[Resolvido!]Analizem meu log (Algo errado)

[anonimo1408 0]

Logfile of HijackThis v1.99.1

Scan saved at 22:51:36 Guilherme, on 20/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\TuneUp Utilities 2007\MemOptimizer.exe

C:\Arquivos de programas\Internet Download Manager\IDMan.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Arquivos de programas\Desktop Sidebar\sbhelp.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Arquivos de programas\TuneUp Utilities 2007\MemOptimizer.exe" autostart

O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

O8 - Extra context menu item: Download All Links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Arquivos de programas\Desktop Sidebar\sbhelp.dll

O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Arquivos de programas\Desktop Sidebar\sbhelp.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/re...es/MsnPUpld.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WBSrv - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

 

Explicação:

 

estava eu indo em uma pasta e vi esse bonjour, a pasta está criada no dia 16/07/2007 e o arquivo dentro do dia 28/02/2006 nunca tinha visto esse troxo no meu pc resolvi reportar aki

 

OBS: não sei se so tem isso no meu pc de errado, analizem por favor

 

GRATO DESDE JÁ,

GUILHERME

[jgarcia 1]

Opa anonimo1408,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[anonimo1408 0]

ola jgarcia.

 

fiz oque você falou

 

a baixo segue o log do combofix:

 

"WinXp" - 2007-07-23 21:33:34 - ComboFix 07-07-23.6 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\Cfx32.lic

C:\WINDOWS\system32\cfx32.ocx

C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\nm

 

 

((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))

 

 

2007-07-23 21:32 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-23 15:26 <DIR> d-------- C:\DOCUME~1\WinXp\DADOSD~1\BitTorrent

2007-07-23 15:25 <DIR> d-------- C:\Program Files

2007-07-23 15:25 <DIR> d-------- C:\Arquivos de programas\BitTorrent

2007-07-20 23:01 <DIR> d-------- C:\VundoFix Backups

2007-07-20 22:25 <DIR> d-------- C:\Arquivos de programas\Phoenxsoftware

2007-07-16 01:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\FLEXnet

2007-07-16 00:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2007-07-16 00:51 <DIR> d-------- C:\Arquivos de programas\MagicISO

2007-07-15 00:08 <DIR> d-------- C:\Hijack

2007-07-07 21:45 3,584 --a------ C:\WINDOWS\system32\TimerStop.sys

2007-07-07 08:58 <DIR> d-------- C:\DOCUME~1\WinXp\.borland

2007-07-07 08:55 376,832 --a------ C:\WINDOWS\system32\gds32.dll

2007-07-07 08:55 28,672 --a------ C:\WINDOWS\system32\ibxml.dll

2007-07-07 08:55 177,152 --a------ C:\WINDOWS\system32\ibinstall.dll

2007-07-07 08:55 <DIR> d-------- C:\Inprise

2007-07-07 08:49 <DIR> d-------- C:\Arquivos de programas\Borland

2007-07-07 08:49 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Borland Shared

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-23 22:31:15 -------- d-----w C:\DOCUME~1\WinXp\DADOSD~1\DMCache

2007-07-21 22:28:47 -------- d-----w C:\DOCUME~1\WinXp\DADOSD~1\teamspeak2

2007-07-20 21:25:06 -------- d-----w C:\Arquivos de programas\UltimateZip 2007

2007-07-16 01:37:37 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-07-11 13:53:57 79,718 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-07-11 13:53:57 472,050 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-07-08 01:31:36 -------- d-----w C:\DOCUME~1\WinXp\DADOSD~1\MegauploadToolbar

2007-07-08 01:31:27 -------- d-----w C:\Arquivos de programas\MegauploadToolbar

2007-07-07 21:41:48 298,104 ----a-w C:\WINDOWS\system32\imon.dll

2007-07-07 21:41:47 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys

2007-07-07 21:41:47 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys

2007-06-29 15:57:48 -------- d-----w C:\Arquivos de programas\MessengerDiscovery

2007-06-17 19:39:54 -------- d-----w C:\Arquivos de programas\Windows Live

2007-06-17 19:39:54 -------- d-----w C:\Arquivos de programas\MSN Messenger

2007-06-17 19:39:54 -------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-06-09 16:58:28 -------- d-----w C:\Arquivos de programas\Teamspeak2_RC2

2007-06-04 20:04:08 -------- d-----w C:\Arquivos de programas\Gravity

2007-06-02 15:09:30 -------- d-----w C:\Arquivos de programas\RolePlayingMaster

2007-06-01 20:00:56 -------- d-----w C:\DOCUME~1\WinXp\DADOSD~1\Desktop Sidebar

2007-06-01 19:44:53 -------- d-----w C:\Arquivos de programas\Windows Defender

2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-03-26 19:11:15 84,480 --sha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\12_explorer.exe\Thumbs.db

2007-03-26 19:11:51 39,424 --sha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\40_rasdlg.dll\Thumbs.db

2007-03-26 19:11:33 31,232 --sha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\53_taskmgr.exe\Thumbs.db

2007-01-29 21:44:57 56 --sh--r C:\WINDOWS\system32\E4FE81A80F.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2007-07-07 18:41]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TuneUp MemOptimizer"="C:\Arquivos de programas\TuneUp Utilities 2007\MemOptimizer.exe" [2006-12-19 16:53]

"IDMan"="C:\Arquivos de programas\Internet Download Manager\IDMan.exe" [2007-05-01 23:35]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45]

"BitTorrent"="C:\Arquivos de programas\BitTorrent\bittorrent.exe" [2007-03-01 20:11]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2006-10-10 16:53 135168 C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=wbsys.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\]

"Script"=C:\WINDOWS\msboot.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^WinXp^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^WinXp^Menu Iniciar^Programas^Inicializar^Stardock ObjectDock.lnk]

path=C:\WINDOWS\BricoPacks\Vista Inspirat\Shortcuts\Stardock ObjectDock.lnk

backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^WinXp^Menu Iniciar^Programas^Inicializar^UberIcon.lnk]

path=C:\WINDOWS\BricoPacks\Vista Inspirat\Shortcuts\UberIcon.lnk

backup=C:\WINDOWS\pss\UberIcon.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^WinXp^Menu Iniciar^Programas^Inicializar^Y'z ToolBar.lnk]

path=C:\WINDOWS\BricoPacks\Vista Inspirat\Shortcuts\Y'z ToolBar.lnk

backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

"C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Arquivos de programas\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]

"C:\Arquivos de programas\RFA Platinum\rfagent.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]

"C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

"C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

 

R0 SiSRaid;SiSRaid;C:\WINDOWS\system32\drivers\SiSRaid.sys

R0 uagp35;Filtro Microsoft AGPv3.5;C:\WINDOWS\system32\DRIVERS\uagp35.sys

R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys

R1 NPPTNT2;NPPTNT2;\??\C:\WINDOWS\system32\npptNT2.sys

R2 InterBaseGuardian;InterBase Guardian;C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs

R3 InterBaseServer;InterBase Server;C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;"C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe"

S3 odserv;Microsoft Office Diagnostics Service;"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE"

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs

UxTuneUp

 

 

Contents of the 'Scheduled Tasks' folder

2007-07-20 20:17:20 C:\WINDOWS\tasks\1-Click Maintenance.job

2007-07-23 17:24:57 C:\WINDOWS\tasks\MP Scheduled Scan.job

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-23 21:41:08

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{450E1893-59D2-D500-0BA2-6779FD2D618A}]

"abelmbllhngcannllmhcpfnpbpippeokhj"=hex:61,61,00,d2

"madlbpbpdnphojpdbogpjboice"=hex:61,61,00,d2

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-23 21:43:45 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-07-23 21:43

 

--- E O F ---

[jgarcia 1]

Opa anonimo1408,

 

Baixe o F-Secure Blacklight em:

F-Secure Blacklight

 

Salve-o em sua área de trabalho (desktop) e o execute. Aceite o acordo. Clique em Scan e aguarde.

 

Se ele encontrar algum arquivo, ignore, pois quero apenas o log.

 

Ao final do scan será gerado o arquivo fsbl-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta.

 

Abraços.

[anonimo1408 0]

ola, fiz oque você pediu....e axo que não axou nadaabaixo segue o log07/24/07 09:30:07 [info]: BlackLight Engine 1.0.64 initialized07/24/07 09:30:07 [info]: OS: 5.1 build 2600 (Service Pack 2)07/24/07 09:30:07 [Note]: 7019 407/24/07 09:30:07 [Note]: 7005 007/24/07 09:30:13 [Note]: 7006 007/24/07 09:30:13 [Note]: 7011 91207/24/07 09:30:14 [Note]: 7026 007/24/07 09:30:14 [Note]: 7026 007/24/07 09:30:18 [Note]: FSRAW library version 1.7.102207/24/07 09:35:32 [Note]: 2000 101207/24/07 09:35:32 [Note]: 2000 101207/24/07 09:35:56 [Note]: 7007 0vou passar novamente depois e ja posto dinovo, porque axo que fiz algo errado.PS: jgarcia, porque você não cria um tutorial falando para que cada dessas ferramentas serve e como utilizalas, acho que assim você não ficara tão carregado e as pessoas poderam fazer praticamente sozinhas, sou tecnologo da ciencias da computação e axo esta area muito interessante^^

[jgarcia 1]

vou passar novamente depois e ja posto dinovo, porque axo que fiz algo errado.

Não precisa cara. O log gerado está perfeito e, diga-se de passagem, limpo.

 

PS: jgarcia, porque você não cria um tutorial falando para que cada dessas ferramentas serve e como utilizalas, acho que assim você não ficara tão carregado e as pessoas poderam fazer praticamente sozinhas, sou tecnologo da ciencias da computação e axo esta area muito interessante^^

Bem que eu gostaria, mas o tempo anda muito curto. Assim que der eu criarei um tópico guia. :thumbsup:

 

Ah, você pode desinstalar o Bonjour através de Adicionar / Remover programas.

 

Abraços.

[Sam Spade 2]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.