Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Prowerewolf

[Resolvido] Virus Apagou Anti Virus

Recommended Posts

Olá,

Estou passandopor um problema que já vi post, mas não sei se foi resolvido, pois o forista não respondeu. Tanto meu Avast quanto meu iniciar com Modo de Segurança foram deletados por uma praga. Não dá permissão para instalar outro anti virus. Com o Hijackthis tirei meu log, mas preciso de uma analise, por favor.

 

Logfile of HijackThis v1.99.1

Scan saved at 22:09:58, on 29/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrador\Desktop\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://farejador.ig.com.br/ie/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PCTVOICE] pctspk.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181851265133

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193517875796

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (file missing)

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

 

Já agradeço. Valeu!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde Prowerewolf!

 

>@< Leia este artigo,logo abaixo,e retorne com o relatório: infoSat.txt

 

< Removendo a versão Bagle com Rootkit >

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

O meu aconteceu a mesma coisa. Lí o artigo recomendado e estou seguindo os passos com o F-Secure Blacklight Rootkit Eliminator e na sequência fou utilizar o EliBagA.

 

Caso não consiga resover, você poderia ler meu relatório infoSat.txt também?

 

Obrigado pela ajuda.

 

Abs e bom final de semana. marcus

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não deu certo a recomendação de Jgarcia. Tentei reiniciar em modo seguro e reinstalr o Avast e não deu certo.

 

Fri Nov 30 13:15:55 2007

EliBagle v10.75 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\HIDR.EXE --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)

Eliminada Carpeta "%WinDir%\exefld"

 

Fri Nov 30 13:16:25 2007

EliBagle v10.75 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 2529

Nº Total de Ficheros: 27001

Nº de Ficheros Analizados: 7184

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Fri Nov 30 13:31:04 2007

EliBagle v10.75 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

D:\Arquivos de programas\eMule\Incoming\APECSOFT RMVB WMV TO AVI CONVERTER 2.10 BUILD 186.ZIP --> Eliminado Bagle

 

Nº Total de Directorios: 2577

Nº Total de Ficheros: 18870

Nº de Ficheros Analizados: 3672

Nº de Ficheros Infectados: 1

Nº de Ficheros Limpiados: 1

 

Fri Nov 30 13:32:44 2007

EliBagle v10.75 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad E:\

 

Nº Total de Directorios: 568

Nº Total de Ficheros: 7502

Nº de Ficheros Analizados: 682

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Fri Nov 30 13:33:12 2007

EliBagle v10.75 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad G:\

 

Nº Total de Directorios: 55

Nº Total de Ficheros: 514

Nº de Ficheros Analizados: 85

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Fri Nov 30 15:01:22 2007

EliBagle v10.75 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

 

Fri Nov 30 15:01:33 2007

EliBagle v10.75 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 2555

Nº Total de Ficheros: 27195

Nº de Ficheros Analizados: 7274

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite Prowerewolf!

 

>@< Tente,agora,com a Versão 02:

 

< Removendo a versão Bagle com Rootkit-Versão 02 >

 

>@< Poste,um nôvo Log do HijackThis.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia

Tenti o tutorial 2, mas ocorreu o seguinte:

1. Não existem em EXECUTAR/REGEDIT:

HKEY_CURRENT_USER\Software\FirstRRRun

................................................\FIRSTRUXZX

................................................\microsoft\Windows\CurrentVersion\Run

................................................\DateTime4

 

2. Nenhuma das pastas em C:>\Documents and Sttings

 

3. Nada do reiniciar em MODO SEGURO

 

4. O anti virus, nada de instalar

 

5. O log foi sem entrar no modo seguro, óbvio:

 

Logfile of HijackThis v1.99.1

Scan saved at 14:47:53, on 30/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\Documents and Settings\Administrador\Desktop\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://farejador.ig.com.br/ie/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PCTVOICE] pctspk.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181851265133

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193517875796

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (file missing)

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (file missing)

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

 

Valeu!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite Prowerewolf!

 

>@< Faça o download do BlackLight.

>@< Baixe-o para o Disco Local-C!

>@< Estabeleça uma pasta própria para o programa ( FSBlackLight ).

>@< Ao roda-lo,feche todas as janelas e o navegador!

>@< Execute o programa,clicando no seu executável,e aceite o contrato de Licença.

>@< Na janela Step1 ( Scan for hidden itens ) >> Clique em Scan.

>@< Quando o scan terminar,aparecerá o botão Show all processes.

>@< O relatório ( Log ),estará na mesma pasta do executável.

>@< Poste o conteúdo dêste Log ( fsb xxxxx.log ),na sua resposta.Onde xxxxx são números!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde!

Por não estar acessando de casa nos ultimos tempos, demorei par postar o log.

 

12/10/07 14:58:22 [info]: BlackLight Engine 1.0.67 initialized

12/10/07 14:58:22 [info]: OS: 5.1 build 2600 (Service Pack 2)

12/10/07 14:58:22 [Note]: 7019 4

12/10/07 14:58:22 [Note]: 7005 0

12/10/07 14:58:25 [Note]: 7006 0

12/10/07 14:58:25 [Note]: 7022 0

12/10/07 14:58:26 [Note]: 7011 1556

12/10/07 14:58:26 [Note]: 7026 0

12/10/07 14:58:27 [Note]: 7026 0

12/10/07 14:58:35 [Note]: FSRAW library version 1.7.1024

12/10/07 15:07:43 [Note]: 2000 1012

12/10/07 15:07:43 [Note]: 2000 1012

12/10/07 15:12:08 [Note]: 7007 0

 

Também utilizei, no único dia em que entrei do meu computador, um site chamado Kaspersky, e estou colocando para ver se ajuda.

 

KASPERSKY ONLINE SCANNER REPORT

Friday, December 14, 2007 4:10:04 AM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 14/12/2007

Kaspersky Anti-Virus database records: 451510

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - Folders:

C:\

 

Scan Statistics:

Total number of scanned objects: 28934

Number of viruses found: 0

Number of infected objects: 0

Number of suspicious objects: 0

Duration of the scan process: 00:51:33

 

Infected Object Name / Virus Name / Last Action

C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped

C:\Arquivos de programas\EMULE\Db\Jumpstart.db Object is locked skipped

C:\Arquivos de programas\EMULE\Db\log.0000000001 Object is locked skipped

C:\Arquivos de programas\EMULE\Temp1.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp2.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp3.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp4.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp5.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp6.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp7.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp8.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp9.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp10.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp11.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp12.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp13.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp14.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp15.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp16.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp17.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp18.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp20.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp21.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp22.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp24.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp25.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp26.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp27.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp28.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp29.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp30.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp31.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp32.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp33.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp35.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp37.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp38.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp39.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp40.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp41.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp42.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp43.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp45.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp46.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp48.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp51.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp52.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp53.part Object is locked skipped

C:\Arquivos de programas\EMULE\Temp54.part Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Defender\FileTracker\{981A8A4C-07A3-49EF-B77B-318D1F3CE3F1} Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\MSHist012007121420071215\index.dat Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF2EB5.tmp Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF2EF6.tmp Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF2F12.tmp Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrador\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Administrador\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Administrador\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Windows Defender\Support\MPLog-06222007-235924.log Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{784F134C-3FF5-4397-AFC1-553FB71B76C9}\RP6\change.log Object is locked skipped

C:\WINDOWS\CSC000001 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{15D6386D-692A-40E9-9884-8E941C2E500A}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\temp\Perflib_Perfdata_42c.dat Object is locked skipped

C:\WINDOWS\temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

 

 

Muito agradecido!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia Prowerewolf!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa tarde!

 

O link do combofix não está funcionando. Salva e dá como 0 bytes.

________________

 

Opa!Prowerewolf!

Boa Tarde!

 

>@< Tente por êste: < http://download.bleepingcomputer.com/sUBs/ComboFix.exe >

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde!

 

Aí vão oo relatórios do combofix, mais o hijacthis atualizado:

 

ComboFix 08-01-04.1 - Administrador 2008-01-05 16:30:19.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.218 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))

.

 

2007-12-20 01:09 . 2007-12-20 01:09 268 --ah----- C:\sqmdata08.sqm

2007-12-20 01:09 . 2007-12-20 01:09 244 --ah----- C:\sqmnoopt08.sqm

2007-12-14 00:16 . 2007-12-14 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2007-12-14 00:15 . 2007-12-14 00:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-12-13 14:31 . 2007-12-13 14:31 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2007-12-13 14:31 . 2007-12-13 14:31 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2007-12-13 14:31 . 2007-12-13 14:31 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2007-12-13 14:31 . 2007-12-13 14:31 <DIR> d-------- C:\Documents and Settings\Default User\Configuraþ§es locais

2007-12-13 14:31 . 2007-12-13 14:31 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-05 03:25 --------- d-----w C:\Arquivos de programas\Oi Internet

2007-12-19 19:24 --------- d-----w C:\Arquivos de programas\War Chess

2007-12-19 03:24 --------- d-----w C:\Arquivos de programas\Discador Orolix

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-12-01 12:27 --------- d-----w C:\Arquivos de programas\Alwil Software

2007-12-01 12:15 --------- d-----w C:\Arquivos de programas\CCleaner

2007-12-01 01:24 --------- d-----w C:\Arquivos de programas\ApecSoft

2007-12-01 01:03 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2007-11-29 20:50 --------- d-----w C:\Arquivos de programas\IObit

2007-11-28 16:09 --------- d-----w C:\Arquivos de programas\eRightSoft

2007-11-24 19:58 --------- d-----w C:\Arquivos de programas\Real Alternative

2007-11-24 16:39 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic

2007-11-24 16:31 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2007-11-14 20:22 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2007-11-14 03:09 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2007-11-14 01:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-09 19:28 46,704 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-20 09:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"PCTVOICE"="pctspk.exe" [2001-09-05 23:50 86016 C:\WINDOWS\system32\pctspk.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"Cmaudio"="cmicnfg.cpl" []

"SoundMan"="SOUNDMAN.EXE" [2004-06-18 05:31 67584 C:\WINDOWS\soundman.exe]

"SMSERIAL"="sm56hlpr.exe" [2004-12-28 19:01 544768 C:\WINDOWS\sm56hlpr.exe]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:45 15360]

"melg3445"="C:\WINDOWS\System32\4.exe" [ ]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discador iG]

C:\Arquivos de programas\iGv6\Discador iG.exe boot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]

2006-07-13 02:34 57344 --a------ C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Arquivos de programas\Messenger\msmsgs.exe /background

 

S3 cwrwdm;SoundFusion WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys []

S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00]

S3 SiSV;SiSV;C:\WINDOWS\system32\DRIVERS\SiSV.sys [2001-08-17 20:50]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7020b238-7be7-11dc-83de-d204d610bf73}]

\Shell\auto\command - G:\Knight.exe open

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open

\Shell\explore\command - G:\Knight.exe open

\Shell\find\command - G:\Knight.exe open

\Shell\install\command - G:\Knight.exe open

\Shell\open\command - G:\Knight.exe open

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ce9a7b2-79ca-11dc-83d8-860fb7ce4d78}]

\Shell\Auto\command - fun.xls.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a11de2a6-7429-11dc-83c7-dfa3610b1149}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-05 17:22:27 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-05 16:33:09

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-01-05 16:34:30

ComboFix2.txt 2007-12-13 17:30:57

.

2008-01-04 11:23:26 --- E O F ---

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:35:56, on 5/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\sm56hlpr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Discador Orolix\orodialer.exe

C:\Arquivos de programas\EMULE\eMule.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\hijackthis\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PCTVOICE] pctspk.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181851265133

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193517875796

O17 - HKLM\System\CCS\Services\Tcpip\..\{0334D0E5-1A01-4DD2-98B5-DA1DABA0D0AD}: NameServer = 200.184.26.9 200.184.26.14

O17 - HKLM\System\CS2\Services\Tcpip\..\{0334D0E5-1A01-4DD2-98B5-DA1DABA0D0AD}: NameServer = 200.184.26.9 200.184.26.14

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite Prowerewolf!

 

Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\System32\4.exe

C:\WINDOWS\System32\algsrvs.exe

C:\WINDOWS\System32\msfun80.exe

C:\WINDOWS\System32\msime82.exe

C:\WINDOWS\ufdata2000.log

C:\Documents and Settings\Administrador\Dados de aplicativos\m\flec006.exe

C:\Documents and Settings\Administrador\Dados de aplicativos\hidires\hidr.exe

C:\Documents and Settings\Administrador\Dados de aplicativos\hidires\m_hook.sys

C:\Documents and Settings\Administrador\Dados de aplicativos\hidires\srosa.sys

C:\Documents and Settings\Administrador\Dados de aplicativos\hidn\hidn2.exe

C:\WINDOWS\System32\drivers\hidr.exe

C:\WINDOWS\System32\drivers\srosa.sys

C:\WINDOWS\System32\wintems.exe

C:\WINDOWS\System32\hldrrr.exe

C:\fun.xls.exe

C:\autorun.inf

 

Registry::

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"melg3445"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"drvsyskit" = ""

"german" = ""

"hldrrr" = ""

 

Folder::

C:\Documents and Settings\%Userprofiles%\Application Data\hidires

C:\Documents and Settings\%Userprofiles%\Application Data\hidn

C:\Documents and Settings\%Userprofiles%\Application Data\m

C:\WINDOWS\exefld

C:\WINDOWS\exefqd

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

_______________________

 

<!> Navegue até a seguinte subchave:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]

 

>@< Selecione a pasta (Control) >> dê um clique-direito >> Novo >> Chave.

>@< Coloque o nome de Safeboot.

>@< Criada a pasta Safeboot,a selecione >> dê um clique-direito >> Novo >> Valor da sequência.

>@< Dê o nome de AlternateShell.

>@< No painel à direita,selecione AlternateShell >> dê um clique-direito >> Modificar.

>@< No local destinado ao valor,coloque: cmd.exe

 

<!> Saia do Editor do Registro.

_______________________

 

>@< Faça o download do Mx One 3.0.0

>@< Para baixar,clique em: Descargar

>@< Salve o utilitário em C:\mxone.zip

>@< Descompacte-o para uma pasta própria.

>@< No Asistente de Instalacion Mx One,escolha: Instalador Mx One Guardian

>@< Pela infecção detectada ( W32/VB-CYG ),voçê utiliza ou utilizou unidades de drivers removíveis.

>@< Mantenha a proteção Mx One Guardian Tiempo Real,ativada.

>@< Procure,também,atualizar o programa,sempre que houver disponibilidade!

_______________________

 

>@< Verifique se já pode entrar em Modo de Segurança e,instalar Antivírus.

>@< Poste,na sua resposta: C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia!

 

ComboFix 08-01-04.1 - Administrador 2008-01-09 10:44:31.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.323 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE

C:\autorun.inf

C:\Documents and Settings\Administrador\Dados de aplicativos\hidires\hidr.exe

C:\Documents and Settings\Administrador\Dados de aplicativos\hidires\m_hook.sys

C:\Documents and Settings\Administrador\Dados de aplicativos\hidires\srosa.sys

C:\Documents and Settings\Administrador\Dados de aplicativos\hidn\hidn2.exe

C:\Documents and Settings\Administrador\Dados de aplicativos\m\flec006.exe

C:\fun.xls.exe

C:\WINDOWS\System32\4.exe

C:\WINDOWS\System32\algsrvs.exe

C:\WINDOWS\System32\drivers\hidr.exe

C:\WINDOWS\System32\drivers\srosa.sys

C:\WINDOWS\System32\hldrrr.exe

C:\WINDOWS\System32\msfun80.exe

C:\WINDOWS\System32\msime82.exe

C:\WINDOWS\System32\wintems.exe

C:\WINDOWS\ufdata2000.log

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))))

.

 

2008-01-09 08:40 . 2008-01-09 08:40 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-01-08 23:04 . 2008-01-08 23:04 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\GeoVid

2008-01-08 23:03 . 2008-01-08 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GeoVid

2008-01-08 23:03 . 2008-01-08 23:12 <DIR> d-------- C:\Arquivos de programas\GeoVid

2008-01-08 23:03 . 2008-01-08 23:03 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\GeoVid

2008-01-08 23:03 . 2004-08-04 16:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-01-08 23:03 . 2003-03-19 09:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll

2008-01-08 23:03 . 2005-06-07 16:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll

2008-01-07 16:22 . 2008-01-07 16:22 <DIR> d-------- C:\Arquivos de programas\Intelig

2007-12-20 01:09 . 2007-12-20 01:09 268 --ah----- C:\sqmdata08.sqm

2007-12-20 01:09 . 2007-12-20 01:09 244 --ah----- C:\sqmnoopt08.sqm

2007-12-13 14:31 . 2007-12-13 14:31 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2007-12-13 14:31 . 2007-12-13 14:31 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2007-12-13 14:31 . 2007-12-13 14:31 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2007-12-13 14:31 . 2007-12-13 14:31 <DIR> d-------- C:\Documents and Settings\Default User\Configuraþ§es locais

2007-12-13 14:31 . 2007-12-13 14:31 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-09 13:00 --------- d-----w C:\Arquivos de programas\Oi Internet

2007-12-19 19:24 --------- d-----w C:\Arquivos de programas\War Chess

2007-12-19 03:24 --------- d-----w C:\Arquivos de programas\Discador Orolix

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-12-01 12:27 --------- d-----w C:\Arquivos de programas\Alwil Software

2007-12-01 12:15 --------- d-----w C:\Arquivos de programas\CCleaner

2007-12-01 01:24 --------- d-----w C:\Arquivos de programas\ApecSoft

2007-12-01 01:03 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2007-11-29 20:50 --------- d-----w C:\Arquivos de programas\IObit

2007-11-28 16:09 --------- d-----w C:\Arquivos de programas\eRightSoft

2007-11-24 19:58 --------- d-----w C:\Arquivos de programas\Real Alternative

2007-11-24 16:39 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic

2007-11-24 16:31 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2007-11-14 20:22 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2007-11-14 03:09 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2007-11-14 01:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2007-11-13 10:25 20,480 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-09 19:28 46,704 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-10-29 22:44 1,292,288 -c--a-w C:\WINDOWS\system32\quartz.dll

2007-10-20 09:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"PCTVOICE"="pctspk.exe" [2001-09-05 23:50 86016 C:\WINDOWS\system32\pctspk.exe]

"german"="" []

"drvsyskit"="" []

"hldrrr"="" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"Cmaudio"="cmicnfg.cpl" []

"SoundMan"="SOUNDMAN.EXE" [2004-06-18 05:31 67584 C:\WINDOWS\soundman.exe]

"SMSERIAL"="sm56hlpr.exe" [2004-12-28 19:01 544768 C:\WINDOWS\sm56hlpr.exe]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:45 15360]

"melg3445"="" []

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discador iG]

C:\Arquivos de programas\iGv6\Discador iG.exe boot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]

2006-07-13 02:34 57344 --a------ C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Arquivos de programas\Messenger\msmsgs.exe /background

 

S3 cwrwdm;SoundFusion WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys []

S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00]

S3 SiSV;SiSV;C:\WINDOWS\system32\DRIVERS\SiSV.sys [2001-08-17 20:50]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7020b238-7be7-11dc-83de-d204d610bf73}]

\Shell\auto\command - G:\Knight.exe open

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open

\Shell\explore\command - G:\Knight.exe open

\Shell\find\command - G:\Knight.exe open

\Shell\install\command - G:\Knight.exe open

\Shell\open\command - G:\Knight.exe open

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ce9a7b2-79ca-11dc-83d8-860fb7ce4d78}]

\Shell\Auto\command - fun.xls.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a11de2a6-7429-11dc-83c7-dfa3610b1149}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-09 12:18:47 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-09 10:47:04

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-01-09 10:48:29

.

2008-01-04 11:23:26 --- E O F ---

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:05:55, on 9/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\sm56hlpr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Intelig\Discador InteligWeb\interdial.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Mx One\mogtr.exe

C:\hijackthis\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Mx_One_Guardian_Tiempo_Real] C:\Arquivos de programas\Mx One\mogtr.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PCTVOICE] pctspk.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181851265133

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193517875796

O17 - HKLM\System\CCS\Services\Tcpip\..\{0334D0E5-1A01-4DD2-98B5-DA1DABA0D0AD}: NameServer = 200.184.26.9 200.184.26.14

O17 - HKLM\System\CS2\Services\Tcpip\..\{0334D0E5-1A01-4DD2-98B5-DA1DABA0D0AD}: NameServer = 200.184.26.9 200.184.26.14

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

 

Só para constar, meu gravador está levando 52 minutos para gravar um dvd de dados no nero, e a internet cai se tentar gravar algo mesmo em cd.

Gostaria de saber também se pode ser apagada a pasta C:\mxone.

 

Abraços!

 

Bom dia!

 

ComboFix 08-01-04.1 - Administrador 2008-01-09 10:44:31.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.323 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE

C:\autorun.inf

C:\Documents and Settings\Administrador\Dados de aplicativos\hidires\hidr.exe

C:\Documents and Settings\Administrador\Dados de aplicativos\hidires\m_hook.sys

C:\Documents and Settings\Administrador\Dados de aplicativos\hidires\srosa.sys

C:\Documents and Settings\Administrador\Dados de aplicativos\hidn\hidn2.exe

C:\Documents and Settings\Administrador\Dados de aplicativos\m\flec006.exe

C:\fun.xls.exe

C:\WINDOWS\System32\4.exe

C:\WINDOWS\System32\algsrvs.exe

C:\WINDOWS\System32\drivers\hidr.exe

C:\WINDOWS\System32\drivers\srosa.sys

C:\WINDOWS\System32\hldrrr.exe

C:\WINDOWS\System32\msfun80.exe

C:\WINDOWS\System32\msime82.exe

C:\WINDOWS\System32\wintems.exe

C:\WINDOWS\ufdata2000.log

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))))

.

 

2008-01-09 08:40 . 2008-01-09 08:40 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-01-08 23:04 . 2008-01-08 23:04 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\GeoVid

2008-01-08 23:03 . 2008-01-08 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GeoVid

2008-01-08 23:03 . 2008-01-08 23:12 <DIR> d-------- C:\Arquivos de programas\GeoVid

2008-01-08 23:03 . 2008-01-08 23:03 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\GeoVid

2008-01-08 23:03 . 2004-08-04 16:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-01-08 23:03 . 2003-03-19 09:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll

2008-01-08 23:03 . 2005-06-07 16:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll

2008-01-07 16:22 . 2008-01-07 16:22 <DIR> d-------- C:\Arquivos de programas\Intelig

2007-12-20 01:09 . 2007-12-20 01:09 268 --ah----- C:\sqmdata08.sqm

2007-12-20 01:09 . 2007-12-20 01:09 244 --ah----- C:\sqmnoopt08.sqm

2007-12-13 14:31 . 2007-12-13 14:31 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2007-12-13 14:31 . 2007-12-13 14:31 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2007-12-13 14:31 . 2007-12-13 14:31 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2007-12-13 14:31 . 2007-12-13 14:31 <DIR> d-------- C:\Documents and Settings\Default User\Configuraþ§es locais

2007-12-13 14:31 . 2007-12-13 14:31 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-09 13:00 --------- d-----w C:\Arquivos de programas\Oi Internet

2007-12-19 19:24 --------- d-----w C:\Arquivos de programas\War Chess

2007-12-19 03:24 --------- d-----w C:\Arquivos de programas\Discador Orolix

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-12-01 12:27 --------- d-----w C:\Arquivos de programas\Alwil Software

2007-12-01 12:15 --------- d-----w C:\Arquivos de programas\CCleaner

2007-12-01 01:24 --------- d-----w C:\Arquivos de programas\ApecSoft

2007-12-01 01:03 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2007-11-29 20:50 --------- d-----w C:\Arquivos de programas\IObit

2007-11-28 16:09 --------- d-----w C:\Arquivos de programas\eRightSoft

2007-11-24 19:58 --------- d-----w C:\Arquivos de programas\Real Alternative

2007-11-24 16:39 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic

2007-11-24 16:31 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2007-11-14 20:22 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2007-11-14 03:09 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2007-11-14 01:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2007-11-13 10:25 20,480 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-09 19:28 46,704 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-10-29 22:44 1,292,288 -c--a-w C:\WINDOWS\system32\quartz.dll

2007-10-20 09:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"PCTVOICE"="pctspk.exe" [2001-09-05 23:50 86016 C:\WINDOWS\system32\pctspk.exe]

"german"="" []

"drvsyskit"="" []

"hldrrr"="" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"Cmaudio"="cmicnfg.cpl" []

"SoundMan"="SOUNDMAN.EXE" [2004-06-18 05:31 67584 C:\WINDOWS\soundman.exe]

"SMSERIAL"="sm56hlpr.exe" [2004-12-28 19:01 544768 C:\WINDOWS\sm56hlpr.exe]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:45 15360]

"melg3445"="" []

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discador iG]

C:\Arquivos de programas\iGv6\Discador iG.exe boot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]

2006-07-13 02:34 57344 --a------ C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Arquivos de programas\Messenger\msmsgs.exe /background

 

S3 cwrwdm;SoundFusion WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys []

S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00]

S3 SiSV;SiSV;C:\WINDOWS\system32\DRIVERS\SiSV.sys [2001-08-17 20:50]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7020b238-7be7-11dc-83de-d204d610bf73}]

\Shell\auto\command - G:\Knight.exe open

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open

\Shell\explore\command - G:\Knight.exe open

\Shell\find\command - G:\Knight.exe open

\Shell\install\command - G:\Knight.exe open

\Shell\open\command - G:\Knight.exe open

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ce9a7b2-79ca-11dc-83d8-860fb7ce4d78}]

\Shell\Auto\command - fun.xls.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a11de2a6-7429-11dc-83c7-dfa3610b1149}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-09 12:18:47 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-09 10:47:04

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-01-09 10:48:29

.

2008-01-04 11:23:26 --- E O F ---

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:05:55, on 9/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\sm56hlpr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Intelig\Discador InteligWeb\interdial.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Mx One\mogtr.exe

C:\hijackthis\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Mx_One_Guardian_Tiempo_Real] C:\Arquivos de programas\Mx One\mogtr.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PCTVOICE] pctspk.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181851265133

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193517875796

O17 - HKLM\System\CCS\Services\Tcpip\..\{0334D0E5-1A01-4DD2-98B5-DA1DABA0D0AD}: NameServer = 200.184.26.9 200.184.26.14

O17 - HKLM\System\CS2\Services\Tcpip\..\{0334D0E5-1A01-4DD2-98B5-DA1DABA0D0AD}: NameServer = 200.184.26.9 200.184.26.14

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

 

Só para constar, meu gravador está levando 52 minutos para gravar um dvd de dados no nero, e a internet cai se tentar gravar algo mesmo em cd.

Gostaria de saber também se pode ser apagada a pasta C:\mxone.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde Prowerewolf!

 

Só para constar, meu gravador está levando 52 minutos para gravar um dvd de dados no nero, e a internet cai se tentar gravar algo mesmo em cd.

>@< Desabilite,momentaneamente,a proteção residente do Mx One e veja se o problema continua!

 

Gostaria de saber também se pode ser apagada a pasta C:\mxone.

>@< A menos que queira remover o utilitário,que lhe dá proteção para dispositivos inseridos na entrada USB.

______________________

 

<!> Voçê já pode entrar em Modo de Segurança?

______________________

 

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Clique em BitDefender ( Scan OnLine ).

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em I Agree.

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

______________________

 

>@< Poste,então: Relatório do BitDefender + Log do HijackThis,atualizado.

 

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia!

 

No que me referi a pasta C:\mxone, quis saber se a pasta em Arquivos de Programas que foi criada não seria a principal, e a "deszipada" em C seria somente o instalador, por isso podendo ser apagada.

A gravação em 52 minutos já acontece desde a infecção, e tenho o Windows 98 em outra partição que grava normalmente, mas não posso visualizar os arquivos do XP através do 98.

Quanto ao Modo Seguro, já consigo entrar normalmente.

E aío vão os logs:

 

BitDefender Online Scanner

 

Scan report generated at: Thu, Jan 10, 2008 - 13:55:31

 

Scan path: A:\;C:\;D:\;E:\;F:\;

 

 

Statistics

Time

01:21:28

 

Files

124319

 

Folders

4544

 

Boot Sectors

5

 

Archives

1362

 

Packed Files

14130

 

Results

Identified Viruses

1

 

Infected Files

1

 

Suspect Files

0

 

Warnings

0

 

Disinfected

0

 

Deleted Files

0

 

 

Engines Info

 

Virus Definitions

887990

 

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

 

Scan plugins

14

 

Archive plugins

38

 

Unpack plugins

7

 

E-mail plugins

6

 

System plugins

1

 

Scan Settings

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

Scanned File

Status

 

C:\Arquivos de programas\Mx One\mogtr.exe

Infected with: Trojan.Packed.2567

 

C:\Arquivos de programas\Mx One\mogtr.exe

Disinfection failed

 

C:\Arquivos de programas\Mx One\mogtr.exe

Delete failed

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 14:01:16, on 10/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\sm56hlpr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Mx One\mogtr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Oi Internet\discaoi.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\hijackthis\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Mx_One_Guardian_Tiempo_Real] C:\Arquivos de programas\Mx One\mogtr.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PCTVOICE] pctspk.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181851265133

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193517875796

O17 - HKLM\System\CCS\Services\Tcpip\..\{0334D0E5-1A01-4DD2-98B5-DA1DABA0D0AD}: NameServer = 200.223.0.83 200.223.0.84

O17 - HKLM\System\CS2\Services\Tcpip\..\{0334D0E5-1A01-4DD2-98B5-DA1DABA0D0AD}: NameServer = 200.223.0.83 200.223.0.84

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

 

 

 

Muitissimo obrigado a atenção prestada!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite Prowerewolf!

 

No que me referi a pasta C:\mxone, quis saber se a pasta em Arquivos de Programas que foi criada não seria a principal, e a "deszipada" em C seria somente o instalador, por isso podendo ser apagada.

>@< Como essa pasta,contèm em seu interior o instalador,procure não deletá-la.Pois,futuramente,poderá restaurar o utilitário...caso haja problemas.

_____________________

 

C:\Arquivos de programas\Mx One\mogtr.exe

Infected with: Trojan.Packed.2567

>@< Já aqui,temos um Falso positivo do BitDefender.

_____________________

 

BAIXE

 

< Advanced WindowsCare >

 

>@< Salve-o no Desktop ou Arquivos de Programa.

>@< Este programa de limpeza,remove: Cookies,históricos e temporários.

>@< Procura,também,otimizar o SO e remover alguns Spywares.

>@< Recomendo o programa,a todos àqueles que têm problemas de lentidão,sem nenhuma causa aparente!

>@< Ao executar este utilitário,crie antes um Ponto de Restauração.

 

TUTORIAL

 

>1< Antes de rodar o programa,atualize o Banco de Dados: Clique em Estado.

>2< Clique em Atualizar Agora. >> Aguarde!

>3< Terminando,vá em Mais >> Clique em Limpador de Memória.

>@< Abrir-se-á a janela: Limpador de Memória.

>@< Clique em Limpar agora! Aguarde...

>@< Surgirá uma mensagem,após o término,informando a quantidade de memória liberada.

>@< Clique em Sair.

>4< Agora,o utilitário está pronto para limpar e otimizar o seu computador.

>5< Abra o programa e clique em Start >> Clique em Scan. ( Analisar )

>6< Terminando,aparecerão em vermelho,os ítens a serem removidos.

>7< Clique,agora,no botão Care. ( Reparar )

>8< Caso queira monitorar,o que será removido,clique para cada ítem,em: Show Details,antes de clicar em Reparar.

>9< Concluindo,reinicie o computador!

_____________________

 

>@< O Log está Limpo!

>@< Mas,aguardo notícias sobre as ações do Advanced WindowsCare.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.