Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Cintia Leme

[Arquivado]WinantivirusPro/DriveCleaner2006/Win32.ConHook/Virtumonde

Recommended Posts

Tá parecendo brincadeira, heim?

To Mandando meu log e peço gentileza de, seja quem for que possa me ajudar, seja claro pois estou com o Windows XP só faz uma semana e estou "apanhando" um tiquinho nele.

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 01:16:30, on 8/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\casa\Desktop\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {46f49380-ede4-4de8-848e-88ad33c692e9} - C:\WINDOWS\system32\iastuq.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp4.tmp.dll (file missing)

O2 - BHO: (no name) - {e4d87dcb-45d8-40c8-9755-53857f7618e3} - C:\WINDOWS\system32\iastuq.dll

O2 - BHO: (no name) - {ebdf4e57-c83f-4ec1-aa64-dcf5b2bebf38} - C:\WINDOWS\system32\iastuq.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [sDTray] "C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\iastuq.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\iastuq.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\windows\system32\geebxvt.dll

O20 - Winlogon Notify: iastuq - C:\WINDOWS\SYSTEM32\iastuq.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 6760 bytes

 

Alguém pode me ajudar? Já passei o Spybot umas quinhentas vezes e não sai! :/

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Cintia Leme,

 

Vamos lá.

 

* Baixe o VundoFix.

 

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

 

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

 

* Terminado o scan clique em Remove Vundo;

 

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

 

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

 

* Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do HijackThis.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Opa Cintia Leme,

 

* Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do HijackThis.

Ok, mas ele não conseguiu deletar o geebxvt.dll:

(PS: Ah, não tem aquela história de "dasabilitar a restauração do sistema" no XP?)

:rolleyes:

 

 

VundoFix V6.5.7

 

Checking Java version...

 

Sun Java not detected

Scan started at 15:42:54 8/8/2007

 

Listing files found while scanning....

 

C:\windows\system32\awtqonl.dll

C:\windows\system32\awvtutr.dll

C:\windows\system32\ddabxwu.dll

C:\windows\system32\ddayxur.dll

C:\windows\system32\ddcyawu.dll

C:\windows\system32\ddcyxwu.dll

C:\windows\system32\gebcbxv.dll

C:\windows\system32\geebxvt.dll

C:\windows\system32\jkhfdax.dll

C:\windows\system32\jkhhhfe.dll

C:\windows\system32\jkhhifd.dll

C:\windows\system32\jkkljkh.dll

C:\windows\system32\mljgfcb.dll

C:\windows\system32\mllmljj.dll

C:\windows\system32\pmkjggd.dll

C:\windows\system32\pmnnkkj.dll

C:\windows\system32\ssqpmki.dll

C:\windows\system32\ssqpopn.dll

C:\windows\system32\ssttrro.dll

C:\WINDOWS\system32\tmp4.tmp.dll

C:\windows\system32\vtstrol.dll

 

Beginning removal...

 

Attempting to delete C:\windows\system32\awtqonl.dll

C:\windows\system32\awtqonl.dll Has been deleted!

 

Attempting to delete C:\windows\system32\awvtutr.dll

C:\windows\system32\awvtutr.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ddabxwu.dll

C:\windows\system32\ddabxwu.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ddayxur.dll

C:\windows\system32\ddayxur.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ddcyawu.dll

C:\windows\system32\ddcyawu.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ddcyxwu.dll

C:\windows\system32\ddcyxwu.dll Has been deleted!

 

Attempting to delete C:\windows\system32\gebcbxv.dll

C:\windows\system32\gebcbxv.dll Has been deleted!

 

Attempting to delete C:\windows\system32\geebxvt.dll

C:\windows\system32\geebxvt.dll Could not be deleted.

 

Attempting to delete C:\windows\system32\jkhfdax.dll

C:\windows\system32\jkhfdax.dll Has been deleted!

 

Attempting to delete C:\windows\system32\jkhhhfe.dll

C:\windows\system32\jkhhhfe.dll Has been deleted!

 

Attempting to delete C:\windows\system32\jkhhifd.dll

C:\windows\system32\jkhhifd.dll Has been deleted!

 

Attempting to delete C:\windows\system32\jkkljkh.dll

C:\windows\system32\jkkljkh.dll Has been deleted!

 

Attempting to delete C:\windows\system32\mljgfcb.dll

C:\windows\system32\mljgfcb.dll Has been deleted!

 

Attempting to delete C:\windows\system32\mllmljj.dll

C:\windows\system32\mllmljj.dll Has been deleted!

 

Attempting to delete C:\windows\system32\pmkjggd.dll

C:\windows\system32\pmkjggd.dll Has been deleted!

 

Attempting to delete C:\windows\system32\pmnnkkj.dll

C:\windows\system32\pmnnkkj.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ssqpmki.dll

C:\windows\system32\ssqpmki.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ssqpopn.dll

C:\windows\system32\ssqpopn.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ssttrro.dll

C:\windows\system32\ssttrro.dll Has been deleted!

 

Attempting to delete C:\windows\system32\vtstrol.dll

C:\windows\system32\vtstrol.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\windows\system32\geebxvt.dll

C:\windows\system32\geebxvt.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.7

 

Checking Java version...

 

Sun Java not detected

Scan started at 16:13:38 8/8/2007

 

Listing files found while scanning....

 

C:\windows\system32\geebxvt.dll

 

Beginning removal...

 

Attempting to delete C:\windows\system32\geebxvt.dll

C:\windows\system32\geebxvt.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

 

E aqui o log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 16:29:19, on 8/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\AGRSMMSG.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\casa\Desktop\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {46f49380-ede4-4de8-848e-88ad33c692e9} - C:\WINDOWS\system32\iastuq.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9e13f044-83a5-44ac-bbc6-d86ea3a1b41d} - C:\WINDOWS\system32\iastuq.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - (no file)

O2 - BHO: (no name) - {e4d87dcb-45d8-40c8-9755-53857f7618e3} - C:\WINDOWS\system32\iastuq.dll

O2 - BHO: (no name) - {ebdf4e57-c83f-4ec1-aa64-dcf5b2bebf38} - C:\WINDOWS\system32\iastuq.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [sDTray] "C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\iastuq.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\iastuq.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\windows\system32\geebxvt.dll

O20 - Winlogon Notify: iastuq - C:\WINDOWS\SYSTEM32\iastuq.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 6906 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Cintia Leme,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo do HijackThis.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom, outra dúvida agora. Eu tenho o Spybot instalado e o Residente ativo. Abriram umas vinyte janelinhas perguntando se eu permitia ou negava... valores deletados, adicionados, mudados... tentei usar o bom senso mas, temo ter clicado em algo que não devia. Devo desativar o Resident e passar o Combofix de novo? Agora está dando uma mensagem de erro no desktop "Runtime error 216 at 51F2242C". Quando clico no Ok, abre outra janelinha: 'A instrução no "0x51f265c2" fez referência à memória no "0x015f4e60". A memória naãp pôde "read". Clique em Ok para encerrar o programa' (que é o SDTrayApp.exe. Uma fecha e a outra abre, sem parar.

Por favor, também quero saber em relação à "restauração do sistema".

 

ComboFix 07-08-04.3 - "casa" 2007-08-08 17:08:41.1 [GMT -3:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

* Created a new restore point

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\casa\DADOSD~1\tmp1.tmp.exe

C:\DOCUME~1\casa\DADOSD~1\tmp4.tmp.exe

C:\DOCUME~1\casa\DADOSD~1\tmp5.tmp.exe

C:\WINDOWS\system32\dnecd750d6.dat

C:\WINDOWS\system32\iastuq.dll

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_DOMAINSERVICE

 

 

((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))

 

 

2007-08-08 17:06 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-08 16:31 13,380 --a------ C:\WINDOWS\system32\pmnnlih.dll

2007-08-08 15:42 <DIR> d-------- C:\VundoFix Backups

2007-08-08 11:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab

2007-08-08 11:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-08-07 20:01 131,385 --a------ C:\WINDOWS\cbbcdb.dll

2007-08-07 19:09 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-08-07 16:32 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2007-08-07 13:24 131,385 --a------ C:\WINDOWS\vtustt.dll

2007-08-06 20:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

2007-08-06 19:48 89,360 --a------ C:\WINDOWS\system32\Vb5db.dll

2007-08-06 19:48 57,344 --a------ C:\WINDOWS\system32\Signet32.dll

2007-08-06 19:48 527,024 --a------ C:\WINDOWS\system32\tibase6.dll

2007-08-06 19:48 489,128 --a------ C:\WINDOWS\system32\tdbgpp7.dll

2007-08-06 19:48 415,504 --a------ C:\WINDOWS\system32\Msrepl35.dll

2007-08-06 19:48 252,176 --a------ C:\WINDOWS\system32\Msrd2x35.dll

2007-08-06 19:48 249,856 --a------ C:\WINDOWS\system32\Todgub7.dll

2007-08-06 19:48 24,848 --a------ C:\WINDOWS\system32\Msjter35.dll

2007-08-06 19:48 20,480 --a------ C:\WINDOWS\system32\TransCripto.dll

2007-08-06 19:48 133,296 --a------ C:\WINDOWS\system32\tishare6.dll

2007-08-06 19:48 123,664 --a------ C:\WINDOWS\system32\Msjint35.dll

2007-08-06 19:48 1,046,288 --a------ C:\WINDOWS\system32\Msjet35.dll

2007-08-06 19:48 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2007-08-06 19:46 27,136 --a------ C:\WINDOWS\system32\WiseDLL.dll

2007-08-06 19:23 460,800 --a------ C:\WINDOWS\snap.dat

2007-08-06 19:14 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys

2007-08-06 19:14 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2007-08-06 19:14 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys

2007-08-06 19:14 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2007-08-06 19:14 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys

2007-08-06 19:14 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2007-08-06 19:14 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys

2007-08-06 19:14 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

2007-08-06 19:14 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys

2007-08-06 19:14 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2007-08-06 19:13 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys

2007-08-06 19:13 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys

2007-08-06 19:13 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll

2007-08-06 19:13 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-08-06 19:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys

2007-08-06 19:13 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys

2007-08-06 19:11 <DIR> d-------- C:\WINDOWS\Setup2K

2007-08-06 16:34 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2007-08-06 16:34 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-08-06 16:34 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2007-08-06 16:34 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2007-08-06 13:23 131,421 --a------ C:\WINDOWS\dddedc.dll

2007-08-05 22:31 <DIR> d-------- C:\Arquivos de programas\Uniblue

2007-08-05 22:06 48,628 --a------ C:\WINDOWS\system32\prfc0416.dat

2007-08-05 22:06 344,380 --a------ C:\WINDOWS\system32\prfh0416.dat

2007-08-05 18:25 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\Uniblue

2007-08-05 17:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-08-05 04:01 13,380 --------- C:\WINDOWS\system32\geebxvt.dll

2007-08-05 03:07 25,664 --a------ C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-04 15:15 <DIR> d-------- C:\Arquivos de programas\MaxTruco

2007-08-03 15:55 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2007-08-02 21:42 <DIR> d-------- C:\Arquivos de programas\Programas SRF

2007-08-02 12:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

2007-08-01 23:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

2007-08-01 23:15 <DIR> d-------- C:\Arquivos de programas\StuffPlug3

2007-08-01 23:08 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-08-01 23:08 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-08-01 00:04 <DIR> d-------- C:\Dic

2007-07-31 19:59 <DIR> d-------- C:\Arquivos de programas\YourWare Solutions

2007-07-31 02:45 <DIR> d-------- C:\Arquivos de programas\MegaJogos

2007-07-30 23:38 <DIR> d-------- C:\Arquivos de programas\iColorFolder

2007-07-30 23:29 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\Jasc

2007-07-30 23:20 <DIR> d-------- C:\Arquivos de programas\Jasc Software Inc

2007-07-30 22:47 <DIR> d-------- C:\Arquivos de programas\Winamp

2007-07-30 22:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

2007-07-30 16:07 <DIR> d-------- C:\Arquivos de programas\ToniArts

2007-07-30 16:04 <DIR> d--h----- C:\WINDOWS\PIF

2007-07-30 16:02 <DIR> d-------- C:\Arquivos de programas\AIDA32 - Enterprise System Information

2007-07-30 07:23 <DIR> d-------- C:\Arquivos de programas\Busca de Crack

2007-07-30 07:16 77,664 --a------ C:\WINDOWS\system\IR21_R.DLL

2007-07-30 07:16 7,168 --a------ C:\WINDOWS\system\DISPDIB.DLL

2007-07-30 07:16 49,616 --a------ C:\WINDOWS\system\MSACM.DLL

2007-07-30 07:16 151,040 --a------ C:\WINDOWS\system\IR32.DLL

2007-07-30 07:16 14,208 --a------ C:\WINDOWS\system\CTL3D.DLL

2007-07-30 07:16 12,800 --a------ C:\WINDOWS\system\ACMCMPRS.DLL

2007-07-30 07:14 <DIR> d-------- C:\XHME3DCD

2007-07-30 07:14 <DIR> d-------- C:\DOCUME~1\casa\WINDOWS

2007-07-29 16:30 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\Google

2007-07-29 16:24 898,105 --a------ C:\Arquivos de programas\Afinador-de-guitarra.exe

2007-07-29 16:24 <DIR> d-------- C:\Arquivos de programas\Downloads

2007-07-29 16:10 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\GameHouse

2007-07-29 16:10 <DIR> d-------- C:\Arquivos de programas\GameHouse

2007-07-29 15:55 <DIR> d-------- C:\Arquivos de programas\iWin.com

2007-07-29 15:49 <DIR> d-------- C:\Arquivos de programas\Yahoo! Games

2007-07-29 14:56 <DIR> d-------- C:\Arquivos de programas\Quick StartUp

2007-07-29 14:08 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\Skype

2007-07-29 01:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

2007-07-29 01:49 <DIR> d-------- C:\Arquivos de programas\Skype

2007-07-29 01:49 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2007-07-29 01:37 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2007-07-29 01:37 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-07-29 01:37 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2007-07-29 01:37 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2007-07-29 01:37 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys

2007-07-29 01:37 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-07 19:05 --------- d-------- C:\Arquivos de programas\eMule

2007-08-06 19:11 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-06 00:53 --------- d-------- C:\Arquivos de programas\lg_fwupdate

2007-08-03 15:55 --------- d-------- C:\Arquivos de programas\HP

2007-08-01 23:15 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-07-30 16:06 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-07-29 14:18 --------- d-------- C:\DOCUME~1\casa\DADOSD~1\MSN6

2007-07-27 19:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-27 19:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-27 19:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-27 19:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 18:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 18:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 18:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-07-26 14:30 --------- d-------- C:\DOCUME~1\casa\DADOSD~1\CyberLink

2007-07-26 14:27 --------- d-------- C:\DOCUME~1\casa\DADOSD~1\Image Zone Express

2007-06-22 17:34 2806784 --a------ C:\WINDOWS\system32\updte.exe

2007-06-22 17:34 2806784 --a------ C:\Arquivos de programas\Windows32.exe

2007-06-22 17:34 252928 --a------ C:\WINDOWS\system32\msmgsr.exe

2007-06-18 10:15 --------- d-------- C:\DOCUME~1\casa\DADOSD~1\HP

2007-06-13 14:14 --------- d-------- C:\Arquivos de programas\Lavalys

2007-06-13 12:57 110234 --a------ C:\WINDOWS\hpoins08.dat

2007-06-11 21:23 --------- d-------- C:\Arquivos de programas\Arquivos comuns\HP

2007-06-11 21:21 --------- d-------- C:\Arquivos de programas\Hewlett-Packard

2007-06-11 21:20 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2007-06-11 21:17 --------- d-------- C:\Arquivos de programas\Alwil Software

2007-06-11 21:13 --------- d-------- C:\DOCUME~1\casa\DADOSD~1\InterTrust

2007-06-11 21:11 --------- d-------- C:\Arquivos de programas\CyberLink DVD Solution

2007-06-11 21:11 --------- d-------- C:\Arquivos de programas\Ahead

2007-06-11 21:10 --------- d-------- C:\Arquivos de programas\CyberLink

2007-06-11 21:07 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-06-11 21:04 48628 --a------ C:\WINDOWS\system32\perfc016.dat

2007-06-11 21:04 344380 --a------ C:\WINDOWS\system32\perfh016.dat

2007-06-11 21:03 --------- d-------- C:\Arquivos de programas\ltmoh

2007-06-11 21:00 --------- d-------- C:\Arquivos de programas\Analog Devices

2007-06-11 20:59 44 --a------ C:\WINDOWS\system32\msssc.dll

2007-06-05 21:23 0 -rahs---- C:\MSDOS.SYS

2007-06-05 21:23 0 -rahs---- C:\IO.SYS

2007-06-05 21:23 0 --a------ C:\CONFIG.SYS

2007-06-05 21:23 0 --a------ C:\AUTOEXEC.BAT

2007-06-05 21:20 21844 --a------ C:\WINDOWS\system32\emptyregdb.dat

2004-10-01 15:00 40960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46f49380-ede4-4de8-848e-88ad33c692e9}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4d87dcb-45d8-40c8-9755-53857f7618e3}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebdf4e57-c83f-4ec1-aa64-dcf5b2bebf38}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AGRSMMSG"="AGRSMMSG.exe" [2005-06-30 02:16 C:\WINDOWS\AGRSMMSG.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"SDTray"="C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe" [2007-06-12 13:19]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2005-07-08 11:25]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FreeRAM XP"="C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2007-07-31 19:58]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iastuq]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=c:\windows\system32\geebxvt.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"HP Software Update"=C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

"InCD"=C:\Arquivos de programas\Ahead\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

"Smapp"=C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

 

R1 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys

R1 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys

R1 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys

R1 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys

R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

S3 CA561;ICatch (VI) PC Camera;C:\WINDOWS\system32\Drivers\SPCA561.SYS

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

 

 

Contents of the 'Scheduled Tasks' folder

2007-08-08 03:01:48 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-05 06:07:16 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-05 06:07:17 C:\WINDOWS\Tasks\At11.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-08 14:01:00 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-08 15:01:00 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-08 16:01:00 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-08 17:01:08 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-08 18:01:03 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-08 19:01:00 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-08 20:01:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-06 21:01:00 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-08 04:01:00 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-06 22:01:00 C:\WINDOWS\Tasks\At20.job

2007-08-07 23:01:59 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-08 00:01:00 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-08 01:01:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-08 02:01:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-08 13:51:10 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-05 06:07:17 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-05 07:01:00 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-05 06:07:17 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-05 06:07:17 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-05 06:07:17 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\FJ70DaJ1.exe

2007-08-05 06:07:17 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\FJ70DaJ1.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-08 17:12:03

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-08-08 17:14:51 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-08 17:14

 

--- E O F ---

 

 

Hijack:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 18:11:07, on 8/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\AGRSMMSG.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\casa\Desktop\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [sDTray] "C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\windows\system32\geebxvt.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 6434 bytes

 

:upset:

Compartilhar este post


Link para o post
Compartilhar em outros sites
Bom, outra dúvida agora. Eu tenho o Spybot instalado e o Residente ativo. Abriram umas vinyte janelinhas perguntando se eu permitia ou negava... valores deletados, adicionados, mudados... tentei usar o bom senso mas, temo ter clicado em algo que não devia. Devo desativar o Resident e passar o Combofix de novo? Agora está dando uma mensagem de erro no desktop "Runtime error 216 at 51F2242C". Quando clico no Ok, abre outra janelinha: 'A instrução no "0x51f265c2" fez referência à memória no "0x015f4e60". A memória naãp pôde "read". Clique em Ok para encerrar o programa' (que é o SDTrayApp.exe. Uma fecha e a outra abre, sem parar.

O SDTrayApp.exe pertence ao Spyware Doctor. Sugiro que desabilite tanto o Spybot, como o Spyware Doctor antes de efetivar as ações que eu indicar.

 

Por favor, também quero saber em relação à "restauração do sistema".

A função de Restauração Automática deve ficar como está, ou seja, não é preciso alterá-la.

 

Bem, vamos lá

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\system32\pmnnlih.dll

C:\WINDOWS\system32\geebxvt.dll

C:\WINDOWS\system32\msssc.dll

C:\WINDOWS\system32\FJ70DaJ1.exe

C:\WINDOWS\system32\updte.exe

C:\WINDOWS\system32\msmgsr.exe

C:\Arquivos de programas\Windows32.exe

C:\WINDOWS\cbbcdb.dll

C:\WINDOWS\vtustt.dll

C:\WINDOWS\dddedc.dll

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O20 - AppInit_DLLs: c:\windows\system32\geebxvt.dll

Clique em Fix Checked.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste novos logs do HijackThis e ComboFix.

 

Aguardo retorno.

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites
O SDTrayApp.exe pertence ao Spyware Doctor. Sugiro que desabilite tanto o Spybot, como o Spyware Doctor antes de efetivar as ações que eu indicar.

 

Ai, ai. Eu me esqueci de dasabiltar os dois.

 

Execute o HijackThis, clique em Do a system scan only e marque:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O20 - AppInit_DLLs: c:\windows\system32\geebxvt.dll

Clique em Fix Checked.

 

Bem, a seguinda entrada não aparecia mais. No lugar aparece outra dll: ssqponl.dll

 

 

Os logs:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 16:43:04, on 9/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\casa\Desktop\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {46f49380-ede4-4de8-848e-88ad33c692e9} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {87f1016b-ae10-4f95-ae6a-4870e3bcb69d} - C:\WINDOWS\system32\adsync.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp3.tmp.dll

O2 - BHO: (no name) - {e4d87dcb-45d8-40c8-9755-53857f7618e3} - (no file)

O2 - BHO: (no name) - {ebdf4e57-c83f-4ec1-aa64-dcf5b2bebf38} - (no file)

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [sDTray] "C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\windows\system32\ssqponl.dll

O20 - Winlogon Notify: adsync - C:\WINDOWS\SYSTEM32\adsync.dll

O20 - Winlogon Notify: iastuq - C:\WINDOWS\

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 6744 bytes

 

 

ComboFix 07-08-04.3 - "casa" 2007-08-09 16:43:44.3 [GMT -3:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\casa\DADOSD~1\tmp1.tmp.exe

C:\DOCUME~1\casa\DADOSD~1\tmp3.tmp.exe

C:\WINDOWS\system32\adsync.dll

C:\WINDOWS\system32\dnecd750d6.dat

C:\WINDOWS\system32\qwerty12.exe

C:\WINDOWS\system32\tmp3.tmp.dll

 

 

((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))

 

 

2007-08-09 16:29 <DIR> d-------- C:\!KillBox

2007-08-09 16:24 13,380 --a------ C:\WINDOWS\system32\vturqqo.dll

2007-08-09 14:17 13,380 --a------ C:\WINDOWS\system32\vtsttsp.dll

2007-08-09 13:38 131,425 --a------ C:\WINDOWS\tutqnl.dll

2007-08-09 12:46 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2007-08-09 12:46 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-08-08 22:31 <DIR> d-------- C:\WINDOWS\system32\appmgmt

2007-08-08 22:23 <DIR> d-------- C:\LinhaDefensiva

2007-08-08 21:49 13,380 --------- C:\WINDOWS\system32\ssqponl.dll

2007-08-08 20:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\SUPERAntiSpyware.com

2007-08-08 20:16 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\SUPERAntiSpyware.com

2007-08-08 20:16 <DIR> d-------- C:\Arquivos de programas\SUPERAntiSpyware

2007-08-08 17:06 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-08 15:42 <DIR> d-------- C:\VundoFix Backups

2007-08-08 11:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab

2007-08-08 11:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-08-07 19:09 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-08-07 16:32 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2007-08-06 20:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

2007-08-06 19:48 89,360 --a------ C:\WINDOWS\system32\Vb5db.dll

2007-08-06 19:48 57,344 --a------ C:\WINDOWS\system32\Signet32.dll

2007-08-06 19:48 527,024 --a------ C:\WINDOWS\system32\tibase6.dll

2007-08-06 19:48 489,128 --a------ C:\WINDOWS\system32\tdbgpp7.dll

2007-08-06 19:48 415,504 --a------ C:\WINDOWS\system32\Msrepl35.dll

2007-08-06 19:48 252,176 --a------ C:\WINDOWS\system32\Msrd2x35.dll

2007-08-06 19:48 249,856 --a------ C:\WINDOWS\system32\Todgub7.dll

2007-08-06 19:48 24,848 --a------ C:\WINDOWS\system32\Msjter35.dll

2007-08-06 19:48 20,480 --a------ C:\WINDOWS\system32\TransCripto.dll

2007-08-06 19:48 133,296 --a------ C:\WINDOWS\system32\tishare6.dll

2007-08-06 19:48 123,664 --a------ C:\WINDOWS\system32\Msjint35.dll

2007-08-06 19:48 1,046,288 --a------ C:\WINDOWS\system32\Msjet35.dll

2007-08-06 19:48 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2007-08-06 19:46 27,136 --a------ C:\WINDOWS\system32\WiseDLL.dll

2007-08-06 19:23 460,800 --a------ C:\WINDOWS\snap.dat

2007-08-06 19:14 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys

2007-08-06 19:14 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2007-08-06 19:14 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys

2007-08-06 19:14 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2007-08-06 19:14 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys

2007-08-06 19:14 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2007-08-06 19:14 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys

2007-08-06 19:14 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

2007-08-06 19:14 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys

2007-08-06 19:14 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2007-08-06 19:13 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys

2007-08-06 19:13 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys

2007-08-06 19:13 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll

2007-08-06 19:13 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-08-06 19:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys

2007-08-06 19:13 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys

2007-08-06 19:11 <DIR> d-------- C:\WINDOWS\Setup2K

2007-08-06 16:34 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2007-08-06 16:34 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-08-06 16:34 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2007-08-06 16:34 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2007-08-05 22:31 <DIR> d-------- C:\Arquivos de programas\Uniblue

2007-08-05 22:06 48,628 --a------ C:\WINDOWS\system32\prfc0416.dat

2007-08-05 22:06 344,380 --a------ C:\WINDOWS\system32\prfh0416.dat

2007-08-05 18:25 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\Uniblue

2007-08-05 17:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-08-04 15:15 <DIR> d-------- C:\Arquivos de programas\MaxTruco

2007-08-03 15:55 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2007-08-02 21:42 <DIR> d-------- C:\Arquivos de programas\Programas SRF

2007-08-02 12:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

2007-08-01 23:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

2007-08-01 23:15 <DIR> d-------- C:\Arquivos de programas\StuffPlug3

2007-08-01 23:08 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-08-01 23:08 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-08-01 00:04 <DIR> d-------- C:\Dic

2007-07-31 19:59 <DIR> d-------- C:\Arquivos de programas\YourWare Solutions

2007-07-31 02:45 <DIR> d-------- C:\Arquivos de programas\MegaJogos

2007-07-30 23:38 <DIR> d-------- C:\Arquivos de programas\iColorFolder

2007-07-30 23:29 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\Jasc

2007-07-30 23:20 <DIR> d-------- C:\Arquivos de programas\Jasc Software Inc

2007-07-30 22:47 <DIR> d-------- C:\Arquivos de programas\Winamp

2007-07-30 22:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

2007-07-30 16:07 <DIR> d-------- C:\Arquivos de programas\ToniArts

2007-07-30 16:04 <DIR> d--h----- C:\WINDOWS\PIF

2007-07-30 16:02 <DIR> d-------- C:\Arquivos de programas\AIDA32 - Enterprise System Information

2007-07-30 07:23 <DIR> d-------- C:\Arquivos de programas\Busca de Crack

2007-07-30 07:16 77,664 --a------ C:\WINDOWS\system\IR21_R.DLL

2007-07-30 07:16 7,168 --a------ C:\WINDOWS\system\DISPDIB.DLL

2007-07-30 07:16 49,616 --a------ C:\WINDOWS\system\MSACM.DLL

2007-07-30 07:16 151,040 --a------ C:\WINDOWS\system\IR32.DLL

2007-07-30 07:16 14,208 --a------ C:\WINDOWS\system\CTL3D.DLL

2007-07-30 07:16 12,800 --a------ C:\WINDOWS\system\ACMCMPRS.DLL

2007-07-30 07:14 <DIR> d-------- C:\XHME3DCD

2007-07-30 07:14 <DIR> d-------- C:\DOCUME~1\casa\WINDOWS

2007-07-29 16:30 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\Google

2007-07-29 16:24 898,105 --a------ C:\Arquivos de programas\Afinador-de-guitarra.exe

2007-07-29 16:24 <DIR> d-------- C:\Arquivos de programas\Downloads

2007-07-29 16:10 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\GameHouse

2007-07-29 16:10 <DIR> d-------- C:\Arquivos de programas\GameHouse

2007-07-29 15:55 <DIR> d-------- C:\Arquivos de programas\iWin.com

2007-07-29 15:49 <DIR> d-------- C:\Arquivos de programas\Yahoo! Games

2007-07-29 14:56 <DIR> d-------- C:\Arquivos de programas\Quick StartUp

2007-07-29 14:08 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\Skype

2007-07-29 01:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

2007-07-29 01:49 <DIR> d-------- C:\Arquivos de programas\Skype

2007-07-29 01:49 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-07 19:05 --------- d-------- C:\Arquivos de programas\eMule

2007-08-06 19:11 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-06 00:53 --------- d-------- C:\Arquivos de programas\lg_fwupdate

2007-08-03 15:55 --------- d-------- C:\Arquivos de programas\HP

2007-08-01 23:15 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-07-30 16:06 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-07-29 14:18 --------- d-------- C:\DOCUME~1\casa\DADOSD~1\MSN6

2007-07-27 19:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-27 19:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-27 19:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-27 19:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 18:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 18:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 18:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-07-26 14:30 --------- d-------- C:\DOCUME~1\casa\DADOSD~1\CyberLink

2007-07-26 14:27 --------- d-------- C:\DOCUME~1\casa\DADOSD~1\Image Zone Express

2007-06-18 10:15 --------- d-------- C:\DOCUME~1\casa\DADOSD~1\HP

2007-06-13 14:14 --------- d-------- C:\Arquivos de programas\Lavalys

2007-06-13 12:57 110234 --a------ C:\WINDOWS\hpoins08.dat

2007-06-11 21:23 --------- d-------- C:\Arquivos de programas\Arquivos comuns\HP

2007-06-11 21:21 --------- d-------- C:\Arquivos de programas\Hewlett-Packard

2007-06-11 21:20 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2007-06-11 21:17 --------- d-------- C:\Arquivos de programas\Alwil Software

2007-06-11 21:13 --------- d-------- C:\DOCUME~1\casa\DADOSD~1\InterTrust

2007-06-11 21:11 --------- d-------- C:\Arquivos de programas\CyberLink DVD Solution

2007-06-11 21:11 --------- d-------- C:\Arquivos de programas\Ahead

2007-06-11 21:10 --------- d-------- C:\Arquivos de programas\CyberLink

2007-06-11 21:07 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-06-11 21:04 48628 --a------ C:\WINDOWS\system32\perfc016.dat

2007-06-11 21:04 344380 --a------ C:\WINDOWS\system32\perfh016.dat

2007-06-11 21:03 --------- d-------- C:\Arquivos de programas\ltmoh

2007-06-11 21:00 --------- d-------- C:\Arquivos de programas\Analog Devices

2007-06-05 21:23 0 -rahs---- C:\MSDOS.SYS

2007-06-05 21:23 0 -rahs---- C:\IO.SYS

2007-06-05 21:23 0 --a------ C:\CONFIG.SYS

2007-06-05 21:23 0 --a------ C:\AUTOEXEC.BAT

2007-06-05 21:20 21844 --a------ C:\WINDOWS\system32\emptyregdb.dat

2004-10-01 15:00 40960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46f49380-ede4-4de8-848e-88ad33c692e9}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87f1016b-ae10-4f95-ae6a-4870e3bcb69d}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4d87dcb-45d8-40c8-9755-53857f7618e3}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebdf4e57-c83f-4ec1-aa64-dcf5b2bebf38}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AGRSMMSG"="AGRSMMSG.exe" [2005-06-30 02:16 C:\WINDOWS\AGRSMMSG.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"SDTray"="C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe" [2007-06-12 13:19]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2005-07-08 11:25]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FreeRAM XP"="C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2007-07-31 19:58]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\adsync]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iastuq]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=c:\windows\system32\ssqponl.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"HP Software Update"=C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

"InCD"=C:\Arquivos de programas\Ahead\InCD\InCD.exe

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

"Smapp"=C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

 

R1 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys

R1 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys

R1 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys

R1 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys

R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

S3 CA561;ICatch (VI) PC Camera;C:\WINDOWS\system32\Drivers\SPCA561.SYS

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-09 16:46:47

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-09 16:49:42 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-09 16:49

C:\ComboFix2.txt ... 2007-08-09 01:04

C:\ComboFix3.txt ... 2007-08-08 17:14

 

--- E O F ---

 

Parece que ainda estão ativos. :unsure:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Cintia Leme,

 

Vamos lá

 

1ª Etapa

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\system32\adsync.dll

C:\WINDOWS\system32\tmp3.tmp.dll

C:\WINDOWS\system32\iastuq.dll

C:\WINDOWS\system32\vturqqo.dll

C:\WINDOWS\system32\vtsttsp.dll

C:\WINDOWS\system32\ssqponl.dll

C:\WINDOWS\tutqnl.dll

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro.

 

Execute o HijackThis, clique em Do a system scan only e marque (talvez algumas já não apareçam mais):

O2 - BHO: (no name) - {46f49380-ede4-4de8-848e-88ad33c692e9} - (no file)

O2 - BHO: (no name) - {87f1016b-ae10-4f95-ae6a-4870e3bcb69d} - C:\WINDOWS\system32\adsync.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp3.tmp.dll

O2 - BHO: (no name) - {e4d87dcb-45d8-40c8-9755-53857f7618e3} - (no file)

O2 - BHO: (no name) - {ebdf4e57-c83f-4ec1-aa64-dcf5b2bebf38} - (no file)

O20 - AppInit_DLLs: c:\windows\system32\ssqponl.dll

O20 - Winlogon Notify: adsync - C:\WINDOWS\SYSTEM32\adsync.dll

O20 - Winlogon Notify: iastuq - C:\WINDOWS\

Clique em Fix Checked.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste novos logs do ComboFix e HijackThis.

 

Aguardo retorno.

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não sei se estou certa mas, parece que continua tudo aqui. :unsure:

 

Aí vão os logs:

 

 

 

ComboFix 07-08-04.3 - "casa" 2007-08-09 20:18:44.4 [GMT -3:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\coni32.dll

C:\WINDOWS\system32\ddcyx.exe

C:\WINDOWS\system32\dnecd750d6.dat

 

 

((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))

 

 

2007-08-09 18:33 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-08-09 16:29 <DIR> d-------- C:\!KillBox

2007-08-09 14:17 13,380 --a------ C:\WINDOWS\system32\vtsttsp.dll

2007-08-09 13:38 131,425 --a------ C:\WINDOWS\tutqnl.dll

2007-08-09 12:46 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2007-08-09 12:46 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-08-08 22:31 <DIR> d-------- C:\WINDOWS\system32\appmgmt

2007-08-08 22:23 <DIR> d-------- C:\LinhaDefensiva

2007-08-08 21:49 13,380 --------- C:\WINDOWS\system32\ssqponl.dll

2007-08-08 20:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\SUPERAntiSpyware.com

2007-08-08 20:16 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\SUPERAntiSpyware.com

2007-08-08 20:16 <DIR> d-------- C:\Arquivos de programas\SUPERAntiSpyware

2007-08-08 17:06 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-08 15:42 <DIR> d-------- C:\VundoFix Backups

2007-08-08 11:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab

2007-08-08 11:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-08-07 19:09 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-08-07 16:32 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2007-08-06 20:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

2007-08-06 19:48 89,360 --a------ C:\WINDOWS\system32\Vb5db.dll

2007-08-06 19:48 57,344 --a------ C:\WINDOWS\system32\Signet32.dll

2007-08-06 19:48 527,024 --a------ C:\WINDOWS\system32\tibase6.dll

2007-08-06 19:48 489,128 --a------ C:\WINDOWS\system32\tdbgpp7.dll

2007-08-06 19:48 415,504 --a------ C:\WINDOWS\system32\Msrepl35.dll

2007-08-06 19:48 252,176 --a------ C:\WINDOWS\system32\Msrd2x35.dll

2007-08-06 19:48 249,856 --a------ C:\WINDOWS\system32\Todgub7.dll

2007-08-06 19:48 24,848 --a------ C:\WINDOWS\system32\Msjter35.dll

2007-08-06 19:48 20,480 --a------ C:\WINDOWS\system32\TransCripto.dll

2007-08-06 19:48 133,296 --a------ C:\WINDOWS\system32\tishare6.dll

2007-08-06 19:48 123,664 --a------ C:\WINDOWS\system32\Msjint35.dll

2007-08-06 19:48 1,046,288 --a------ C:\WINDOWS\system32\Msjet35.dll

2007-08-06 19:48 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2007-08-06 19:46 27,136 --a------ C:\WINDOWS\system32\WiseDLL.dll

2007-08-06 19:23 460,800 --a------ C:\WINDOWS\snap.dat

2007-08-06 19:14 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys

2007-08-06 19:14 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2007-08-06 19:14 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys

2007-08-06 19:14 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2007-08-06 19:14 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys

2007-08-06 19:14 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2007-08-06 19:14 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys

2007-08-06 19:14 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

2007-08-06 19:14 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys

2007-08-06 19:14 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2007-08-06 19:13 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys

2007-08-06 19:13 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys

2007-08-06 19:13 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll

2007-08-06 19:13 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-08-06 19:13 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys

2007-08-06 19:13 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys

2007-08-06 19:11 <DIR> d-------- C:\WINDOWS\Setup2K

2007-08-06 16:34 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2007-08-06 16:34 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-08-06 16:34 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2007-08-06 16:34 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2007-08-05 22:31 <DIR> d-------- C:\Arquivos de programas\Uniblue

2007-08-05 22:06 48,628 --a------ C:\WINDOWS\system32\prfc0416.dat

2007-08-05 22:06 344,380 --a------ C:\WINDOWS\system32\prfh0416.dat

2007-08-05 18:25 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\Uniblue

2007-08-05 17:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-08-04 15:15 <DIR> d-------- C:\Arquivos de programas\MaxTruco

2007-08-03 15:55 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2007-08-02 21:42 <DIR> d-------- C:\Arquivos de programas\Programas SRF

2007-08-02 12:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

2007-08-01 23:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

2007-08-01 23:15 <DIR> d-------- C:\Arquivos de programas\StuffPlug3

2007-08-01 23:08 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-08-01 23:08 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-08-01 00:04 <DIR> d-------- C:\Dic

2007-07-31 19:59 <DIR> d-------- C:\Arquivos de programas\YourWare Solutions

2007-07-31 02:45 <DIR> d-------- C:\Arquivos de programas\MegaJogos

2007-07-30 23:38 <DIR> d-------- C:\Arquivos de programas\iColorFolder

2007-07-30 23:29 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\Jasc

2007-07-30 23:20 <DIR> d-------- C:\Arquivos de programas\Jasc Software Inc

2007-07-30 22:47 <DIR> d-------- C:\Arquivos de programas\Winamp

2007-07-30 22:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

2007-07-30 16:07 <DIR> d-------- C:\Arquivos de programas\ToniArts

2007-07-30 16:04 <DIR> d--h----- C:\WINDOWS\PIF

2007-07-30 16:02 <DIR> d-------- C:\Arquivos de programas\AIDA32 - Enterprise System Information

2007-07-30 07:23 <DIR> d-------- C:\Arquivos de programas\Busca de Crack

2007-07-30 07:16 77,664 --a------ C:\WINDOWS\system\IR21_R.DLL

2007-07-30 07:16 7,168 --a------ C:\WINDOWS\system\DISPDIB.DLL

2007-07-30 07:16 49,616 --a------ C:\WINDOWS\system\MSACM.DLL

2007-07-30 07:16 151,040 --a------ C:\WINDOWS\system\IR32.DLL

2007-07-30 07:16 14,208 --a------ C:\WINDOWS\system\CTL3D.DLL

2007-07-30 07:16 12,800 --a------ C:\WINDOWS\system\ACMCMPRS.DLL

2007-07-30 07:14 <DIR> d-------- C:\XHME3DCD

2007-07-30 07:14 <DIR> d-------- C:\DOCUME~1\casa\WINDOWS

2007-07-29 16:30 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\Google

2007-07-29 16:24 898,105 --a------ C:\Arquivos de programas\Afinador-de-guitarra.exe

2007-07-29 16:24 <DIR> d-------- C:\Arquivos de programas\Downloads

2007-07-29 16:10 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\GameHouse

2007-07-29 16:10 <DIR> d-------- C:\Arquivos de programas\GameHouse

2007-07-29 15:55 <DIR> d-------- C:\Arquivos de programas\iWin.com

2007-07-29 15:49 <DIR> d-------- C:\Arquivos de programas\Yahoo! Games

2007-07-29 14:56 <DIR> d-------- C:\Arquivos de programas\Quick StartUp

2007-07-29 14:08 <DIR> d-------- C:\DOCUME~1\casa\DADOSD~1\Skype

2007-07-29 01:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

2007-07-29 01:49 <DIR> d-------- C:\Arquivos de programas\Skype

2007-07-29 01:49 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-07 19:05 --------- d-------- C:\Arquivos de programas\eMule

2007-08-06 19:11 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-06 00:53 --------- d-------- C:\Arquivos de programas\lg_fwupdate

2007-08-03 15:55 --------- d-------- C:\Arquivos de programas\HP

2007-08-01 23:15 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-07-30 16:06 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-07-29 14:18 --------- d-------- C:\DOCUME~1\casa\DADOSD~1\MSN6

2007-07-27 19:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-27 19:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-27 19:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-27 19:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 18:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 18:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 18:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-07-26 14:30 --------- d-------- C:\DOCUME~1\casa\DADOSD~1\CyberLink

2007-07-26 14:27 --------- d-------- C:\DOCUME~1\casa\DADOSD~1\Image Zone Express

2007-06-18 10:15 --------- d-------- C:\DOCUME~1\casa\DADOSD~1\HP

2007-06-13 14:14 --------- d-------- C:\Arquivos de programas\Lavalys

2007-06-13 12:57 110234 --a------ C:\WINDOWS\hpoins08.dat

2007-06-11 21:23 --------- d-------- C:\Arquivos de programas\Arquivos comuns\HP

2007-06-11 21:21 --------- d-------- C:\Arquivos de programas\Hewlett-Packard

2007-06-11 21:20 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2007-06-11 21:17 --------- d-------- C:\Arquivos de programas\Alwil Software

2007-06-11 21:13 --------- d-------- C:\DOCUME~1\casa\DADOSD~1\InterTrust

2007-06-11 21:11 --------- d-------- C:\Arquivos de programas\CyberLink DVD Solution

2007-06-11 21:11 --------- d-------- C:\Arquivos de programas\Ahead

2007-06-11 21:10 --------- d-------- C:\Arquivos de programas\CyberLink

2007-06-11 21:07 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-06-11 21:04 48628 --a------ C:\WINDOWS\system32\perfc016.dat

2007-06-11 21:04 344380 --a------ C:\WINDOWS\system32\perfh016.dat

2007-06-11 21:03 --------- d-------- C:\Arquivos de programas\ltmoh

2007-06-11 21:00 --------- d-------- C:\Arquivos de programas\Analog Devices

2007-06-05 21:23 0 -rahs---- C:\MSDOS.SYS

2007-06-05 21:23 0 -rahs---- C:\IO.SYS

2007-06-05 21:23 0 --a------ C:\CONFIG.SYS

2007-06-05 21:23 0 --a------ C:\AUTOEXEC.BAT

2007-06-05 21:20 21844 --a------ C:\WINDOWS\system32\emptyregdb.dat

2004-10-01 15:00 40960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46f49380-ede4-4de8-848e-88ad33c692e9}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4d87dcb-45d8-40c8-9755-53857f7618e3}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebdf4e57-c83f-4ec1-aa64-dcf5b2bebf38}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AGRSMMSG"="AGRSMMSG.exe" [2005-06-30 02:16 C:\WINDOWS\AGRSMMSG.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"SDTray"="C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe" [2007-06-12 13:19]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2005-07-08 11:25]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-09 19:48]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FreeRAM XP"="C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2007-07-31 19:58]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iastuq]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=c:\windows\system32\ssqponl.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"HP Software Update"=C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

"InCD"=C:\Arquivos de programas\Ahead\InCD\InCD.exe

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

"Smapp"=C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

 

R1 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys

R1 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys

R1 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys

R1 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys

R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

S3 CA561;ICatch (VI) PC Camera;C:\WINDOWS\system32\Drivers\SPCA561.SYS

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-09 20:22:07

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-08-09 20:26:04 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-09 20:25

C:\ComboFix2.txt ... 2007-08-09 16:49

C:\ComboFix3.txt ... 2007-08-09 01:04

 

--- E O F ---

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 20:28:36, on 9/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

C:\WINDOWS\AGRSMMSG.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\casa\Desktop\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {46f49380-ede4-4de8-848e-88ad33c692e9} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {e4d87dcb-45d8-40c8-9755-53857f7618e3} - (no file)

O2 - BHO: (no name) - {ebdf4e57-c83f-4ec1-aa64-dcf5b2bebf38} - (no file)

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [sDTray] "C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\windows\system32\ssqponl.dll

O20 - Winlogon Notify: iastuq - C:\WINDOWS\

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 6856 bytes

 

E agora? :/

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Cintia Leme,

 

Execute o Panda Total Scan e retorne com o resultado.

 

Abraços.

 

PS.: Você terá que se cadastrar, mas o processo é rápido e gratuito, portanto não se preocupe.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Opa Cintia Leme,

 

Execute o Panda Total Scan e retorne com o resultado.

 

Abraços.

 

PS.: Você terá que se cadastrar, mas o processo é rápido e gratuito, portanto não se preocupe.

 

O Avast acusa o malware Win32:CTX na instalação do Panda Total Scan. Fiz uma pesquisae vi que não é vírus mas sim uma "má interpretação" do Avast em relação às definições do Panda.

 

Você disse que era de graça mas é apenas o scan, né? Não faz a deinfecção.

Como eu fiz as duas varreduras (rápida e completa), vou mandar a completa por na rápida ele deixou passar os dois piores:

 

;*******************************************************************************

********************************************************************************

******************

ANALYSIS: 2007-08-10 00:52:43

PROTECTIONS: 1

MALWARE: 15

SUSPECTS: 13

;*******************************************************************************

********************************************************************************

******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

==================

avast! antivirus 4.7.1029 [VPS 000764-3] 4.7.1029 No Yes

;===============================================================================

================================================================================

==================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

==================

00096053 application/funweb HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\casa\Cookies\casa@doubleclick[1].txt

00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\casa\Desktop\VirtumundoBeGone.exe[²ƒÇ]

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\casa\Cookies\casa@xiti[1].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\casa\Cookies\casa@toplist[1].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\casa\Cookies\casa@statcounter[1].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\casa\Cookies\casa@uol.com[2].txt

00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\casa\Cookies\casa@bravenet[1].txt

00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\casa\Desktop\VirtumundoBeGone.exe

01192368 W32/ZlFake.A Virus Yes 1 Yes No C:\ARQUIVOS DE PROGRAMAS\AHEAD\INCD\INCD.EXE

01192368 W32/ZlFake.A Virus No 0 Yes No C:\WINDOWS\SYSTEM32\NEROCHECK.EXE

01192368 W32/ZlFake.A Virus No 0 Yes No C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

01192368 W32/ZlFake.A Virus No 0 Yes No C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

01221123 Trj/Banker.IDN Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000007.exe

01221123 Trj/Banker.IDN Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000045.exe

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000084.exe

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000281.exe

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\nircmd.exe

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000026.exe

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000230.exe

01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\casa\Desktop\ComboFix.exe[nircmd.exe]

01307796 W32/ZlFake.A.drp Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000048.exe

01307796 W32/ZlFake.A.drp Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000006.exe

01310745 Trj/DNSChanger.XB Virus/Trojan No 0 Yes No C:\VundoFix Backups\ssqponl.dll.bad

01310745 Trj/DNSChanger.XB Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000209.dll

01310745 Trj/DNSChanger.XB Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000227.dll

01310745 Trj/DNSChanger.XB Virus/Trojan Yes 1 Yes No C:\WINDOWS\SYSTEM32\SSQPONL.DLL

01310745 Trj/DNSChanger.XB Virus/Trojan No 0 Yes No C:\VundoFix Backups\sstqppn.dll.bad

01310745 Trj/DNSChanger.XB Virus/Trojan No 0 Yes No C:\WINDOWS\system32\vtsttsp.dll

01310745 Trj/DNSChanger.XB Virus/Trojan No 0 Yes No C:\VundoFix Backups\jkhfcax.dll.bad

01310745 Trj/DNSChanger.XB Virus/Trojan No 0 Yes No C:\VundoFix Backups\pmkheba.dll.bad

01337895 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000046.dll

01337895 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000010.dll

01337895 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000009.dll

01337895 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000051.dll

;===============================================================================

================================================================================

==================

SUSPECTS

Location

;===============================================================================

================================================================================

==================

C:\ARQUIVOS DE PROGRAMAS\AHEAD\INCD\INCDSRV.EXE

C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHDISP.EXE

C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE

C:\ARQUIVOS DE PROGRAMAS\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE

C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE

C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE

C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE1.6.0_02\BIN\JUSCHED.EXE

C:\ARQUIVOS DE PROGRAMAS\SPYWARE DOCTOR\SVCNTAUX.EXE

C:\ARQUIVOS DE PROGRAMAS\SPYWARE DOCTOR\SWDSVC.EXE

C:\ARQUIVOS DE PROGRAMAS\YOURWARE SOLUTIONS\FREERAM XP PRO\FREERAM XP PRO.EXE

C:\WINDOWS\AGRSMMSG.EXE

C:\WINDOWS\SYSTEM32\HPZIPM12.EXE

;===============================================================================

================================================================================

==================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Cintia Leme,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000006.exe

C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000007.exe

C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000009.dll

C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000010.dll

C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000045.exe

C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000046.dll

C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000048.exe

C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000051.dll

C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000209.dll

C:\System Volume Information\_restore{EC74182C-3808-4B0F-99D9-5FF371049A3A}\RP1\A0000227.dll

C:\WINDOWS\SYSTEM32\SSQPONL.DLL

C:\WINDOWS\system32\vtsttsp.dll

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo das pastas C:\!Killbox e C:\VundoFix Backups.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Execute o Panda Total Scan novamente e veja se ainda detecta algo.

 

Aguardo retorno.

 

Um abraço.

 

PS.: Você deve marcar a caixa Full scan, que fica abaixo do botão Scan Now (por padrão a caixa Quick scan estará marcada).

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.