Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
E ae galera beleza??
Bem, após um tempo sem pegar vírus vejo que a minha net começou a ficar lenta.
Dei um Netstat e constatei várias conexões estranhas, com servers SMTP,e com uma tal de akamaitecnologies e internetteam entre outros.
Vou postar o log ae pra vcs verem.
Hijack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:33, on 12/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Intel\AMT\LMS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe
C:\Arquivos de programas\Ahead\InCD\InCD.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\luks\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [intelAudioStudio] "C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DB9B374-D8D9-44E1-BE8D-7EAF3A0FB9D6}: NameServer = 200.165.132.147,200.165.132.155
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (ipod service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Intel® Active Management Technology LMS Service (LMS) - Intel - C:\Arquivos de programas\Intel\AMT\LMS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 5462 bytes
-----------------------
E também tem um log do ComboFix.
ComboFix 09-10-11.03 - luks 12/10/2009 13:18.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2030.1598 [GMT -3:00]
Executando de: c:\documents and settings\luks\Desktop\ComboFix.exe
AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Criado um novo ponto de restauração
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\arquivos de programas\autorun.inf
c:\documents and settings\Antonio\Menu Iniciar\Programas\Mx One Antivirus - Guardian
c:\documents and settings\Antonio\Menu Iniciar\Programas\Mx One Antivirus - Guardian\Actualizaciones Offline.lnk
c:\documents and settings\Antonio\Menu Iniciar\Programas\Mx One Antivirus - Guardian\Donaciones.lnk
c:\documents and settings\Antonio\Menu Iniciar\Programas\Mx One Antivirus - Guardian\Mx One Guardian Tiempo Real.lnk
c:\documents and settings\Antonio\Menu Iniciar\Programas\Mx One Antivirus - Guardian\Mx One Guardian.lnk
c:\documents and settings\Antonio\Menu Iniciar\Programas\Mx One Antivirus - Guardian\Sitio Web.lnk
c:\documents and settings\Antonio\Menu Iniciar\Programas\Mx One Antivirus - Guardian\Soporte Tecnico.lnk
c:\recycler\S-1-5-21-4207654279-6576809169-344194541-6076
c:\recycler\S-1-5-21-4586382273-5390526753-821076168-1488
c:\recycler\S-1-5-21-6612591368-1159575411-584172855-6719
c:\recycler\S-1-5-21-8914192844-9171593811-354442767-4390
c:\windows\Installer\44d4b1.msi
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\c4dc5ff3.sys
F:\install.exe
A cópia de c:\windows\system32\drivers\ndis.sys foi encontrada e desinfectada
Cópia restaurada de - c:\system volume information\_restore{A10025DB-AC58-479D-8F8C-5064ADD4A7AB}\RP110\A0035748.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CSNETMANAGERXP
-------\Legacy_icf
-------\Service_c4dc5ff3
(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-12 to 2009-10-12 ))))))))))))))))))))))))))))
.
2009-10-10 19:31 . 2009-10-10 21:36 11776 ----a-w- c:\windows\system32\ubb.exe
2009-10-10 19:30 . 2009-10-10 19:30 -------- d-----w- c:\arquivos de programas\Microsoft
2009-10-10 19:25 . 2009-10-10 21:37 9216 ----a-w- C:\jdfbucp.exe
2009-10-10 19:25 . 2009-10-10 19:26 -------- d-----w- c:\documents and settings\henry\Dados de aplicativos\storage1
2009-10-10 19:25 . 2009-10-10 19:25 -------- d-----w- c:\documents and settings\henry\Dados de aplicativos\storage
2009-10-05 12:25 . 2009-10-05 12:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Macrovision
2009-10-05 12:21 . 2009-10-05 12:21 -------- d-----w- c:\arquivos de programas\Autodesk
2009-10-05 12:21 . 2009-10-05 12:21 12464 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS
2009-10-05 12:21 . 2009-10-05 12:21 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2009-10-05 12:20 . 2009-10-05 12:20 -------- d-----w- c:\arquivos de programas\AnswerWorks 4.0
2009-10-05 12:17 . 2009-10-05 12:41 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared
2009-10-05 12:17 . 2009-10-05 12:41 -------- d-----w- c:\arquivos de programas\AutoCAD 2004
2009-10-05 12:17 . 2009-10-05 12:26 -------- d-----w- c:\documents and settings\Antonio\Dados de aplicativos\Autodesk
2009-10-05 12:17 . 2009-10-05 12:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk
2009-10-04 22:50 . 2009-10-11 22:40 -------- d-----w- c:\arquivos de programas\bmoworld
2009-10-04 21:45 . 2009-10-04 21:45 -------- d-----w- c:\arquivos de programas\Printer
2009-10-04 21:45 . 2009-10-04 21:45 -------- d-----w- c:\arquivos de programas\DATA
2009-09-26 15:58 . 2008-10-16 17:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-26 15:58 . 2008-10-16 17:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-13 16:10 . 2009-09-13 16:36 -------- d-----w- c:\documents and settings\Antonio\Dados de aplicativos\HpUpdate
2009-09-13 16:10 . 2009-09-13 16:10 -------- d-----w- c:\windows\Hewlett-Packard
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 15:59 . 2009-04-12 14:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-10-12 15:16 . 2009-05-31 03:09 -------- d-----w- c:\arquivos de programas\Garena
2009-10-10 20:02 . 2004-08-04 03:45 14336 ----a-w- c:\windows\system32\svchost.exe
2009-10-10 20:01 . 2004-08-04 02:14 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-10-05 12:21 . 2009-04-12 19:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared
2009-10-04 22:22 . 2007-08-14 06:42 151552 ----a-w- c:\windows\system32\cl31mci.exe
2009-10-04 22:22 . 2007-08-14 06:42 65536 ----a-w- c:\windows\system32\cl31mci.dll
2009-10-04 22:22 . 2007-08-14 06:42 22723 ----a-w- c:\windows\system32\cl31ml3.dll
2009-10-02 23:17 . 2009-05-25 22:29 -------- d-----w- c:\arquivos de programas\Left4Dead
2009-09-29 01:13 . 2009-04-29 20:26 -------- d-----w- c:\arquivos de programas\Free Audio Pack
2009-09-29 01:10 . 2009-07-12 15:00 -------- d-----w- c:\arquivos de programas\Total Video Player
2009-09-27 12:53 . 2009-04-12 14:10 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy
2009-09-13 16:11 . 2009-04-13 17:23 -------- d-----w- c:\arquivos de programas\HP
2009-09-10 22:58 . 2009-07-30 17:07 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-09-10 17:54 . 2009-07-30 17:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 17:53 . 2009-07-30 17:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 13:09 . 2009-04-12 03:27 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-09-10 13:08 . 2009-09-10 13:08 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-10 13:08 . 2009-09-10 13:08 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-10 13:06 . 2009-09-10 13:06 -------- d-----w- c:\arquivos de programas\Aspyr Media, Inc
2009-09-10 12:02 . 2009-09-10 12:02 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-10 12:02 . 2009-09-10 12:02 -------- d-----w- c:\documents and settings\luks\Dados de aplicativos\DAEMON Tools Lite
2009-09-06 13:03 . 2009-05-01 22:59 -------- d-----w- c:\documents and settings\henry\Dados de aplicativos\uTorrent
2009-09-01 09:46 . 2009-09-01 09:46 -------- d-----w- c:\arquivos de programas\PermissionResearch
2009-08-25 21:28 . 2009-08-25 21:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles
2009-08-25 21:21 . 2009-04-13 14:59 -------- d-----w- c:\arquivos de programas\Java
2009-08-16 14:57 . 2009-08-16 14:37 -------- d-----w- c:\arquivos de programas\PET
2009-08-16 14:38 . 2009-08-16 14:38 -------- d-----w- c:\documents and settings\luks\Dados de aplicativos\FooPetsDesktop.E1A59F4315F58433140DC6A108B4F20995854275.1
2009-08-16 14:37 . 2009-04-20 02:50 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR
2009-08-16 00:55 . 2009-05-02 00:29 -------- d-----w- c:\documents and settings\henry\Dados de aplicativos\Audacity
2009-08-15 13:46 . 2009-08-15 13:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Drivers HeadQuarters
2009-08-13 19:55 . 2009-08-13 19:55 -------- d-----w- c:\documents and settings\henry\Dados de aplicativos\Malwarebytes
2009-08-09 22:59 . 2009-08-09 22:49 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-09 22:59 . 2009-04-12 13:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 08:23 . 2009-04-13 14:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-01-28 23:13 . 2009-01-28 23:13 28565 ----a-w- c:\arquivos de programas\Setup.dat
2009-01-24 02:55 . 2009-01-24 02:55 151552 ----a-w- c:\arquivos de programas\SetAlti.exe
2009-01-24 02:55 . 2009-01-24 02:55 184320 ----a-w- c:\arquivos de programas\SecSNMP.dll
2007-08-13 23:49 . 2007-08-13 23:49 3207168 ----a-w- c:\arquivos de programas\Ssres.dll
2004-10-01 18:00 . 2009-04-12 11:34 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe
.
------- Sigcheck -------
[-] 2009-10-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
[-] 2009-10-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 . 7399D854596BFEFEED6B60879F28CE07 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-11 86016]
"IntelAudioStudio"="c:\arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" [2006-06-07 9129984]
"InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2006-07-12 1397760]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-11 7630848]
"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-11 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"iPod Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ASKUpgrade"=3 (0x3)
"AcuWVSSchedulerv6"=3 (0x3)
"wuauserv"=2 (0x2)
"CSIScanner"=3 (0x3)
"mnmsrvc"=3 (0x3)
"RDSessMgr"=3 (0x3)
"gupdate"=3 (0x3)
"sdAuxService"=3 (0x3)
"sdCoreService"=3 (0x3)
"Rohos Disk"=3 (0x3)
"Themes"=3 (0x3)
"ThreatFire"=3 (0x3)
"icf"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Left4Dead\\hl2.exe"=
"c:\\Arquivos de programas\\Garena\\Garena.exe"=
"c:\\Arquivos de programas\\Left4Dead\\left4dead.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Left4Dead\\left4dead.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"c:\\Documents and Settings\\luks\\Desktop\\JOGOS\\Land Of The Dead Road To Fiddlers Green\\System\\LOTD.exe"=
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [29/6/2009 14:40 159600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [9/8/2009 19:49 108289]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [19/4/2009 07:25 14976]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 garenapengine;GarenaPEngine;\??\c:\docume~1\luks\CONFIG~1\Temp\TGZ3.tmp --> c:\docume~1\luks\CONFIG~1\Temp\TGZ3.tmp [?]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 RHDISK;RHDISK;\??\g:\arquivos de programas\Rohos\RHDISK.SYS --> g:\arquivos de programas\Rohos\RHDISK.SYS [?]
S4 AcuWVSSchedulerv6;Acunetix WVS Scheduler v6;c:\arquivos de programas\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe [24/11/2008 12:46 994952]
S4 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [6/7/2009 16:43 133104]
S4 Rohos Disk;Rohos Disk service;"g:\arquivos de programas\Rohos\agent.exe" /service --> g:\arquivos de programas\Rohos\agent.exe [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-07-06 19:43]
.
.------- Scan Suplementar -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
TCP: {7DB9B374-D8D9-44E1-BE8D-7EAF3A0FB9D6} = 200.165.132.147,200.165.132.155
FF - ProfilePath - c:\documents and settings\luks\Dados de aplicativos\Mozilla\Firefox\Profiles\bxdh6afs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.c4dbrasil.com
FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.HKLM-Run-SigmatelSysTrayApp - sttray.exe
HKLM-Explorer_Run-cftu - c:\windows\system32\cftu.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 13:25
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\garenapengine]
"ImagePath"="\??\c:\docume~1\luks\CONFIG~1\Temp\TGZ3.tmp"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\S-1-5-21-1390067357-2049760794-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3DBB2F20-273A-BBA0-0BD5-29D0559C57AF}*]
"daddkgjb"=hex:64,62,6b,64,6a,6e,6f,65,6a,6a,67,61,66,6c,6b,62,6f,68,63,63,64,
62,62,65,62,6c,66,6d,6d,66,64,70,65,6e,62,6e,69,6e,64,62,00,00
"iaoekmkcejjeamehba"=hex:69,61,6c,6e,6c,6d,64,66,68,64,63,6a,67,68,68,62,66,67,
00,00
"haeffbmggmagfnpa"=hex:6a,61,63,6f,66,6e,6e,62,6f,63,6e,70,6f,6a,67,64,6b,69,
70,6f,00,d0
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\windows\system32\MSVCP60.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Ahead\InCD\InCDsrv.exe
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Intel\AMT\LMS.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-10-12 13:28 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-10-12 16:28
Pré-execução: 12 pasta(s) 63.068.286.976 bytes disponíveis
Pós execução: 14 pasta(s) 63.566.712.832 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
259
Desculpa o post gigantesco ae :x
Quem puder ajudar eu realmente agradeço :x
T+
Carregando comentários...