[Resolvido!]avaliacao de log tr/spy.banker.gen

[hades964 0]

Eu to com esse virus que a o antivirus detecto mas nao consigo deleta

e é so eu entra no orkut q manda varios scraps ... ou varias paginas do ie abrem do nada

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:35:24, on 6/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Nexus Radio\Nexus Radio.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Steam\Steam.exe

C:\Arquivos de programas\UltraVnc\winvnc.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\rundll32.exe

c:\windows\explorer.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Administrador\Desktop\Nova pasta\HijackThis.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.compartilhando.org/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: bootstrap.xps.1 - {C156BFB0-D597-4686-BF96-B1D0CCC53941} - C:\WINDOWS\system32\msr2cenu.ocx

O4 - HKLM\..\Run: [GuardianCliente] C:\Arquivos de programas\Kaizen Net Solutions\Guardian Cliente\GuardianCliente.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Nexus Radio] C:\Arquivos de programas\Nexus Radio\Nexus Radio.exe -0

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Run server as application.lnk = C:\Arquivos de programas\UltraVnc\winvnc.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://www.audition.com.br/activex/AuditionWeb.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197560791765

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0E5841F4-D464-4877-B018-8522F491EC11}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{0E5841F4-D464-4877-B018-8522F491EC11}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{0E5841F4-D464-4877-B018-8522F491EC11}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[jgarcia 1]

Opa hades964,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

[hades964 0]

Esta ai ... fiz oque voce mandou e posto aqui embaixo o log do hijachthis e do bankerfix

 

Logfile of HijackThis v1.99.1

Scan saved at 22:01:02, on 6/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Nexus Radio\Nexus Radio.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\UltraVnc\winvnc.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

c:\windows\explorer.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrador\Desktop\Nova pasta\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.compartilhando.org/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: bootstrap.xps.1 - {C156BFB0-D597-4686-BF96-B1D0CCC53941} - C:\WINDOWS\system32\msr2cenu.ocx

O4 - HKLM\..\Run: [GuardianCliente] C:\Arquivos de programas\Kaizen Net Solutions\Guardian Cliente\GuardianCliente.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Nexus Radio] C:\Arquivos de programas\Nexus Radio\Nexus Radio.exe -0

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Run server as application.lnk = C:\Arquivos de programas\UltraVnc\winvnc.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://www.audition.com.br/activex/AuditionWeb.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197560791765

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0E5841F4-D464-4877-B018-8522F491EC11}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{0E5841F4-D464-4877-B018-8522F491EC11}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{0E5841F4-D464-4877-B018-8522F491EC11}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

 

 

 

 

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 6/2/2008 - 21:59

-------------------------------------------------------

Lista de Definição: 2008-01-16-1

=======================================================

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

[jgarcia 1]

Opa hades964,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[hades964 0]

COMBOFIX

 

 

 

ComboFix 08-02.05.3 - Administrador 2008-02-06 22:26:07.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.710 [GMT -2:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

 

----- BITS: Possible infected sites -----

 

hxxp://www.download.windowsupdate.com

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-07 to 2008-02-07 ))))))))))))))))))))))))))))))))

.

 

2008-02-04 17:42 . 2004-08-03 19:45 1,689,088 --a------ C:\WINDOWS\system32\4d13e69.dll

2008-02-04 17:42 . 2004-08-03 19:45 1,689,088 --a------ C:\WINDOWS\system32\291c7500.dll

2008-02-04 17:42 . 2004-08-03 19:45 82,944 --a------ C:\WINDOWS\system32\2285d0.dll

2008-02-04 17:42 . 2004-08-03 19:45 82,944 --a------ C:\WINDOWS\system32\11ddf13.dll

2008-02-04 17:42 . 2008-02-04 17:42 80 --ah----- C:\WINDOWS\system32\HsInfo.dat

2008-02-04 17:32 . 2008-02-04 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-04 17:15 . 2008-02-04 17:15 <DIR> d-------- C:\Arquivos de programas\TibiaBot NG

2008-02-04 17:07 . 2008-02-04 17:07 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-02-04 14:49 . 2005-08-31 05:11 48,640 --a------ C:\WINDOWS\system32\drivers\cwrwdm.sys

2008-01-16 10:03 . 2008-01-16 10:03 <DIR> d-------- C:\Arquivos de programas\Kaizen Net Solutions

2008-01-11 13:51 . 2008-01-11 13:51 <DIR> d-------- C:\Arquivos de programas\Gpotato

2008-01-11 11:17 . 2008-01-11 11:17 1,190 --a------ C:\WINDOWS\mozver.dat

2008-01-11 10:40 . 2008-01-11 10:43 <DIR> d-------- C:\Documents and Settings\Administrador\.jSMS

2008-01-11 10:25 . 2008-01-11 10:25 0 --a------ C:\WINDOWS\nsreg.dat

2008-01-11 09:48 . 2008-01-11 09:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-06 22:35 --------- d-----w C:\Arquivos de programas\Steam

2008-02-06 22:35 --------- d-----w C:\Arquivos de programas\Nexus Radio

2008-01-16 12:16 --------- d-----w C:\Arquivos de programas\Everest Poker

2008-01-16 12:05 --------- d-----w C:\Arquivos de programas\MuDominium

2008-01-11 15:05 --------- d-----w C:\Arquivos de programas\Microsoft Games

2008-01-11 12:30 --------- d-----w C:\Arquivos de programas\Java

2007-12-17 21:10 --------- d-----w C:\Arquivos de programas\UltraVnc

2007-12-17 20:41 --------- d-----w C:\Arquivos de programas\Worms

2007-12-17 19:57 --------- d-----w C:\Arquivos de programas\eMule

2007-12-17 00:19 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Skype

2007-12-16 04:45 --------- d-----w C:\Arquivos de programas\Green Land Studios

2007-12-16 04:09 --------- d-----w C:\Arquivos de programas\GameVicio

2007-12-16 03:13 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2007-12-16 02:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-12-16 01:29 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-16 01:29 --------- d-----w C:\Arquivos de programas\EA GAMES

2007-12-16 00:52 --------- d-----w C:\Arquivos de programas\KartRider

2007-12-16 00:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2007-12-16 00:49 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2007-12-15 16:24 --------- d-----w C:\Arquivos de programas\Free-Soft

2007-12-15 16:11 --------- d-----w C:\Arquivos de programas\Rockstar Games

2007-12-15 15:41 --------- d-----w C:\Arquivos de programas\Eidos

2007-12-15 14:26 --------- d-----w C:\Arquivos de programas\Asprate

2007-12-15 14:20 --------- d-----w C:\Arquivos de programas\Tibia OT

2007-12-15 12:17 --------- d-----w C:\Arquivos de programas\EA SPORTS

2007-12-15 12:14 --------- d-----w C:\Arquivos de programas\Valve

2007-12-15 11:54 --------- d-----w C:\Arquivos de programas\AuditionBR

2007-12-14 21:35 --------- d-----w C:\Arquivos de programas\LevelUpGames

2007-12-14 18:49 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Corel

2007-12-14 18:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2007-12-14 18:47 --------- d-----w C:\Arquivos de programas\Corel

2007-12-14 18:47 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2007-12-14 16:46 --------- d-----w C:\Arquivos de programas\alaplaya

2007-12-14 15:43 --------- d-----w C:\Arquivos de programas\OnGame

2007-12-14 14:26 --------- d---a-w C:\Arquivos de programas\Dragonball vs. The Others

2007-12-14 02:30 --------- d-----w C:\Arquivos de programas\Warcraft III

2007-12-14 00:27 --------- d-----w C:\Arquivos de programas\ESET

2007-12-13 21:18 139,264 ----a-w C:\WINDOWS\War3Unin.exe

2007-12-13 20:43 --------- d-----w C:\Arquivos de programas\Activision

2007-12-13 20:26 --------- d-----w C:\Arquivos de programas\Maxis

2007-12-13 20:00 --------- d-----w C:\Arquivos de programas\Quake 3 Arena

2007-12-13 19:30 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Tibia

2007-12-13 19:28 --------- d-----w C:\Arquivos de programas\Tibia

2007-12-13 19:20 --------- d-----w C:\Arquivos de programas\VIA Technologies, INC

2007-12-13 19:01 --------- d-----w C:\Arquivos de programas\MSECache

2007-12-13 18:12 --------- d-----w C:\Arquivos de programas\Google

2007-12-13 18:09 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2007-12-13 18:05 --------- d-----w C:\Arquivos de programas\Youtube

2007-12-13 18:03 --------- d-----w C:\Arquivos de programas\LimeWire

2007-12-13 17:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2007-12-13 17:55 --------- d-----w C:\Arquivos de programas\Skype

2007-12-13 17:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2007-12-13 17:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-12-13 17:35 --------- d-----w C:\Arquivos de programas\Stardock

2007-12-13 17:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Stardock

2007-12-13 14:51 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-13 14:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2007-12-13 14:49 --------- d-----w C:\Arquivos de programas\Serviços on-line

2007-12-13 14:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-12-13 14:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-12-13 12:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-12-13 12:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C156BFB0-D597-4686-BF96-B1D0CCC53941}]

2008-02-06 20:27 399760 --a------ C:\WINDOWS\system32\msr2cenu.ocx

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:45 15360]

"Steam"="C:\Arquivos de programas\Steam\Steam.exe" [2007-12-13 16:45 1266936]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-12-03 05:14 49152]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GuardianCliente"="C:\Arquivos de programas\Kaizen Net Solutions\Guardian Cliente\GuardianCliente.exe" [2004-11-22 13:49 834048]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-12-03 05:14 5058560]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"nwiz"="nwiz.exe" [2003-12-03 05:14 741376 C:\WINDOWS\system32\nwiz.exe]

"Nexus Radio"="C:\Arquivos de programas\Nexus Radio\Nexus Radio.exe" [2007-11-23 20:10 2947584]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 20:54 3735552]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 19:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-12-13 14:46 7081984]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-12-03 05:14 49152]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="cmd.exe" [2004-08-03 19:45 400384 C:\WINDOWS\system32\cmd.exe]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 19:34 44544]

 

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

Stardock ObjectDock.lnk - C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe [2007-12-13 15:35:07 3450608]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Run server as application.lnk - C:\Arquivos de programas\UltraVnc\winvnc.exe [2007-12-17 18:33:52 1144384]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoWinKeys"= 0 (0x0)

"NoToolbarCustomize"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoSetFolders"= 0 (0x0)

"RestrictRun"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoLogOff"= 0 (0x0)

 

R3 cwrwdm;SoundFusion WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys [2005-08-31 05:11]

S3 XDva026;XDva026;C:\WINDOWS\system32\XDva026.sys []

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-06 22:27:39

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2527]

-> C:\Arquivos de programas\Stardock\ObjectDock\DockShellHook.dll

.

Tempo para conclusão: 2008-02-06 22:28:07

ComboFix-quarantined-files.txt 2008-02-07 00:27:59

 

 

 

 

HijachThis

 

Logfile of HijackThis v1.99.1

Scan saved at 22:40:55, on 6/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Nexus Radio\Nexus Radio.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\UltraVnc\winvnc.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

c:\windows\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrador\Desktop\Nova pasta\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.compartilhando.org/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: bootstrap.xps.1 - {C156BFB0-D597-4686-BF96-B1D0CCC53941} - C:\WINDOWS\system32\msr2cenu.ocx

O4 - HKLM\..\Run: [GuardianCliente] C:\Arquivos de programas\Kaizen Net Solutions\Guardian Cliente\GuardianCliente.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Nexus Radio] C:\Arquivos de programas\Nexus Radio\Nexus Radio.exe -0

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Run server as application.lnk = C:\Arquivos de programas\UltraVnc\winvnc.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://www.audition.com.br/activex/AuditionWeb.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197560791765

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0E5841F4-D464-4877-B018-8522F491EC11}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{0E5841F4-D464-4877-B018-8522F491EC11}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{0E5841F4-D464-4877-B018-8522F491EC11}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[hades964 0]

acho que nao saiu ainda poi ainda continua enviando msgs no orkut =\

[jgarcia 1]

Opa hades964,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\WINDOWS\system32\4d13e69.dll

C:\WINDOWS\system32\291c7500.dll

C:\WINDOWS\system32\2285d0.dll

C:\WINDOWS\system32\11ddf13.dll

C:\WINDOWS\system32\msr2cenu.ocx

 

Registry::

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C156BFB0-D597-4686-BF96-B1D0CCC53941}]

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  Ao término do processo a ferramenta irá gerar um log, mas não faça nada ainda.
   
  4. Submeta o arquivo abaixo ao site da

Jotti:
C:\WINDOWS\system32\HsInfo.dat
 
5. Poste o conteúdo do log gerado pelo CFScript (ele estará em C:\ComboFix.txt) em sua próxima resposta, juntamente com o resultado da análise supracitada.

Abraços.

[hades964 0]

COMBOFIX

 

ComboFix 08-02.05.3 - Administrador 2007-02-07 22:11:49.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.278 [GMT -2:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE

C:\WINDOWS\system32\11ddf13.dll

C:\WINDOWS\system32\2285d0.dll

C:\WINDOWS\system32\291c7500.dll

C:\WINDOWS\system32\4d13e69.dll

C:\WINDOWS\system32\msr2cenu.ocx

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\11ddf13.dll

C:\WINDOWS\system32\2285d0.dll

C:\WINDOWS\system32\291c7500.dll

C:\WINDOWS\system32\4d13e69.dll

C:\WINDOWS\system32\msr2cenu.ocx

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-05 to 2008-02.05 ))))))))))))))))))))))))))))))))

.

 

2008-02-06 22:32 . 2008-02-06 22:32 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-02-06 22:32 . 2008-02-06 22:32 <DIR> d-------- C:\WINDOWS\system32\oobe

2008-02-06 22:32 . 2008-02-06 22:32 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2008-02-04 17:42 . 2008-02-04 17:42 80 --ah----- C:\WINDOWS\system32\HsInfo.dat

2008-02-04 17:32 . 2008-02-04 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-04 17:15 . 2008-02-04 17:15 <DIR> d-------- C:\Arquivos de programas\TibiaBot NG

2008-02-04 17:07 . 2008-02-04 17:07 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-02-04 14:49 . 2005-08-31 05:11 48,640 --a------ C:\WINDOWS\system32\drivers\cwrwdm.sys

2008-01-16 10:03 . 2008-01-16 10:03 <DIR> d-------- C:\Arquivos de programas\Kaizen Net Solutions

2008-01-11 13:51 . 2008-01-11 13:51 <DIR> d-------- C:\Arquivos de programas\Gpotato

2008-01-11 11:17 . 2008-01-11 11:17 1,190 --a------ C:\WINDOWS\mozver.dat

2008-01-11 10:40 . 2008-01-11 10:43 <DIR> d-------- C:\Documents and Settings\Administrador\.jSMS

2008-01-11 10:25 . 2008-01-11 10:25 0 --a------ C:\WINDOWS\nsreg.dat

2008-01-11 09:48 . 2008-01-11 09:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-06 22:35 --------- d-----w C:\Arquivos de programas\Nexus Radio

2008-01-16 12:16 --------- d-----w C:\Arquivos de programas\Everest Poker

2008-01-16 12:05 --------- d-----w C:\Arquivos de programas\MuDominium

2008-01-11 15:05 --------- d-----w C:\Arquivos de programas\Microsoft Games

2008-01-11 12:30 --------- d-----w C:\Arquivos de programas\Java

2007-12-17 21:10 --------- d-----w C:\Arquivos de programas\UltraVnc

2007-12-17 20:41 --------- d-----w C:\Arquivos de programas\Worms

2007-12-17 19:57 --------- d-----w C:\Arquivos de programas\eMule

2007-12-17 00:19 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Skype

2007-12-16 04:45 --------- d-----w C:\Arquivos de programas\Green Land Studios

2007-12-16 04:09 --------- d-----w C:\Arquivos de programas\GameVicio

2007-12-16 03:13 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2007-12-16 02:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-12-16 01:29 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-16 01:29 --------- d-----w C:\Arquivos de programas\EA GAMES

2007-12-16 00:52 --------- d-----w C:\Arquivos de programas\KartRider

2007-12-16 00:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2007-12-16 00:49 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2007-12-15 16:24 --------- d-----w C:\Arquivos de programas\Free-Soft

2007-12-15 16:11 --------- d-----w C:\Arquivos de programas\Rockstar Games

2007-12-15 15:41 --------- d-----w C:\Arquivos de programas\Eidos

2007-12-15 14:26 --------- d-----w C:\Arquivos de programas\Asprate

2007-12-15 14:20 --------- d-----w C:\Arquivos de programas\Tibia OT

2007-12-15 12:17 --------- d-----w C:\Arquivos de programas\EA SPORTS

2007-12-15 12:14 --------- d-----w C:\Arquivos de programas\Valve

2007-12-15 11:54 --------- d-----w C:\Arquivos de programas\AuditionBR

2007-12-14 21:35 --------- d-----w C:\Arquivos de programas\LevelUpGames

2007-12-14 18:49 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Corel

2007-12-14 18:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2007-12-14 18:47 --------- d-----w C:\Arquivos de programas\Corel

2007-12-14 18:47 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2007-12-14 16:46 --------- d-----w C:\Arquivos de programas\alaplaya

2007-12-14 15:43 --------- d-----w C:\Arquivos de programas\OnGame

2007-12-14 14:26 --------- d---a-w C:\Arquivos de programas\Dragonball vs. The Others

2007-12-14 02:30 --------- d-----w C:\Arquivos de programas\Warcraft III

2007-12-14 00:27 --------- d-----w C:\Arquivos de programas\ESET

2007-12-13 21:18 139,264 ----a-w C:\WINDOWS\War3Unin.exe

2007-12-13 20:43 --------- d-----w C:\Arquivos de programas\Activision

2007-12-13 20:26 --------- d-----w C:\Arquivos de programas\Maxis

2007-12-13 20:00 --------- d-----w C:\Arquivos de programas\Quake 3 Arena

2007-12-13 19:30 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Tibia

2007-12-13 19:28 --------- d-----w C:\Arquivos de programas\Tibia

2007-12-13 19:20 --------- d-----w C:\Arquivos de programas\VIA Technologies, INC

2007-12-13 19:01 --------- d-----w C:\Arquivos de programas\MSECache

2007-12-13 18:12 --------- d-----w C:\Arquivos de programas\Google

2007-12-13 18:09 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2007-12-13 18:05 --------- d-----w C:\Arquivos de programas\Youtube

2007-12-13 18:03 --------- d-----w C:\Arquivos de programas\LimeWire

2007-12-13 17:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2007-12-13 17:55 --------- d-----w C:\Arquivos de programas\Skype

2007-12-13 17:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2007-12-13 17:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-12-13 17:35 --------- d-----w C:\Arquivos de programas\Stardock

2007-12-13 17:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Stardock

2007-12-13 14:51 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-13 14:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2007-12-13 14:49 --------- d-----w C:\Arquivos de programas\Serviços on-line

2007-12-13 14:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-12-13 14:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-12-13 12:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-12-13 12:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C156BFB0-D597-4686-BF96-B1D0CCC53941}]

C:\WINDOWS\system32\msr2cenu.ocx

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:45 15360]

"Steam"="C:\Arquivos de programas\Steam\Steam.exe" [2007-12-13 16:45 1266936]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-12-03 05:14 49152]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GuardianCliente"="C:\Arquivos de programas\Kaizen Net Solutions\Guardian Cliente\GuardianCliente.exe" [2004-11-22 13:49 834048]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-12-03 05:14 5058560]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"nwiz"="nwiz.exe" [2003-12-03 05:14 741376 C:\WINDOWS\system32\nwiz.exe]

"Nexus Radio"="C:\Arquivos de programas\Nexus Radio\Nexus Radio.exe" [2007-11-23 20:10 2947584]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 20:54 3735552]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 19:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-12-13 14:46 7081984]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-12-03 05:14 49152]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="cmd.exe" [2004-08-03 19:45 400384 C:\WINDOWS\system32\cmd.exe]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 19:34 44544]

 

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

Stardock ObjectDock.lnk - C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe [2007-12-13 15:35:07 3450608]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Run server as application.lnk - C:\Arquivos de programas\UltraVnc\winvnc.exe [2007-12-17 18:33:52 1144384]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoWinKeys"= 0 (0x0)

"NoToolbarCustomize"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoSetFolders"= 0 (0x0)

"RestrictRun"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoLogOff"= 0 (0x0)

 

S3 cwrwdm;SoundFusion WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys [2005-08-31 05:11]

S3 XDva026;XDva026;C:\WINDOWS\system32\XDva026.sys []

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-05 22:13:25

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-02-05 22:13:56

ComboFix-quarantined-files.txt 2008-02-06 00:13:41

ComboFix2.txt 2008-02-07 00:28:08

 

 

SITE

 

 

Service

Service load:

0% 100%

File: HsInfo.dat

Status:

OK

MD5: 8ea0a1048b141e71df27e8970e5e509d

Packers detected:

-

Bit9 reports: File not found

Scanner results

Scan taken on 08 Feb 2008 00:18:55 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Rising Antivirus

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

[jgarcia 1]

Opa hades964,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

Registry::

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C156BFB0-D597-4686-BF96-B1D0CCC53941}]

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.
  

Abraços.

[hades964 0]

ComboFix 08-02.05.3 - Administrador 2008-02-05 22:50:05.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.270 [GMT -2:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))

.

 

2008-02-06 22:32 . 2008-02-06 22:32 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-02-06 22:32 . 2008-02-06 22:32 <DIR> d-------- C:\WINDOWS\system32\oobe

2008-02-06 22:32 . 2008-02-06 22:32 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2008-02-04 17:42 . 2008-02-04 17:42 80 --ah----- C:\WINDOWS\system32\HsInfo.dat

2008-02-04 17:32 . 2008-02-04 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-04 17:15 . 2008-02-04 17:15 <DIR> d-------- C:\Arquivos de programas\TibiaBot NG

2008-02-04 17:07 . 2008-02-04 17:07 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-02-04 14:49 . 2005-08-31 05:11 48,640 --a------ C:\WINDOWS\system32\drivers\cwrwdm.sys

2008-01-16 10:03 . 2008-01-16 10:03 <DIR> d-------- C:\Arquivos de programas\Kaizen Net Solutions

2008-01-11 13:51 . 2008-01-11 13:51 <DIR> d-------- C:\Arquivos de programas\Gpotato

2008-01-11 11:17 . 2008-01-11 11:17 1,190 --a------ C:\WINDOWS\mozver.dat

2008-01-11 10:40 . 2008-01-11 10:43 <DIR> d-------- C:\Documents and Settings\Administrador\.jSMS

2008-01-11 10:25 . 2008-01-11 10:25 0 --a------ C:\WINDOWS\nsreg.dat

2008-01-11 09:48 . 2008-01-11 09:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-06 22:35 --------- d-----w C:\Arquivos de programas\Nexus Radio

2008-02-06 00:17 --------- d-----w C:\Arquivos de programas\Steam

2008-01-16 12:16 --------- d-----w C:\Arquivos de programas\Everest Poker

2008-01-16 12:05 --------- d-----w C:\Arquivos de programas\MuDominium

2008-01-11 15:05 --------- d-----w C:\Arquivos de programas\Microsoft Games

2008-01-11 12:30 --------- d-----w C:\Arquivos de programas\Java

2007-12-17 21:10 --------- d-----w C:\Arquivos de programas\UltraVnc

2007-12-17 20:41 --------- d-----w C:\Arquivos de programas\Worms

2007-12-17 19:57 --------- d-----w C:\Arquivos de programas\eMule

2007-12-17 00:19 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Skype

2007-12-16 04:45 --------- d-----w C:\Arquivos de programas\Green Land Studios

2007-12-16 04:09 --------- d-----w C:\Arquivos de programas\GameVicio

2007-12-16 03:13 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2007-12-16 02:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-12-16 01:29 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-16 01:29 --------- d-----w C:\Arquivos de programas\EA GAMES

2007-12-16 00:52 --------- d-----w C:\Arquivos de programas\KartRider

2007-12-16 00:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2007-12-16 00:49 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2007-12-15 16:24 --------- d-----w C:\Arquivos de programas\Free-Soft

2007-12-15 16:11 --------- d-----w C:\Arquivos de programas\Rockstar Games

2007-12-15 15:41 --------- d-----w C:\Arquivos de programas\Eidos

2007-12-15 14:26 --------- d-----w C:\Arquivos de programas\Asprate

2007-12-15 14:20 --------- d-----w C:\Arquivos de programas\Tibia OT

2007-12-15 12:17 --------- d-----w C:\Arquivos de programas\EA SPORTS

2007-12-15 12:14 --------- d-----w C:\Arquivos de programas\Valve

2007-12-15 11:54 --------- d-----w C:\Arquivos de programas\AuditionBR

2007-12-14 21:35 --------- d-----w C:\Arquivos de programas\LevelUpGames

2007-12-14 18:49 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Corel

2007-12-14 18:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2007-12-14 18:47 --------- d-----w C:\Arquivos de programas\Corel

2007-12-14 18:47 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2007-12-14 16:46 --------- d-----w C:\Arquivos de programas\alaplaya

2007-12-14 15:43 --------- d-----w C:\Arquivos de programas\OnGame

2007-12-14 14:26 --------- d---a-w C:\Arquivos de programas\Dragonball vs. The Others

2007-12-14 02:30 --------- d-----w C:\Arquivos de programas\Warcraft III

2007-12-14 00:27 --------- d-----w C:\Arquivos de programas\ESET

2007-12-13 21:18 139,264 ----a-w C:\WINDOWS\War3Unin.exe

2007-12-13 20:43 --------- d-----w C:\Arquivos de programas\Activision

2007-12-13 20:26 --------- d-----w C:\Arquivos de programas\Maxis

2007-12-13 20:00 --------- d-----w C:\Arquivos de programas\Quake 3 Arena

2007-12-13 19:30 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Tibia

2007-12-13 19:28 --------- d-----w C:\Arquivos de programas\Tibia

2007-12-13 19:20 --------- d-----w C:\Arquivos de programas\VIA Technologies, INC

2007-12-13 19:01 --------- d-----w C:\Arquivos de programas\MSECache

2007-12-13 18:12 --------- d-----w C:\Arquivos de programas\Google

2007-12-13 18:09 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2007-12-13 18:05 --------- d-----w C:\Arquivos de programas\Youtube

2007-12-13 18:03 --------- d-----w C:\Arquivos de programas\LimeWire

2007-12-13 17:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2007-12-13 17:55 --------- d-----w C:\Arquivos de programas\Skype

2007-12-13 17:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2007-12-13 17:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-12-13 17:35 --------- d-----w C:\Arquivos de programas\Stardock

2007-12-13 17:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Stardock

2007-12-13 14:51 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-13 14:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2007-12-13 14:49 --------- d-----w C:\Arquivos de programas\Serviços on-line

2007-12-13 14:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-12-13 14:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-12-13 12:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-12-13 12:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C156BFB0-D597-4686-BF96-B1D0CCC53941}]

C:\WINDOWS\system32\msr2cenu.ocx

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:45 15360]

"Steam"="C:\Arquivos de programas\Steam\Steam.exe" [2007-12-13 16:45 1266936]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-12-03 05:14 49152]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GuardianCliente"="C:\Arquivos de programas\Kaizen Net Solutions\Guardian Cliente\GuardianCliente.exe" [2004-11-22 13:49 834048]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-12-03 05:14 5058560]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"nwiz"="nwiz.exe" [2003-12-03 05:14 741376 C:\WINDOWS\system32\nwiz.exe]

"Nexus Radio"="C:\Arquivos de programas\Nexus Radio\Nexus Radio.exe" [2007-11-23 20:10 2947584]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 20:54 3735552]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 19:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-12-13 14:46 7081984]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-12-03 05:14 49152]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="cmd.exe" [2004-08-03 19:45 400384 C:\WINDOWS\system32\cmd.exe]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 19:34 44544]

 

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

Stardock ObjectDock.lnk - C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe [2007-12-13 15:35:07 3450608]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Run server as application.lnk - C:\Arquivos de programas\UltraVnc\winvnc.exe [2007-12-17 18:33:52 1144384]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoWinKeys"= 0 (0x0)

"NoToolbarCustomize"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoSetFolders"= 0 (0x0)

"RestrictRun"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoLogOff"= 0 (0x0)

 

S3 cwrwdm;SoundFusion WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys [2005-08-31 05:11]

S3 XDva026;XDva026;C:\WINDOWS\system32\XDva026.sys []

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-05 22:51:26

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2527]

-> C:\Arquivos de programas\Stardock\ObjectDock\DockShellHook.dll

.

Tempo para conclusão: 2008-02-05 22:51:54

ComboFix-quarantined-files.txt 2008-02-06 00:51:45

ComboFix2.txt 2008-02-06 00:21:18

ComboFix3.txt 2008-02-07 00:28:08

[jgarcia 1]

Opa hades964,

 

Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue até a seguinte subchave:

 

HKEY_LOCAL_MACHINE\~\Browser Helper Objects

 

Localize e delete a seguinte pasta:

 

{C156BFB0-D597-4686-BF96-B1D0CCC53941}

 

Saia do Editor do Registro.

 

Reinicie em Modo Normal.

 

Poste um novo log do ComboFix.

 

Abraços.

[hades964 0]

ComboFix 08-02.05.3 - Administrador 2008-02-10 10:02:40.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.281 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))

.

 

2008-02-06 21:32 . 2008-02-06 21:32 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-02-06 21:32 . 2008-02-06 21:32 <DIR> d-------- C:\WINDOWS\system32\oobe

2008-02-06 21:32 . 2008-02-06 21:32 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2008-02-05 21:49 . 2004-08-03 18:45 400,384 --a------ C:\kmd.exe

2008-02-04 16:42 . 2008-02-04 16:42 80 --ah----- C:\WINDOWS\system32\HsInfo.dat

2008-02-04 16:32 . 2008-02-04 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-04 16:15 . 2008-02-04 16:15 <DIR> d-------- C:\Arquivos de programas\TibiaBot NG

2008-02-04 16:07 . 2008-02-04 16:07 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-02-04 13:49 . 2005-08-31 04:11 48,640 --a------ C:\WINDOWS\system32\drivers\cwrwdm.sys

2008-01-16 09:03 . 2008-01-16 09:03 <DIR> d-------- C:\Arquivos de programas\Kaizen Net Solutions

2008-01-11 12:51 . 2008-01-11 12:51 <DIR> d-------- C:\Arquivos de programas\Gpotato

2008-01-11 10:17 . 2008-01-11 10:17 1,190 --a------ C:\WINDOWS\mozver.dat

2008-01-11 09:40 . 2008-01-11 09:43 <DIR> d-------- C:\Documents and Settings\Administrador\.jSMS

2008-01-11 09:25 . 2008-01-11 09:25 0 --a------ C:\WINDOWS\nsreg.dat

2008-01-11 08:48 . 2008-01-11 08:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-10 13:01 --------- d-----w C:\Arquivos de programas\Steam

2008-02-06 22:35 --------- d-----w C:\Arquivos de programas\Nexus Radio

2008-01-16 12:16 --------- d-----w C:\Arquivos de programas\Everest Poker

2008-01-16 12:05 --------- d-----w C:\Arquivos de programas\MuDominium

2008-01-11 15:05 --------- d-----w C:\Arquivos de programas\Microsoft Games

2008-01-11 12:30 --------- d-----w C:\Arquivos de programas\Java

2007-12-17 21:10 --------- d-----w C:\Arquivos de programas\UltraVnc

2007-12-17 20:41 --------- d-----w C:\Arquivos de programas\Worms

2007-12-17 19:57 --------- d-----w C:\Arquivos de programas\eMule

2007-12-17 00:19 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Skype

2007-12-16 04:45 --------- d-----w C:\Arquivos de programas\Green Land Studios

2007-12-16 04:09 --------- d-----w C:\Arquivos de programas\GameVicio

2007-12-16 03:13 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2007-12-16 02:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-12-16 01:29 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-16 01:29 --------- d-----w C:\Arquivos de programas\EA GAMES

2007-12-16 00:52 --------- d-----w C:\Arquivos de programas\KartRider

2007-12-16 00:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2007-12-16 00:49 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2007-12-15 16:24 --------- d-----w C:\Arquivos de programas\Free-Soft

2007-12-15 16:11 --------- d-----w C:\Arquivos de programas\Rockstar Games

2007-12-15 15:41 --------- d-----w C:\Arquivos de programas\Eidos

2007-12-15 14:26 --------- d-----w C:\Arquivos de programas\Asprate

2007-12-15 14:20 --------- d-----w C:\Arquivos de programas\Tibia OT

2007-12-15 12:17 --------- d-----w C:\Arquivos de programas\EA SPORTS

2007-12-15 12:14 --------- d-----w C:\Arquivos de programas\Valve

2007-12-15 11:54 --------- d-----w C:\Arquivos de programas\AuditionBR

2007-12-14 21:35 --------- d-----w C:\Arquivos de programas\LevelUpGames

2007-12-14 18:49 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Corel

2007-12-14 18:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2007-12-14 18:47 --------- d-----w C:\Arquivos de programas\Corel

2007-12-14 18:47 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2007-12-14 16:46 --------- d-----w C:\Arquivos de programas\alaplaya

2007-12-14 15:43 --------- d-----w C:\Arquivos de programas\OnGame

2007-12-14 14:26 --------- d---a-w C:\Arquivos de programas\Dragonball vs. The Others

2007-12-14 02:30 --------- d-----w C:\Arquivos de programas\Warcraft III

2007-12-14 00:27 --------- d-----w C:\Arquivos de programas\ESET

2007-12-13 21:18 139,264 ----a-w C:\WINDOWS\War3Unin.exe

2007-12-13 20:43 --------- d-----w C:\Arquivos de programas\Activision

2007-12-13 20:26 --------- d-----w C:\Arquivos de programas\Maxis

2007-12-13 20:00 --------- d-----w C:\Arquivos de programas\Quake 3 Arena

2007-12-13 19:30 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Tibia

2007-12-13 19:28 --------- d-----w C:\Arquivos de programas\Tibia

2007-12-13 19:20 --------- d-----w C:\Arquivos de programas\VIA Technologies, INC

2007-12-13 19:01 --------- d-----w C:\Arquivos de programas\MSECache

2007-12-13 18:12 --------- d-----w C:\Arquivos de programas\Google

2007-12-13 18:09 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2007-12-13 18:05 --------- d-----w C:\Arquivos de programas\Youtube

2007-12-13 18:03 --------- d-----w C:\Arquivos de programas\LimeWire

2007-12-13 17:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2007-12-13 17:55 --------- d-----w C:\Arquivos de programas\Skype

2007-12-13 17:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2007-12-13 17:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-12-13 17:35 --------- d-----w C:\Arquivos de programas\Stardock

2007-12-13 17:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Stardock

2007-12-13 14:51 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-13 14:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2007-12-13 14:49 --------- d-----w C:\Arquivos de programas\Serviços on-line

2007-12-13 14:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-12-13 14:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-12-13 12:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-12-13 12:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:45 15360]

"Steam"="C:\Arquivos de programas\Steam\Steam.exe" [2007-12-13 15:45 1266936]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-12-03 04:14 49152]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GuardianCliente"="C:\Arquivos de programas\Kaizen Net Solutions\Guardian Cliente\GuardianCliente.exe" [2004-11-22 12:49 834048]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-12-03 04:14 5058560]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"nwiz"="nwiz.exe" [2003-12-03 04:14 741376 C:\WINDOWS\system32\nwiz.exe]

"Nexus Radio"="C:\Arquivos de programas\Nexus Radio\Nexus Radio.exe" [2007-11-23 19:10 2947584]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 18:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-12-13 13:46 7081984]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-12-03 04:14 49152]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="cmd.exe" [2004-08-03 18:45 400384 C:\WINDOWS\system32\cmd.exe]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 18:34 44544]

 

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

Stardock ObjectDock.lnk - C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe [2007-12-13 14:35:07 3450608]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Run server as application.lnk - C:\Arquivos de programas\UltraVnc\winvnc.exe [2007-12-17 17:33:52 1144384]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoWinKeys"= 0 (0x0)

"NoToolbarCustomize"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoSetFolders"= 0 (0x0)

"RestrictRun"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoLogOff"= 0 (0x0)

 

S3 cwrwdm;SoundFusion WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys [2005-08-31 04:11]

S3 XDva026;XDva026;C:\WINDOWS\system32\XDva026.sys []

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-10 10:04:12

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2527]

-> C:\Arquivos de programas\Stardock\ObjectDock\DockShellHook.dll

.

Tempo para conclusão: 2008-02-10 10:04:38

ComboFix-quarantined-files.txt 2008-02-10 13:04:30

ComboFix2.txt 2008-02-06 00:51:54

ComboFix3.txt 2008-02-06 00:21:18

ComboFix4.txt 2008-02-07 00:28:08

[jgarcia 1]

Opa hades964,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\kmd.exe

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.
  

Abraços.

[hades964 0]

ComboFix 08-02.05.3 - Administrador 2008-02-10 12:58:15.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.733 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE

C:\kmd.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\kmd.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))

.

 

2008-02-06 21:32 . 2008-02-06 21:32 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-02-06 21:32 . 2008-02-06 21:32 <DIR> d-------- C:\WINDOWS\system32\oobe

2008-02-06 21:32 . 2008-02-06 21:32 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2008-02-04 16:42 . 2008-02-04 16:42 80 --ah----- C:\WINDOWS\system32\HsInfo.dat

2008-02-04 16:32 . 2008-02-04 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-04 16:15 . 2008-02-04 16:15 <DIR> d-------- C:\Arquivos de programas\TibiaBot NG

2008-02-04 16:07 . 2008-02-04 16:07 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-02-04 13:49 . 2005-08-31 04:11 48,640 --a------ C:\WINDOWS\system32\drivers\cwrwdm.sys

2008-01-16 09:03 . 2008-01-16 09:03 <DIR> d-------- C:\Arquivos de programas\Kaizen Net Solutions

2008-01-11 12:51 . 2008-01-11 12:51 <DIR> d-------- C:\Arquivos de programas\Gpotato

2008-01-11 10:17 . 2008-01-11 10:17 1,190 --a------ C:\WINDOWS\mozver.dat

2008-01-11 09:40 . 2008-01-11 09:43 <DIR> d-------- C:\Documents and Settings\Administrador\.jSMS

2008-01-11 09:25 . 2008-01-11 09:25 0 --a------ C:\WINDOWS\nsreg.dat

2008-01-11 08:48 . 2008-01-11 08:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-10 15:55 --------- d-----w C:\Arquivos de programas\Steam

2008-02-06 22:35 --------- d-----w C:\Arquivos de programas\Nexus Radio

2008-01-16 12:16 --------- d-----w C:\Arquivos de programas\Everest Poker

2008-01-16 12:05 --------- d-----w C:\Arquivos de programas\MuDominium

2008-01-11 15:05 --------- d-----w C:\Arquivos de programas\Microsoft Games

2008-01-11 12:30 --------- d-----w C:\Arquivos de programas\Java

2007-12-17 21:10 --------- d-----w C:\Arquivos de programas\UltraVnc

2007-12-17 20:41 --------- d-----w C:\Arquivos de programas\Worms

2007-12-17 19:57 --------- d-----w C:\Arquivos de programas\eMule

2007-12-17 00:19 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Skype

2007-12-16 04:45 --------- d-----w C:\Arquivos de programas\Green Land Studios

2007-12-16 04:09 --------- d-----w C:\Arquivos de programas\GameVicio

2007-12-16 03:13 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2007-12-16 02:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-12-16 01:29 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-16 01:29 --------- d-----w C:\Arquivos de programas\EA GAMES

2007-12-16 00:52 --------- d-----w C:\Arquivos de programas\KartRider

2007-12-16 00:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2007-12-16 00:49 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2007-12-15 16:24 --------- d-----w C:\Arquivos de programas\Free-Soft

2007-12-15 16:11 --------- d-----w C:\Arquivos de programas\Rockstar Games

2007-12-15 15:41 --------- d-----w C:\Arquivos de programas\Eidos

2007-12-15 14:26 --------- d-----w C:\Arquivos de programas\Asprate

2007-12-15 14:20 --------- d-----w C:\Arquivos de programas\Tibia OT

2007-12-15 12:17 --------- d-----w C:\Arquivos de programas\EA SPORTS

2007-12-15 12:14 --------- d-----w C:\Arquivos de programas\Valve

2007-12-15 11:54 --------- d-----w C:\Arquivos de programas\AuditionBR

2007-12-14 21:35 --------- d-----w C:\Arquivos de programas\LevelUpGames

2007-12-14 18:49 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Corel

2007-12-14 18:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2007-12-14 18:47 --------- d-----w C:\Arquivos de programas\Corel

2007-12-14 18:47 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2007-12-14 16:46 --------- d-----w C:\Arquivos de programas\alaplaya

2007-12-14 15:43 --------- d-----w C:\Arquivos de programas\OnGame

2007-12-14 14:26 --------- d---a-w C:\Arquivos de programas\Dragonball vs. The Others

2007-12-14 02:30 --------- d-----w C:\Arquivos de programas\Warcraft III

2007-12-14 00:27 --------- d-----w C:\Arquivos de programas\ESET

2007-12-13 21:18 139,264 ----a-w C:\WINDOWS\War3Unin.exe

2007-12-13 20:43 --------- d-----w C:\Arquivos de programas\Activision

2007-12-13 20:26 --------- d-----w C:\Arquivos de programas\Maxis

2007-12-13 20:00 --------- d-----w C:\Arquivos de programas\Quake 3 Arena

2007-12-13 19:30 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Tibia

2007-12-13 19:28 --------- d-----w C:\Arquivos de programas\Tibia

2007-12-13 19:20 --------- d-----w C:\Arquivos de programas\VIA Technologies, INC

2007-12-13 19:01 --------- d-----w C:\Arquivos de programas\MSECache

2007-12-13 18:12 --------- d-----w C:\Arquivos de programas\Google

2007-12-13 18:09 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2007-12-13 18:05 --------- d-----w C:\Arquivos de programas\Youtube

2007-12-13 18:03 --------- d-----w C:\Arquivos de programas\LimeWire

2007-12-13 17:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2007-12-13 17:55 --------- d-----w C:\Arquivos de programas\Skype

2007-12-13 17:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2007-12-13 17:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-12-13 17:35 --------- d-----w C:\Arquivos de programas\Stardock

2007-12-13 17:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Stardock

2007-12-13 14:51 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-13 14:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2007-12-13 14:49 --------- d-----w C:\Arquivos de programas\Serviços on-line

2007-12-13 14:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-12-13 14:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-12-13 12:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-12-13 12:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:45 15360]

"Steam"="C:\Arquivos de programas\Steam\Steam.exe" [2007-12-13 15:45 1266936]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-12-03 04:14 49152]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GuardianCliente"="C:\Arquivos de programas\Kaizen Net Solutions\Guardian Cliente\GuardianCliente.exe" [2004-11-22 12:49 834048]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-12-03 04:14 5058560]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"nwiz"="nwiz.exe" [2003-12-03 04:14 741376 C:\WINDOWS\system32\nwiz.exe]

"Nexus Radio"="C:\Arquivos de programas\Nexus Radio\Nexus Radio.exe" [2007-11-23 19:10 2947584]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 18:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-12-13 13:46 7081984]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-12-03 04:14 49152]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="cmd.exe" [2004-08-03 18:45 400384 C:\WINDOWS\system32\cmd.exe]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 18:34 44544]

 

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

Stardock ObjectDock.lnk - C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe [2007-12-13 14:35:07 3450608]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Run server as application.lnk - C:\Arquivos de programas\UltraVnc\winvnc.exe [2007-12-17 17:33:52 1144384]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoWinKeys"= 0 (0x0)

"NoToolbarCustomize"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoSetFolders"= 0 (0x0)

"RestrictRun"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoLogOff"= 0 (0x0)

 

R3 cwrwdm;SoundFusion WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys [2005-08-31 04:11]

S3 XDva026;XDva026;C:\WINDOWS\system32\XDva026.sys []

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-10 12:59:47

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-02-10 13:00:16

ComboFix-quarantined-files.txt 2008-02-10 16:00:01

ComboFix2.txt 2008-02-10 13:04:39

ComboFix3.txt 2008-02-06 00:51:54

ComboFix4.txt 2008-02-06 00:21:18

ComboFix5.txt 2008-02-07 00:28:08

[jgarcia 1]

Opa hades964,

 

O seu log está limpo. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

Abraços.

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é preciso enviar uma Mensagem Privada para um Moderador com um link para o tópico.