Por favor, se puder alguem analisa esse log pra mim,não intendo muito disso, queria ver se o PC esta limpo!
ComboFix 10-11-19.01 - Maria 19/11/2010 23:11:09.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.503.192 [GMT -2:00]
Executando de: c:\documents and settings\Maria\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-10-20 to 2010-11-20 ))))))))))))))))))))))))))))
.
2010-11-20 00:04 . 2010-11-20 01:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2010-11-20 00:04 . 2010-11-20 00:07 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy
2010-11-19 23:12 . 2010-11-19 23:12 -------- d-----w- c:\documents and settings\Maria\Dados de aplicativos\Malwarebytes
2010-11-19 23:12 . 2010-11-19 23:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-11-19 22:55 . 2010-11-19 22:55 -------- d-----w- c:\documents and settings\Maria\Dados de aplicativos\IObit
2010-11-19 22:55 . 2010-11-19 22:55 -------- d-----w- c:\arquivos de programas\IObit
2010-11-19 00:09 . 2010-11-19 00:09 -------- d-----w- c:\windows\system32\KB905474
2010-11-19 00:05 . 2010-11-19 00:10 -------- d-----w- c:\windows\ie8updates
2010-11-19 00:05 . 2010-11-19 00:05 -------- d-----w- c:\arquivos de programas\MSXML 4.0
2010-11-18 17:11 . 2010-09-10 05:51 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-18 17:11 . 2010-09-10 05:51 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-18 17:11 . 2010-09-10 05:51 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-18 17:11 . 2010-09-10 05:51 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-11-18 17:11 . 2010-09-10 05:51 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-18 17:11 . 2010-09-10 05:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-18 17:10 . 2010-09-10 05:51 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-11-18 12:35 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-18 12:35 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-18 11:17 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-18 09:18 . 2010-11-19 10:09 -------- d--h--w- c:\windows\$hf_mig$
2010-11-17 12:37 . 2010-04-28 18:13 2194176 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-17 12:37 . 2010-04-28 05:43 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-17 12:37 . 2010-04-28 05:43 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-11 14:23 . 2010-11-12 19:48 -------- d-----w- c:\documents and settings\Maria\Dados de aplicativos\Microsoft Games
2010-11-11 14:23 . 2010-11-12 19:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Games
2010-11-11 14:18 . 2010-11-12 19:48 -------- d-----w- c:\arquivos de programas\Microsoft Games
2010-11-11 14:15 . 2010-11-11 14:15 -------- d-----w- c:\arquivos de programas\DAEMON Tools Toolbar
2010-11-11 14:12 . 2010-11-11 14:15 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite
2010-11-11 14:09 . 2010-11-11 14:09 -------- d-----w- c:\documents and settings\Maria\Dados de aplicativos\DAEMON Tools
2010-11-07 23:04 . 2010-11-07 23:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2010-10-31 18:44 . 2010-11-03 17:05 -------- d-----w- C:\Brasfoot2010
2010-10-31 18:40 . 2010-10-31 18:40 -------- d-----w- C:\Downloads
2010-10-23 23:25 . 2010-10-23 23:25 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-23 23:16 . 2009-09-04 19:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-23 23:16 . 2009-09-04 19:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-10-23 23:16 . 2009-09-04 19:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-10-23 23:16 . 2009-09-04 19:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-10-23 23:16 . 2009-09-04 19:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-23 23:16 . 2009-09-04 19:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-10-23 23:16 . 2009-09-04 19:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-10-23 17:17 . 2010-10-23 17:17 -------- d-----w- c:\documents and settings\Maria\Dados de aplicativos\HP
2010-10-23 17:17 . 2010-10-23 17:17 -------- d-----w- c:\documents and settings\Maria\Configurações locais\Dados de aplicativos\HP
2010-10-23 14:26 . 2010-10-23 14:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Trymedia
2010-10-23 14:22 . 2010-10-23 14:22 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2010-10-23 14:04 . 2010-10-23 14:18 -------- d-----w- c:\arquivos de programas\JPEG PC Camera
2010-10-23 13:53 . 2007-09-28 18:32 344064 ----a-w- c:\windows\vsnp2std.exe
2010-10-23 13:53 . 2007-07-11 18:09 20480 ----a-w- c:\windows\FixCamera.exe
2010-10-23 13:53 . 2007-05-12 13:19 270336 ----a-w- c:\windows\tsnp2std.exe
2010-10-23 13:53 . 2007-09-05 15:48 12212864 ----a-w- c:\windows\system32\drivers\snp2sxp.sys
2010-10-23 13:53 . 2007-01-25 20:48 25472 ----a-w- c:\windows\system32\drivers\sncamd.sys
2010-10-23 13:53 . 2010-10-23 13:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snp2std
2010-10-23 13:53 . 2007-09-05 17:50 73728 ----a-w- c:\windows\system32\vsnp2std.dll
2010-10-23 13:53 . 2007-02-05 17:25 151552 ----a-w- c:\windows\system32\rsnp2std.dll
2010-10-23 13:53 . 2006-11-16 17:57 77824 ----a-w- c:\windows\system32\csnp2std.dll
2010-10-23 13:53 . 2010-10-23 13:53 -------- d-----w- c:\documents and settings\Maria\Dados de aplicativos\InstallShield
2010-10-23 13:40 . 2010-10-23 13:40 -------- d-----w- c:\documents and settings\Maria\Configurações locais\Dados de aplicativos\JPEGCam
2010-10-23 13:37 . 2007-07-20 17:38 81920 ----a-w- c:\windows\amcap.exe
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 14:09 . 2010-10-09 03:52 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-09 02:29 . 2010-10-09 02:29 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-09-18 14:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:51 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:51 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:51 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 12:00 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-23 16:12 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"GTKCU"="c:\arquivos de programas\Greatek\GTKCU.exe" [2008-11-07 315392]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 01:07 932288 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 06:47 35760 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-02-08 14:51 1015808 ----a-w- c:\arquivos de programas\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2009-01-31 05:45 3399727 ----a-w- c:\arquivos de programas\Free Download Manager\fdm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-09 10:53 136176 ----atw- c:\documents and settings\Maria\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 00:34 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 18:40 155648 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 18:07 2260480 --sha-r- c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2007-05-12 13:19 270336 ----a-w- c:\windows\tsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-10-09 02:47 288048 ----a-w- c:\arquivos de programas\uTorrent\uTorrent.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Arquivos de programas\\Microsoft Games\\Zoo Tycoon 2 Trial Version\\zt2demoretail.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/10/2010 01:52 717296]
R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [17/2/2010 16:25 12872]
R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [10/5/2010 16:41 67656]
R2 AntiVirSchedulerService;Avira AntiVir Programador;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [9/10/2010 00:42 108289]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-11-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-11-19 00:18]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Connection Wizard,ShellNext = iexplore
IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {39CF47B9-134A-42AC-AED7-5ADDF7E084DB} = 172.15.45.254,200.176.2.10
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-19 23:15
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Tempo para conclusão: 2010-11-19 23:16:58
ComboFix-quarantined-files.txt 2010-11-20 01:16
ComboFix2.txt 2010-11-07 12:46
ComboFix3.txt 2010-11-06 01:26
ComboFix4.txt 2010-11-06 00:21
Pré-execução: 9 pasta(s) 29.097.156.608 bytes disponíveis
Pós execução: 10 pasta(s) 29.093.494.784 bytes disponíveis
- - End Of File - - 300BB62AC85C09F7F3F5F4777A9A208F
Alan Pauli
Novo Membro
Registrado
51 Mensagens
0 Curtidas
