02:09:20 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

+ 2008-03-01 13:02:09 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

- 2007-12-07 02:09:20 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

+ 2008-03-01 13:02:09 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

- 2007-12-07 02:09:20 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2008-03-01 13:02:09 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2007-12-07 02:09:20 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

+ 2008-03-01 13:02:09 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

- 2007-12-07 02:09:21 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

+ 2008-03-01 13:02:10 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2007-12-07 02:09:21 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

+ 2008-03-01 13:02:10 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

- 2007-12-07 02:09:21 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

+ 2008-03-01 13:02:10 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2007-12-07 02:09:21 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-03-01 13:02:10 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2007-11-20 19:52:00 2,884,992 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

+ 2007-11-20 19:52:00 218,496 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe

- 2007-12-07 02:09:21 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

+ 2008-03-01 13:02:10 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2007-12-07 02:09:21 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2008-03-01 13:02:10 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2007-12-08 05:09:22 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-03-01 21:32:12 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2007-12-07 02:09:22 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-03-01 13:02:12 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2007-12-07 02:09:22 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2008-03-01 13:02:12 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

- 2007-12-07 02:09:22 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2008-03-01 13:02:12 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

- 2007-12-07 02:09:22 102,912 ----a-w C:\WINDOWS\system32\occache.dll

+ 2008-03-01 13:02:12 102,912 ----a-w C:\WINDOWS\system32\occache.dll

- 2008-01-11 05:37:21 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-03-01 13:02:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

- 2007-12-07 02:09:22 105,984 ----a-w C:\WINDOWS\system32\url.dll

+ 2008-03-01 13:02:12 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2007-12-07 02:09:22 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-03-01 13:02:12 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2007-12-07 02:09:22 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-03-01 13:02:12 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2000-08-31 11:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe

+ 2000-08-31 11:00:00 68,096 ----a-w C:\WINDOWS\zip.exe

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PowerBar"="" []

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-02-26 05:53 65024 C:\WINDOWS\SOUNDMAN.EXE]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-22 00:51 579072]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 07:18 196608]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-24 17:29 219136]

C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Discador Yahoo\\DialUP.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG Free\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG Free\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG Free\\avgcc.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG Free\\avgemc.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]

S3 FXDRV;FXDRV;D:\Fxdrv.sys []

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-04-09 04:23:02 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-09 01:55:00

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = ????????????l?@?l?@?D?????6~??????????????6~l?@?l?@????? ???????????W?9~??6~??????6~K?6~x???????[?6~???????? ??????????????|x???0???????????? ot??6~????????????????????`???????????l?@?l?@?????Q?7~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-04-09 1:55:42

ComboFix-quarantined-files.txt 2008-04-09 04:55:33

ComboFix2.txt 2008-03-25 12:40:45

Pre-Run: 15,357,128,704 bytes disponíveis

Post-Run: 15,348,858,880 bytes disponíveis

.

2008-04-09 04:41:43 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do Killbox e execute-o:

  • Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

C:\windows\system32\IEXPLORES.EXE
C:\WINDOWS\system\msnmsssgser.exe
  • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;
  • Clique no killbox.png e responda Não à pergunta.

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

O4 - HKCU\..\Run: [Microsoft Internet Explorer] C:\windows\system32\IEXPLORES.EXE

O4 - HKCU\..\Run: [msnmsg] C:\WINDOWS\system\msnmsssgser.exe

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- Reinicie em modo normal, gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Baixei o Killbox e executei-o, e fiz os procedimetos que você me pediu...

Reiniciei o micro em Modo Seguro, abri o Hijackthis e cliquei no botão que me indicou, porém as entradas que me pediu para marcar não apareceram...

Será que fiz algo de errado...tentei por 3 vezes e não apareceram as entradas....

O micro está desligando normalmente....

O que faço agora?

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Tá aí o novo log...

Logfile of HijackThis v1.99.1

Scan saved at 20:47:27, on 10/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Registration .LNK = C:\Arquivos de programas\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\support\Register\Reg.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{520B4726-3E33-4E17-BE6C-1431AFF8D0E9}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Apague a pasta backups que está em C:\Hijack This e C:\!Killbox;

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Mais uma vez obrigado pela ajuda de vocês...

um abraço...

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×