Jump to content


Photo

Virus "win32/packed Autoit.gen"


  • This topic is locked This topic is locked
2 replies to this topic

#1 JADSON CYBER

JADSON CYBER

    Normal

  • Usuários
  • 65 posts
  • Sexo:Masculino

Posted 26/05/2009, 14:06

Caros Amigos,

Estou com disco removivel com um virus "Win32/Packed autoit.gen". Passei todos os arquivos do Disco Removivel para o PC e rodei o Combofix, mas continuou com o mesmo problema: Não conseguimos vê os arquivos dentro da pasta.

Segue abaixo relatorio do Combofix.

ComboFix 09-05-25.A2 - Jardson 26/05/2009 13:27.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.384 [GMT -3:00]
Executando de: c:\documents and settings\Jardson\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-26 to 2009-05-26 ))))))))))))))))))))))))))))
.

2009-05-22 22:45 . 2005-12-20 17:39 94208 ----a-w c:\windows\tsnpstd3.exe
2009-05-22 22:45 . 2005-09-05 18:55 339968 ----a-w c:\windows\vsnpstd3.exe
2009-05-22 22:45 . 2005-12-08 14:09 8718848 ----a-w c:\windows\system32\drivers\snpstd3.sys
2009-05-22 22:45 . 2005-10-26 20:11 53248 ----a-w c:\windows\system32\vsnpstd3.dll
2009-05-22 22:45 . 2005-09-12 20:48 61440 ----a-w c:\windows\system32\rsnpstd3.dll
2009-05-22 22:45 . 2004-02-16 16:59 61440 ----a-w c:\windows\system32\csnpstd3.dll
2009-05-22 22:45 . 2009-05-22 22:45 -------- d-----w c:\arquivos de programas\Arquivos comuns\snpstd3
2009-05-22 22:45 . 2004-12-08 21:40 20480 ----a-w c:\windows\usnpstd3.exe
2009-05-22 22:16 . 2009-05-22 22:16 -------- d-----w c:\arquivos de programas\Topro
2009-05-15 01:27 . 2009-05-15 01:27 -------- d-----w c:\arquivos de programas\Windows Live Safety Center
2009-05-14 15:26 . 2009-05-14 15:26 390664 ----a-w c:\documents and settings\Jardson\Dados de aplicativos\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-09 17:02 . 2001-08-18 09:36 8704 -c--a-w c:\windows\system32\dllcache\kbdjpn.dll
2009-05-09 17:02 . 2001-08-18 09:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-05-09 17:02 . 2001-08-18 09:36 8192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll
2009-05-09 17:02 . 2001-08-18 09:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-05-09 17:02 . 2001-08-18 01:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101c.dll
2009-05-09 17:02 . 2001-08-18 01:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101b.dll
2009-05-09 17:02 . 2001-08-18 01:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-05-09 17:02 . 2001-08-18 01:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-05-09 17:02 . 2001-08-18 01:55 5632 -c--a-w c:\windows\system32\dllcache\kbd103.dll
2009-05-09 17:02 . 2001-08-18 01:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-05-09 17:02 . 2008-04-13 22:18 6144 -c--a-w c:\windows\system32\dllcache\kbd106.dll
2009-05-09 17:02 . 2008-04-13 22:18 6144 ----a-w c:\windows\system32\kbd106.dll
2009-05-08 16:47 . 2009-05-08 16:47 -------- d-----w c:\arquivos de programas\WinXMedia
2009-05-02 23:08 . 2009-05-02 23:08 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-02 23:08 . 2009-05-02 23:08 -------- d-----w c:\documents and settings\Jardson\Dados de aplicativos\skypePM
2009-04-28 16:21 . 2009-05-26 16:22 -------- d-----w c:\arquivos de programas\ESET

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 20:36 . 2009-02-23 23:33 -------- d-----w c:\arquivos de programas\TalismanOnline
2009-05-22 22:45 . 2009-01-19 02:23 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information
2009-05-17 13:21 . 2009-01-22 12:59 -------- d-----w c:\arquivos de programas\Pokemon
2009-05-09 17:02 . 2009-01-22 16:07 -------- d-----w c:\arquivos de programas\Lineage II - PTS_PTS
2009-05-04 15:17 . 2009-02-28 01:57 -------- d-----w c:\documents and settings\Jardson\Dados de aplicativos\Skype
2009-04-21 00:43 . 2009-01-19 03:58 -------- d-----w c:\arquivos de programas\FirebirdClient
2009-04-16 12:44 . 2001-10-28 18:07 67232 ----a-w c:\windows\system32\perfc016.dat
2009-04-16 12:44 . 2001-10-28 18:07 425072 ----a-w c:\windows\system32\perfh016.dat
2009-04-02 16:31 . 2009-03-26 21:40 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-04-02 15:03 . 2009-04-02 15:03 -------- d-----w c:\arquivos de programas\Sierra
2009-03-11 18:15 . 2009-03-11 18:15 15240 ----a-w c:\documents and settings\Jardson\Dados de aplicativos\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
2009-03-06 14:20 . 2002-09-09 16:08 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:06 . 2002-09-09 16:08 826368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-28_16.16.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-19 03:14 . 2005-08-01 19:01 57344 c:\windows\twain_32\SNPSTD3D\TwainUI.dll
+ 2009-05-22 22:45 . 2005-08-01 19:01 57344 c:\windows\twain_32\SNPSTD3D\TwainUI.dll
+ 2009-05-22 22:45 . 2005-08-01 19:01 57344 c:\windows\twain_32\SNPSTD3C\TwainUI.dll
- 2009-01-19 03:14 . 2005-08-01 19:01 57344 c:\windows\twain_32\SNPSTD3C\TwainUI.dll
+ 2009-05-22 22:45 . 2005-08-01 19:01 57344 c:\windows\twain_32\SNPSTD3B\TwainUI.dll
- 2009-01-19 03:14 . 2005-08-01 19:01 57344 c:\windows\twain_32\SNPSTD3B\TwainUI.dll
+ 2009-05-22 22:45 . 2005-08-01 19:01 57344 c:\windows\twain_32\SNPSTD3A\TwainUI.dll
- 2009-01-19 03:14 . 2005-08-01 19:01 57344 c:\windows\twain_32\SNPSTD3A\TwainUI.dll
+ 2009-01-19 01:53 . 2008-04-13 22:19 67584 c:\windows\system32\IME\PINTLGNT\PMIGRATE.DLL
+ 2009-01-19 01:53 . 2008-04-13 12:43 70144 c:\windows\system32\IME\PINTLGNT\PINTLPHR.EXE
+ 2009-01-19 01:53 . 2004-08-04 01:31 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
+ 2009-01-19 01:53 . 2008-04-13 22:19 86073 c:\windows\system32\dllcache\voicesub.dll
- 2009-01-19 00:37 . 2008-04-13 22:19 86073 c:\windows\system32\dllcache\voicesub.dll
+ 2009-01-19 01:53 . 2008-04-13 22:19 67584 c:\windows\system32\dllcache\pmigrate.dll
- 2009-01-19 00:37 . 2008-04-13 22:19 67584 c:\windows\system32\dllcache\pmigrate.dll
- 2009-01-19 00:37 . 2008-04-13 12:43 70144 c:\windows\system32\dllcache\pintlphr.exe
+ 2009-01-19 01:53 . 2008-04-13 12:43 70144 c:\windows\system32\dllcache\pintlphr.exe
+ 2009-01-19 01:53 . 2008-04-13 22:19 53760 c:\windows\system32\dllcache\pintlcsd.dll
- 2009-01-19 00:37 . 2008-04-13 22:19 53760 c:\windows\system32\dllcache\pintlcsd.dll
- 2009-01-19 00:37 . 2008-04-13 22:19 15360 c:\windows\system32\dllcache\padrs804.dll
+ 2009-01-19 01:53 . 2008-04-13 22:19 15360 c:\windows\system32\dllcache\padrs804.dll
- 2009-01-19 00:37 . 2002-08-28 23:39 59392 c:\windows\system32\dllcache\imscinst.exe
+ 2009-01-19 01:53 . 2004-08-04 01:31 59392 c:\windows\system32\dllcache\imscinst.exe
- 2009-01-19 00:36 . 2008-04-13 22:18 81976 c:\windows\system32\dllcache\imjpdct.dll
+ 2009-01-19 01:53 . 2008-04-13 22:18 81976 c:\windows\system32\dllcache\imjpdct.dll
- 2009-01-19 00:36 . 2008-04-13 22:18 86016 c:\windows\system32\dllcache\imekrmbx.dll
+ 2009-01-19 01:53 . 2008-04-13 22:18 86016 c:\windows\system32\dllcache\imekrmbx.dll
+ 2009-01-19 01:53 . 2004-08-04 01:31 57399 c:\windows\system32\dllcache\cplexe.exe
- 2009-01-19 00:36 . 2004-08-04 01:31 57399 c:\windows\system32\dllcache\cplexe.exe
+ 2009-01-19 02:16 . 2007-04-02 14:26 19456 c:\windows\system32\dllcache\agt0804.dll
+ 2009-01-19 02:15 . 2007-04-02 14:26 19456 c:\windows\system32\dllcache\agt0412.dll
+ 2009-01-19 02:16 . 2007-04-02 14:26 19456 c:\windows\system32\dllcache\agt0411.dll
+ 2009-01-19 02:16 . 2007-04-02 14:26 19456 c:\windows\msagent\intl\agt0804.dll
+ 2009-01-19 02:15 . 2007-04-02 14:26 19456 c:\windows\msagent\intl\agt0412.dll
+ 2009-01-19 02:16 . 2007-04-02 14:26 19456 c:\windows\msagent\intl\agt0411.dll
+ 2009-01-19 03:51 . 2009-05-13 21:45 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-19 03:51 . 2009-04-16 12:19 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-19 03:51 . 2009-04-16 12:19 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-19 03:51 . 2009-05-13 21:45 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-19 03:51 . 2009-05-13 21:45 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-19 03:51 . 2009-04-16 12:19 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-19 03:51 . 2009-04-16 12:19 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-19 03:51 . 2009-05-13 21:45 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-19 03:51 . 2009-05-13 21:45 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-01-19 03:51 . 2009-04-16 12:19 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-01-19 03:51 . 2009-04-16 12:19 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-19 03:51 . 2009-05-13 21:45 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-22 22:05 . 2007-03-22 22:05 97632 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2009-01-19 01:53 . 2008-04-13 22:19 15360 c:\windows\ime\shared\res\padrs804.dll
+ 2009-01-19 01:53 . 2008-04-13 22:18 86016 c:\windows\ime\imkr6_1\applets\imekrmbx.dll
+ 2009-01-19 01:53 . 2008-04-13 22:18 81976 c:\windows\ime\imjp8_1\imjpdct.dll
+ 2009-01-19 01:53 . 2004-08-04 01:31 57399 c:\windows\ime\imjp8_1\cplexe.exe
+ 2009-01-19 01:53 . 2008-04-13 22:19 86073 c:\windows\ime\imjp8_1\applets\voicesub.dll
+ 2009-01-19 01:53 . 2008-04-13 22:19 53760 c:\windows\ime\chsime\applets\PINTLCSD.DLL
+ 2009-01-19 02:16 . 2008-04-13 22:18 6144 c:\windows\system32\kbdlk41j.dll
+ 2009-01-19 02:15 . 2008-04-13 22:18 6656 c:\windows\system32\kbdlk41a.dll
+ 2009-01-19 02:15 . 2008-04-13 22:18 7168 c:\windows\system32\kbdibm02.dll
+ 2009-01-19 02:15 . 2008-04-13 22:18 6144 c:\windows\system32\kbdax2.dll
+ 2009-01-19 02:16 . 2008-04-13 22:18 6144 c:\windows\system32\kbd106n.dll
+ 2009-01-19 02:16 . 2008-04-13 22:18 6144 c:\windows\system32\kbd101.dll
+ 2009-01-19 02:16 . 2008-04-13 22:18 7168 c:\windows\system32\f3ahvoas.dll
+ 2001-10-28 18:06 . 2008-04-13 22:18 7168 c:\windows\system32\dllcache\kbdnec.dll
+ 2009-01-19 02:16 . 2008-04-13 22:18 6144 c:\windows\system32\dllcache\kbdlk41j.dll
+ 2009-01-19 02:15 . 2008-04-13 22:18 6656 c:\windows\system32\dllcache\kbdlk41a.dll
+ 2009-01-19 02:15 . 2008-04-13 22:18 7168 c:\windows\system32\dllcache\kbdibm02.dll
+ 2009-01-19 02:15 . 2008-04-13 22:18 6144 c:\windows\system32\dllcache\kbdax2.dll
+ 2009-01-19 02:16 . 2008-04-13 22:18 6144 c:\windows\system32\dllcache\kbd106n.dll
+ 2009-01-19 02:16 . 2008-04-13 22:18 6144 c:\windows\system32\dllcache\kbd101.dll
+ 2009-01-19 02:16 . 2008-04-13 22:18 7168 c:\windows\system32\dllcache\f3ahvoas.dll
- 2009-01-19 03:51 . 2009-04-16 12:19 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-01-19 03:51 . 2009-05-13 21:45 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-01-19 01:53 . 2008-04-13 22:18 811064 c:\windows\system32\imjp81k.dll
- 2009-01-19 00:37 . 2008-04-13 22:19 426041 c:\windows\system32\dllcache\voicepad.dll
+ 2009-01-19 01:53 . 2008-04-13 22:19 426041 c:\windows\system32\dllcache\voicepad.dll
- 2009-01-19 00:37 . 2008-04-13 22:19 175104 c:\windows\system32\dllcache\pintlcsa.dll
+ 2009-01-19 01:53 . 2008-04-13 22:19 175104 c:\windows\system32\dllcache\pintlcsa.dll
- 2009-01-19 00:37 . 2008-04-13 22:18 315455 c:\windows\system32\dllcache\imskf.dll
+ 2009-01-19 02:17 . 2008-04-13 22:18 315455 c:\windows\system32\dllcache\imskf.dll
- 2009-01-19 00:37 . 2008-04-13 22:18 102456 c:\windows\system32\dllcache\imlang.dll
+ 2009-01-19 01:53 . 2008-04-13 22:18 102456 c:\windows\system32\dllcache\imlang.dll
- 2009-01-19 00:37 . 2008-04-13 22:18 274489 c:\windows\system32\dllcache\imjputyc.dll
+ 2009-01-19 01:53 . 2008-04-13 22:18 274489 c:\windows\system32\dllcache\imjputyc.dll
+ 2009-01-19 01:53 . 2004-08-04 01:32 262200 c:\windows\system32\dllcache\imjputy.exe
- 2009-01-19 00:37 . 2004-08-04 01:32 262200 c:\windows\system32\dllcache\imjputy.exe
+ 2009-01-19 01:53 . 2004-08-04 01:32 233527 c:\windows\system32\dllcache\imjprw.exe
- 2009-01-19 00:36 . 2004-08-04 01:32 233527 c:\windows\system32\dllcache\imjprw.exe
+ 2009-01-19 01:53 . 2004-08-04 01:32 208952 c:\windows\system32\dllcache\imjpmig.exe
- 2009-01-19 00:36 . 2004-08-04 01:32 208952 c:\windows\system32\dllcache\imjpmig.exe
+ 2009-01-19 01:53 . 2004-08-04 01:31 196665 c:\windows\system32\dllcache\imjpinst.exe
- 2009-01-19 00:36 . 2004-08-04 01:31 196665 c:\windows\system32\dllcache\imjpinst.exe
+ 2009-01-19 01:53 . 2004-08-04 01:31 155705 c:\windows\system32\dllcache\imjpdsvr.exe
- 2009-01-19 00:36 . 2004-08-04 01:31 155705 c:\windows\system32\dllcache\imjpdsvr.exe
+ 2009-01-19 01:53 . 2004-08-04 01:31 307257 c:\windows\system32\dllcache\imjpdct.exe
- 2009-01-19 00:36 . 2004-08-04 01:31 307257 c:\windows\system32\dllcache\imjpdct.exe
- 2009-01-19 00:36 . 2008-04-13 22:18 716856 c:\windows\system32\dllcache\imjpcus.dll
+ 2009-01-19 01:53 . 2008-04-13 22:18 716856 c:\windows\system32\dllcache\imjpcus.dll
- 2009-01-19 00:36 . 2008-04-13 22:18 368696 c:\windows\system32\dllcache\imjpcic.dll
+ 2009-01-19 01:53 . 2008-04-13 22:18 368696 c:\windows\system32\dllcache\imjpcic.dll
- 2009-01-19 00:36 . 2008-04-13 22:18 811064 c:\windows\system32\dllcache\imjp81k.dll
+ 2009-01-19 01:53 . 2008-04-13 22:18 811064 c:\windows\system32\dllcache\imjp81k.dll
+ 2009-01-19 01:53 . 2008-04-13 22:18 106496 c:\windows\system32\dllcache\imekrcic.dll
- 2009-01-19 00:36 . 2008-04-13 22:18 106496 c:\windows\system32\dllcache\imekrcic.dll
+ 2009-01-19 02:15 . 2008-04-13 22:20 218112 c:\windows\system32\dllcache\c_g18030.dll
+ 2009-01-19 02:15 . 2008-04-13 22:20 218112 c:\windows\system32\c_g18030.dll
+ 2009-01-19 03:51 . 2009-05-13 21:45 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-01-19 03:51 . 2009-04-16 12:19 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-19 03:51 . 2009-05-13 21:45 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-01-19 03:51 . 2009-04-16 12:19 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-01-19 03:51 . 2009-04-16 12:19 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-01-19 03:51 . 2009-05-13 21:45 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-19 03:51 . 2009-04-16 12:19 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-19 03:51 . 2009-05-13 21:45 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-19 03:51 . 2009-05-13 21:45 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-01-19 03:51 . 2009-04-16 12:19 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-19 03:51 . 2009-05-13 21:45 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-01-19 03:51 . 2009-04-16 12:19 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-01-19 01:53 . 2008-04-13 22:18 102456 c:\windows\ime\shared\imlang.dll
+ 2009-01-19 01:53 . 2008-04-13 22:18 106496 c:\windows\ime\imkr6_1\imekrcic.dll
+ 2009-01-19 01:53 . 2008-04-13 22:18 274489 c:\windows\ime\imjp8_1\imjputyc.dll
+ 2009-01-19 01:53 . 2004-08-04 01:32 262200 c:\windows\ime\imjp8_1\imjputy.exe
+ 2009-01-19 01:53 . 2004-08-04 01:32 233527 c:\windows\ime\imjp8_1\imjprw.exe
+ 2009-01-19 01:53 . 2004-08-04 01:32 208952 c:\windows\ime\imjp8_1\imjpmig.exe
+ 2009-01-19 01:53 . 2004-08-04 01:31 196665 c:\windows\ime\imjp8_1\imjpinst.exe
+ 2009-01-19 01:53 . 2004-08-04 01:31 155705 c:\windows\ime\imjp8_1\imjpdsvr.exe
+ 2009-01-19 01:53 . 2004-08-04 01:31 307257 c:\windows\ime\imjp8_1\imjpdct.exe
+ 2009-01-19 01:53 . 2008-04-13 22:18 716856 c:\windows\ime\imjp8_1\imjpcus.dll
+ 2009-01-19 01:53 . 2008-04-13 22:18 368696 c:\windows\ime\imjp8_1\imjpcic.dll
+ 2009-01-19 01:53 . 2008-04-13 22:19 426041 c:\windows\ime\imjp8_1\applets\voicepad.dll
+ 2009-01-19 02:17 . 2008-04-13 22:18 315455 c:\windows\ime\imjp8_1\applets\imskf.dll
+ 2009-01-19 01:53 . 2008-04-13 22:19 175104 c:\windows\ime\chsime\applets\PINTLCSA.DLL
+ 2009-01-23 19:02 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
- 2009-01-19 00:36 . 2008-04-13 22:18 13463552 c:\windows\system32\dllcache\hwxjpn.dll
+ 2009-01-19 02:17 . 2008-04-13 22:18 13463552 c:\windows\system32\dllcache\hwxjpn.dll
+ 2009-01-19 02:17 . 2008-04-13 22:18 13463552 c:\windows\ime\imjp8_1\applets\hwxjpn.dll
.
-- Snapshot resetado para data atual --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools"="c:\arquivos de programas\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 3735552]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-01-22 185896]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-22 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Arquivos de programas\\Valve\\hl.exe"=
"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"1155:TCP"= 1155:TCP:VSCyber
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001

.
- - - - ORFÃOS REMOVIDOS - - - -

SafeBoot-procexp90.Sys


.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {0879F180-2558-45EA-9C53-D139CE419CA7} = 192.168.1.100
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jardson\Dados de aplicativos\Mozilla\Firefox\Profiles\nvio3157.default\
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 13:37
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Tempo para conclusão: 2009-05-26 13:40
ComboFix-quarantined-files.txt 2009-05-26 16:39
ComboFix2.txt 2009-04-28 16:19

Pré-execução: 12 pasta(s) 23.543.701.504 bytes disponíveis
Pós execução: 11 pasta(s) 24.230.776.832 bytes disponíveis

273 --- E O F --- 2009-05-13 21:45

Attached Files

  • Attached File  log.txt   22.68KB   12 downloads


#2 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 27/05/2009, 10:29

- Faça o download do Malwarebytes Anti-Malware
http://www.besttechi.../mbam-setup.exe
  • Faça a instalação dando um duplo clique em "mbam-setup.exe";
  • Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
  • Marque "Verificação Completa" e depois clique em Verificar;
  • Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
  • Se algo for detectado, veja se tudo está marcado e clique em "Remover";
  • O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
  • Copie e cole o conteúdo desse log na sua próxima resposta.
- Gere um log do HijackThis e cole na sua resposta.

Edição feita por: Leone Fernandes, 27/05/2009, 10:32.

  • RonsisM likes this



#3 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 06/06/2009, 14:25

Tópico Fechado!

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi fechado.
Caso necessite que o tópico seja reaberto, entre em contato com um dos moderadores do fórum..






0 user(s) are reading this topic

0 membro(s), 0 visitante(s) e 0 membros anônimo(s)

IPB Skin By Virteq