Logo Hardware.com.br
henrique.vidicho
henrique.vid... Novo Membro Registrado
1 Mensagem 0 Curtidas

Análise de log

#1 Por henrique.vid... 26/06/2010 - 19:12
Kosloski disse:



ComboFix 10-06-26.02 - Danilo 26/06/2010 18:42:06.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.1918.1169 [GMT -3:00]
Executando de: c:\users\Danilo\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Winpbger.exe
c:\users\Administrador\AviraAutoLoader.exe
c:\windows\system32\VB6KO.DLL

.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-26 to 2010-06-26 ))))))))))))))))))))))))))))
.

2010-06-26 21:46 . 2010-06-26 21:47 -------- d-----w- c:\users\Danilo\AppData\Local\temp
2010-06-26 21:46 . 2010-06-26 21:46 -------- d-----w- c:\users\Nathalya\AppData\Local\temp
2010-06-26 21:46 . 2010-06-26 21:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-26 21:46 . 2010-06-26 21:46 -------- d-----w- c:\users\Dirceu\AppData\Local\temp
2010-06-26 21:46 . 2010-06-26 21:46 -------- d-----w- c:\users\Bela\AppData\Local\temp
2010-06-26 21:46 . 2010-06-26 21:46 -------- d-----w- c:\users\Administrador\AppData\Local\temp
2010-06-26 21:29 . 2010-06-26 21:29 -------- d-----w- C:\HijackThis
2010-06-26 21:11 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-26 21:11 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-26 21:11 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-26 21:04 . 2010-06-26 21:05 -------- d-----w- c:\program files\Ethalone
2010-06-24 01:17 . 2010-06-24 01:17 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb59BC.tmp.exe
2010-06-23 12:41 . 2009-11-25 15:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 12:41 . 2009-11-25 15:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 12:41 . 2009-11-25 15:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 12:41 . 2009-11-25 15:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 12:41 . 2009-11-25 15:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-11 20:10 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 20:10 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 20:10 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-11 20:10 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 20:10 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 13:50 . 2010-06-09 13:50 -------- d-----w- c:\users\Bela\AppData\Local\Mozilla
2010-06-08 11:12 . 2010-06-08 11:12 -------- d-----w- c:\users\Nathalya\Office Genuine Advantage
2010-06-04 20:05 . 2010-06-04 20:05 -------- d-----w- c:\users\Administrador\AppData\Local\Oleg_Zhuk
2010-06-04 19:51 . 2010-06-04 19:51 -------- d-----w- c:\program files\Zhuk
2010-06-04 19:48 . 2010-06-04 19:48 0 ----a-w- c:\windows\nsreg.dat
2010-06-04 19:48 . 2010-06-04 19:48 -------- d-----w- c:\users\Administrador\AppData\Local\Mozilla
2010-06-01 17:42 . 2010-06-21 23:13 -------- d-----w- C:\output
2010-06-01 14:59 . 2010-06-01 15:07 -------- d-----w- c:\program files\PhotoScape

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 21:37 . 2009-07-14 08:15 663766 ----a-w- c:\windows\system32\prfh0416.dat
2010-06-26 21:37 . 2009-07-14 08:15 129764 ----a-w- c:\windows\system32\prfc0416.dat
2010-06-26 21:05 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-06-12 04:04 . 2010-04-22 00:09 -------- d-----w- c:\programdata\Microsoft Help
2010-06-04 22:26 . 2010-04-22 00:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 16:38 . 2010-04-23 01:41 -------- d-----w- c:\program files\eMule
2010-06-01 15:00 . 2010-05-13 18:24 -------- d-----w- c:\program files\Google
2010-05-26 02:48 . 2010-05-26 02:48 -------- d-----w- c:\programdata\PCPitstop
2010-05-26 02:48 . 2010-05-26 02:48 -------- d-----w- c:\program files\PCPitstop
2010-05-21 17:14 . 2010-04-21 00:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 03:38 . 2010-05-21 03:38 -------- d-----w- c:\program files\Free AVI to 3GP Converter
2010-05-21 03:03 . 2010-04-21 03:43 -------- d-----w- c:\programdata\Messenger Plus!
2010-05-18 21:38 . 2010-05-18 21:38 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-05-16 00:32 . 2010-05-16 00:32 -------- d-----w- c:\program files\BurnAware Free
2010-05-12 15:42 . 2010-04-21 03:43 -------- d-----w- c:\program files\Messenger Plus! Live
2010-05-12 14:42 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-10 15:50 . 2010-05-10 15:50 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-05-10 15:50 . 2010-05-10 15:50 578880 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-05-10 14:46 . 2010-04-30 22:18 108824 ----a-w- c:\users\Nathalya\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-06 20:59 . 2010-04-22 00:43 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-04-22 00:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-04-22 00:44 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-04-22 00:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2010-04-22 00:44 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2010-04-22 00:44 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 02:37 . 2010-05-18 15:47 52224 ----a-w- c:\users\Danilo\AppData\Roaming\Mozilla\Firefox\Profiles\hdlplj9n.default\extensions\{3dca8735-67e9-4fd2-ad4b-21996976defb}\components\FFExternalAlert.dll
2010-05-06 02:37 . 2010-05-18 15:47 101376 ----a-w- c:\users\Danilo\AppData\Roaming\Mozilla\Firefox\Profiles\hdlplj9n.default\extensions\{3dca8735-67e9-4fd2-ad4b-21996976defb}\components\RadioWMPCore.dll
2010-05-04 22:51 . 2010-04-24 20:59 108824 ----a-w- c:\users\Bela\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-03 15:53 . 2010-05-01 02:32 108824 ----a-w- c:\users\Administrador\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-03 15:39 . 2010-04-21 00:00 108824 ----a-w- c:\users\Danilo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-03 12:46 . 2010-04-24 20:45 108824 ----a-w- c:\users\Dirceu\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-02 14:37 . 2010-04-22 00:13 -------- d-----w- c:\program files\Microsoft Works
2010-05-01 21:12 . 2010-04-21 16:35 -------- d-----w- c:\program files\Valve
2010-05-01 20:15 . 2010-05-01 20:15 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-04-30 03:12 . 2010-04-30 03:12 -------- d-----w- c:\program files\Common Files\Java
2010-04-30 03:11 . 2010-04-30 03:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-30 03:11 . 2010-04-30 03:11 -------- d-----w- c:\program files\Java
2010-04-28 23:48 . 2010-04-28 23:48 -------- d-----w- c:\program files\Programas RFB
2010-04-23 07:13 . 2010-05-26 14:43 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-22 01:16 . 2010-04-22 01:06 15600 ----a-w- c:\windows\gdrv.sys
2010-04-21 19:16 . 2010-04-21 19:16 720896 ----a-w- c:\windows\iun6002ev.exe
2010-04-21 15:06 . 2010-05-12 15:43 52224 ----a-w- c:\users\Danilo\AppData\Roaming\Mozilla\Firefox\Profiles\hdlplj9n.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\FFExternalAlert.dll
2010-04-21 15:06 . 2010-05-12 15:43 101376 ----a-w- c:\users\Danilo\AppData\Roaming\Mozilla\Firefox\Profiles\hdlplj9n.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\RadioWMPCore.dll
2010-04-14 16:47 . 2010-04-22 00:43 38848 ----a-w- c:\windows\system32\avastSS.scr
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]
2009-12-31 14:53 2349080 ----a-w- c:\program files\Messenger_Plus_Live\tbMess.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9B339F6E-DDCD-401B-8764-230ADBD01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ares"="c:\program files\Ares\Ares.exe" [2010-02-08 1015808]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\Bela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Dirceu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 135664]
R3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-28 1343400]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2009-06-26 85504]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]

.
Conteúdo da pasta 'Tarefas Agendadas'

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 18:26]

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 18:26]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2567694
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORFÃOS REMOVIDOS - - - -

URLSearchHooks-{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - (no file)
WebBrowser-{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} - (no file)
HKLM-Run-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe
HKLM-Run-Winpbger.exe - c:\programdata\Dados de aplicativos\Winpbger.exe
HKLM-Run-Avira_Loader - c:\users\Administrador\AviraAutoLoader.exe
AddRemove-avast5 - c:\program files\Alwil Software\Avast5\aswRunDll.exe


.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2010-06-26 18:49:31
ComboFix-quarantined-files.txt 2010-06-26 21:49

Pré-execução: 26.964.017.152 bytes disponíveis
Pós execução: 27.218.436.096 bytes disponíveis

- - End Of File - - 954620F78296BC28B8BFBCFB30319248


tenta me ajudar...

não estou conseguindo ativar meu antivirus nem instalar um novo...

obrigado pela ajuda...

Abraços...
© 1999-2025 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal