Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Rackson

[Arquivado] Poderiam analizar meu log?.... =\

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

Rackson    0

Rackson
Postado

Olá a todos....

Ando com alguns problemas após colocar um pendrive infectado no meu pc, em um período que eu estava sem anti-virus....

 

Como disse no título do tópico os Arquivos Ocultos não são exibidos (Mesmo indo em opções de pastas) e ando vendo uns arquivos q não sei oque são e uns processos também....

Acho que o somente o log é suficiente, mas caso alguem necessite de alguma outra informação é só falar!...

 

De já agradeço pelos q estão lendo o post!..

 

Segue o log:

Logfile of HijackThis v1.99.1Scan saved at 22:46:10, on 5/3/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exeC:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Windows Live\Messenger\usnsvc.exeC:\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.aspR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO1 - Hosts: 85.17.237.8 www.filewarez.nlO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - Startup: Untitled-1.pngO8 - Extra context menu item: Add to Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htmO8 - Extra context menu item: Download All Links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htmO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Salvar Flash - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Arquivos de programas\Syncsoft\PegaFlash\pegaflash (file missing)O9 - Extra 'Tools' menuitem: PegaFlash - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Arquivos de programas\Syncsoft\PegaFlash\pegaflash (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dllO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9F63592D-05D8-4FDB-9DB5-723BBDEE379E}: NameServer = 201.10.120.3,201.10.128.3O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~2.0\adialhk.dllO20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exeO23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

A propósito, o arquivo .png na inicialização é proposital ^^" (Lembrete, hehehe)

Abraço a todos

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa Rackson,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Rackson    0

Rackson
Postado

Opa jgarcia

 

Fiz como pediu, só que o PC não reiniciou no fim do processo.

Não sei se tem algum problema...

 

Mas os arquivos ocultos, que antes não estavam sendo exibidos, agora estão!! \o/

 

De qualquer forma eis o log do ComboFix e hijackthis respectivamente:

 

ComboFix 08-03-10.1 - Ze Rackson 2008-03-14 21:40:56.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1252.1.1046.18.260 [GMT -3:00]Executando de: C:\Documents and Settings\Ze Rackson\Desktop\ComboFix.exe * Criado um novo ponto de restauro[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color].(((((((((((((((((((((((((((((((((((((   Outras Exclusões   ))))))))))))))))))))))))))))))))))))))))))))))))))).C:\windows\svchost.iniC:\windows\system32\xbox.dll.(((((((((((((((((((((((   Ficheiros criados de 2008-02-15 to 2008-03-15  )))))))))))))))))))))))))))))))).2008-03-05 22:41 . 2008-03-05 22:46	<DIR>	d--------	C:\hijackthis2008-03-04 19:26 . 2008-03-04 19:26	<DIR>	d--------	C:\Documents and Settings\Ze Rackson\Dados de aplicativos\MakeUpPilot2008-02-28 00:32 . 2008-02-28 00:32	<DIR>	d--------	C:\Arquivos de programas\Apoio2008-02-27 22:15 . 2008-02-27 22:15	<DIR>	d--------	C:\Arquivos de programas\MSN BackUp2008-02-27 13:32 . 2008-03-09 15:08	<DIR>	d--------	C:\Documents and Settings\Ze Rackson\amsn2008-02-27 13:32 . 2008-02-27 13:32	<DIR>	d--------	C:\Arquivos de programas\aMSN2008-02-25 22:02 . 2008-02-25 22:02	<DIR>	d--------	C:\Documents and Settings\Ze Rackson\Dados de aplicativos\Notepad++2008-02-25 22:02 . 2008-02-25 22:02	<DIR>	d--------	C:\Arquivos de programas\Notepad++2008-02-23 13:26 . 2008-02-23 13:26	<DIR>	dr-h-----	C:\Documents and Settings\Ze Rackson\Dados de aplicativos\SecuROM2008-02-23 13:26 . 2008-02-23 13:26	108,144	--a------	C:\WINDOWS\system32\CmdLineExt.dll2008-02-16 13:09 . 2008-02-16 13:09	<DIR>	d--------	C:\Arquivos de programas\Winamp.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-03-15 00:42	798,240	--sha-w	C:\windows\system32\drivers\fidbox2.dat2008-03-15 00:42	24,939,296	--sha-w	C:\windows\system32\drivers\fidbox.dat2008-03-15 00:21	---------	d-----w	C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab2008-03-14 23:49	---------	d-----w	C:\Arquivos de programas\CyberScript312008-03-14 21:01	---------	d-----w	C:\Documents and Settings\Ze Rackson\Dados de aplicativos\DMCache2008-03-14 17:38	88,172	--sha-w	C:\windows\system32\drivers\fidbox2.idx2008-03-14 17:38	356,372	--sha-w	C:\windows\system32\drivers\fidbox.idx2008-02-13 00:30	---------	d-----w	C:\Arquivos de programas\CoolSMS2008-02-11 14:01	---------	d-----w	C:\Arquivos de programas\Instant Lock2008-02-08 14:38	51,361	----a-w	C:\windows\system32\calc.zip2008-02-08 14:31	---------	d-----w	C:\Arquivos de programas\Windows Live Safety Center2008-02-08 02:12	---------	d-----w	C:\Arquivos de programas\PowerQuest2008-02-07 01:28	---------	d-----w	C:\Documents and Settings\Ze Rackson\Dados de aplicativos\Radmin2008-02-06 17:05	---------	d-----w	C:\Arquivos de programas\Combined Community Codec Pack2008-02-04 14:47	---------	d-----w	C:\Arquivos de programas\AC3Filter2008-02-04 14:42	21,764	----a-w	C:\windows\system32\CoreAAC-uninstall.exe2008-02-01 00:59	91,700	----a-w	C:\windows\system32\drivers\klin.dat2008-01-29 01:55	---------	d-----w	C:\Arquivos de programas\Marcos Velasco Security2008-01-25 16:59	---------	d-----w	C:\Documents and Settings\Ze Rackson\Dados de aplicativos\Talkback2008-01-21 19:03	74,703	----a-w	C:\windows\system32\mfc45.dll2008-01-21 18:45	---------	d-----w	C:\Documents and Settings\Ze Rackson\Dados de aplicativos\iolo2008-01-21 18:45	---------	d-----w	C:\Documents and Settings\All Users\Dados de aplicativos\iolo2008-01-21 13:14	---------	d-----w	C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk2008-01-21 13:13	---------	d-----w	C:\Arquivos de programas\Arquivos comuns\Autodesk Shared2008-01-16 19:42	223,128	----a-w	C:\windows\system32\drivers\dtscsi.sys2008-01-16 19:42	---------	d-----w	C:\Arquivos de programas\DAEMON Tools2008-01-16 19:39	96,256	----a-w	C:\windows\system32\drivers\sptd7757.sys2008-01-16 19:39	642,560	----a-w	C:\windows\system32\drivers\sptd.sys2008-01-15 04:20	---------	d-----w	C:\Arquivos de programas\BitLord.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..REGEDIT4*Nota* entradas vazias & legítimas por defeito não são mostradas.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2007-03-09 18:50 200768]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2001-12-16 14:55 2899968]C:\Documents and Settings\Ze Rackson\Menu Iniciar\Programas\Inicializar\Untitled-1.png [2008-01-31 10:30:52 156012][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=C:\ARQUIV~1\KASPER~1\KASPER~2.0\adialhk.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Ze Rackson^Menu Iniciar^Programas^Inicializar^BananaScreen.lnk]backup=C:\WINDOWS\pss\BananaScreen.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Ze Rackson^Menu Iniciar^Programas^Inicializar^BitLord.lnk]backup=C:\WINDOWS\pss\BitLord.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmiRemoveDir]--a------ 2003-07-22 10:15 225280 C:\WINDOWS\CMIRMR~1.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]--a------ 2005-12-10 11:57 133016 C:\Arquivos de programas\DAEMON Tools\daemon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]--a------ 2007-01-01 19:54 3735552 C:\Arquivos de programas\Google\Google Talk\googletalk.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]--a------ 2007-10-28 01:39 880896 C:\Arquivos de programas\Internet Download Manager\IDMan.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]--a------ 2008-01-07 21:18 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]-ra------ 2001-12-16 14:55 2899968 C:\WINDOWS\system32\NvCpl.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]-ra------ 2001-12-16 14:55 46080 C:\WINDOWS\system32\NvMcTray.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]-ra------ 2001-12-16 14:55 782336 C:\WINDOWS\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2007-11-13 23:24 77824 C:\Arquivos de programas\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2007-09-25 00:11 132496 C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Userinit]C:\WINDOWS\system32\cologsver.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"="C:\\Arquivos de programas\\eMule\\emule.exe"="C:\\Arquivos de programas\\CyberScript31\\CyberScript.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=R3 CCCP106;D-Link CIF Webcam;C:\windows\system32\DRIVERS\cccp106.sys [2003-05-05 23:35]S3 mirrorv3;mirrorv3;C:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 04:01][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1340f5ba-c2a6-11dc-b413-806d6172696f}]\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1340f5bb-c2a6-11dc-b413-806d6172696f}]\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe.**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-03-14 21:42:53Windows 5.1.2600 Service Pack 2 NTFSProcurando processos ocultos ...Procurando entradas auto inicializáveis ocultas ...Procurando ficheiros ocultos ...Varredura completada com sucesso Ficheiros ocultos: 0 **************************************************************************.Tempo para conclusão: 2008-03-14 21:43:39ComboFix-quarantined-files.txt  2008-03-15 00:43:28.2007-10-23 01:04:56	--- E O F ---

 

Logfile of HijackThis v1.99.1Scan saved at 21:53:34, on 14/3/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\windows\System32\smss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\windows\system32\spoolsv.exeC:\windows\system32\nvsvc32.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\Arquivos de programas\Winamp\winamp.exeC:\Arquivos de programas\Windows Live\Messenger\usnsvc.exeC:\windows\explorer.exeC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exeC:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exeC:\windows\system32\wuauclt.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\hijackthis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO1 - Hosts: 85.17.237.8 www.filewarez.nlO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - Startup: Untitled-1.pngO8 - Extra context menu item: Add to Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htmO8 - Extra context menu item: Download All Links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htmO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Salvar Flash - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Arquivos de programas\Syncsoft\PegaFlash\pegaflash (file missing)O9 - Extra 'Tools' menuitem: PegaFlash - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Arquivos de programas\Syncsoft\PegaFlash\pegaflash (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dllO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9F63592D-05D8-4FDB-9DB5-723BBDEE379E}: NameServer = 201.10.120.3,201.10.128.3O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~2.0\adialhk.dllO20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exeO23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

 

 

 

Abraço e muito obrigado já! xD

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa Rackson,

 

Siga as instruções:

 

1. Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

2. Navegue até a seguinte subchave:

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2

 

3. Localize e delete as seguintes pastas:

 

{1340f5ba-c2a6-11dc-b413-806d6172696f}

{1340f5bb-c2a6-11dc-b413-806d6172696f}

 

4. Saia do Editor do Registro.

 

5. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\WINDOWS\system32\cologsver.exe

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

  • 2. Salve o arquivo como CFScript.txt;
     
    6. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
    645i642.gif
     
    7. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Rackson    0

Rackson
Postado

Opa x)

 

 

Aqui o log do Combofix

 

 

 

ComboFix 08-03-10.1 - Ze Rackson 2008-03-18 1:29:51.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.273 [GMT -3:00]

Executando de: C:\Documents and Settings\Ze Rackson\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Ze Rackson\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system32\cologsver.exe

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-02-18 to 2008-03-18 ))))))))))))))))))))))))))))))))

.

 

2008-03-15 21:38 . 2003-07-17 15:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd

2008-03-15 21:38 . 2005-01-01 06:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2008-03-15 21:25 . 2001-10-28 15:06 195,618 --a--c--- C:\WINDOWS\system32\dllcache\c_10002.nls

2008-03-15 21:25 . 2001-10-28 15:06 195,618 --a------ C:\WINDOWS\system32\c_10002.nls

2008-03-15 21:25 . 2001-10-28 15:06 82,172 --a--c--- C:\WINDOWS\system32\dllcache\bopomofo.nls

2008-03-15 21:25 . 2001-10-28 15:06 82,172 --a------ C:\WINDOWS\system32\bopomofo.nls

2008-03-15 21:25 . 2001-10-28 15:06 66,728 --a--c--- C:\WINDOWS\system32\dllcache\big5.nls

2008-03-15 21:25 . 2001-10-28 15:06 66,728 --a------ C:\WINDOWS\system32\big5.nls

2008-03-15 21:25 . 2001-10-28 15:06 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0804.dll

2008-03-15 21:25 . 2001-10-28 15:06 16,254 --a------ C:\WINDOWS\system32\PINTLPAE.HLP

2008-03-15 21:25 . 2001-10-28 15:06 14,821 --a------ C:\WINDOWS\system32\PINTLPAD.HLP

2008-03-15 21:25 . 2001-10-28 15:06 1,460 --a------ C:\WINDOWS\system32\a15.tbl

2008-03-15 21:24 . 2001-10-28 15:06 1,564,868 --a------ C:\WINDOWS\system32\WINSP.MB

2008-03-15 21:24 . 2001-10-28 15:06 1,223,500 --a------ C:\WINDOWS\system32\WINZM.MB

2008-03-15 21:20 . 2001-10-28 15:06 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-03-15 21:19 . 2004-08-03 22:31 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll

2008-03-15 21:18 . 2001-08-18 06:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll

2008-03-15 21:16 . 2008-03-15 21:16 <DIR> d-------- C:\Arquivos de programas\softnyx

2008-03-05 22:41 . 2008-03-14 21:53 <DIR> d-------- C:\hijackthis

2008-03-04 19:26 . 2008-03-04 19:26 <DIR> d-------- C:\Documents and Settings\Ze Rackson\Dados de aplicativos\MakeUpPilot

2008-02-28 00:32 . 2008-02-28 00:32 <DIR> d-------- C:\Arquivos de programas\Apoio

2008-02-27 22:15 . 2008-02-27 22:15 <DIR> d-------- C:\Arquivos de programas\MSN BackUp

2008-02-27 13:32 . 2008-03-09 15:08 <DIR> d-------- C:\Documents and Settings\Ze Rackson\amsn

2008-02-27 13:32 . 2008-02-27 13:32 <DIR> d-------- C:\Arquivos de programas\aMSN

2008-02-25 22:02 . 2008-02-25 22:02 <DIR> d-------- C:\Documents and Settings\Ze Rackson\Dados de aplicativos\Notepad++

2008-02-25 22:02 . 2008-02-25 22:02 <DIR> d-------- C:\Arquivos de programas\Notepad++

2008-02-23 13:26 . 2008-02-23 13:26 <DIR> dr-h----- C:\Documents and Settings\Ze Rackson\Dados de aplicativos\SecuROM

2008-02-23 13:26 . 2008-02-23 13:26 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-18 07:29 25,410,592 --sha-w C:\windows\system32\drivers\fidbox.dat

2008-03-18 07:22 820,512 --sha-w C:\windows\system32\drivers\fidbox2.dat

2008-03-17 21:07 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-03-17 17:25 90,068 --sha-w C:\windows\system32\drivers\fidbox2.idx

2008-03-17 17:25 362,348 --sha-w C:\windows\system32\drivers\fidbox.idx

2008-03-15 22:25 --------- d-----w C:\Documents and Settings\Ze Rackson\Dados de aplicativos\DMCache

2008-03-14 23:49 --------- d-----w C:\Arquivos de programas\CyberScript31

2008-02-16 16:09 --------- d-----w C:\Arquivos de programas\Winamp

2008-02-13 00:30 --------- d-----w C:\Arquivos de programas\CoolSMS

2008-02-11 14:01 --------- d-----w C:\Arquivos de programas\Instant Lock

2008-02-08 14:38 51,361 ----a-w C:\windows\system32\calc.zip

2008-02-08 14:31 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-02-08 02:12 --------- d-----w C:\Arquivos de programas\PowerQuest

2008-02-07 01:28 --------- d-----w C:\Documents and Settings\Ze Rackson\Dados de aplicativos\Radmin

2008-02-06 17:05 --------- d-----w C:\Arquivos de programas\Combined Community Codec Pack

2008-02-04 14:47 --------- d-----w C:\Arquivos de programas\AC3Filter

2008-02-04 14:42 21,764 ----a-w C:\windows\system32\CoreAAC-uninstall.exe

2008-02-01 00:59 91,700 ----a-w C:\windows\system32\drivers\klin.dat

2008-01-29 01:55 --------- d-----w C:\Arquivos de programas\Marcos Velasco Security

2008-01-25 16:59 --------- d-----w C:\Documents and Settings\Ze Rackson\Dados de aplicativos\Talkback

2008-01-21 19:03 74,703 ----a-w C:\windows\system32\mfc45.dll

2008-01-21 18:45 --------- d-----w C:\Documents and Settings\Ze Rackson\Dados de aplicativos\iolo

2008-01-21 18:45 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\iolo

2008-01-21 13:14 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk

2008-01-21 13:13 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Autodesk Shared

.

 

((((((((((((((((((((((((((((( snapshot@2008-03-14_21.43.08,98 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 01:31:50 175,104 ----a-w C:\windows\ime\chsime\applets\PINTLCSA.DLL

+ 2004-08-04 01:31:50 53,760 ----a-w C:\windows\ime\chsime\applets\PINTLCSD.DLL

+ 2004-08-04 01:31:52 97,792 ----a-w C:\windows\ime\CHTIME\Applets\CHTMBX.DLL

+ 2004-08-04 01:31:54 56,320 ----a-w C:\windows\ime\CHTIME\Applets\CHTSKDIC.DLL

+ 2004-08-04 01:31:54 173,568 ----a-w C:\windows\ime\CHTIME\Applets\CHTSKF.DLL

+ 2001-10-28 18:06:44 13,463,552 ----a-w C:\windows\ime\imjp8_1\applets\hwxjpn.dll

+ 2001-10-28 18:06:50 471,102 ----a-w C:\windows\ime\imjp8_1\applets\imskdic.dll

+ 2001-10-28 18:06:50 315,452 ----a-w C:\windows\ime\imjp8_1\applets\imskf.dll

+ 2001-10-28 18:06:52 229,439 ----a-w C:\windows\ime\imjp8_1\applets\multibox.dll

+ 2001-10-28 18:06:54 143,422 ----a-w C:\windows\ime\imjp8_1\applets\softkey.dll

+ 2004-08-04 01:32:36 426,041 ----a-w C:\windows\ime\imjp8_1\applets\voicepad.dll

+ 2004-08-04 01:32:36 86,073 ----a-w C:\windows\ime\imjp8_1\applets\voicesub.dll

+ 2004-08-04 01:31:40 57,399 ----a-w C:\windows\ime\imjp8_1\cplexe.exe

+ 2004-08-04 01:31:52 368,696 ----a-w C:\windows\ime\imjp8_1\imjpcic.dll

+ 2004-08-04 01:31:52 716,856 ----a-w C:\windows\ime\imjp8_1\imjpcus.dll

+ 2001-10-28 18:06:46 57,398 ----a-w C:\windows\ime\imjp8_1\imjpdadm.exe

+ 2004-08-04 01:31:54 81,976 ----a-w C:\windows\ime\imjp8_1\imjpdct.dll

+ 2004-08-04 01:31:54 307,257 ----a-w C:\windows\ime\imjp8_1\imjpdct.exe

+ 2004-08-04 01:31:56 155,705 ----a-w C:\windows\ime\imjp8_1\imjpdsvr.exe

+ 2004-08-04 01:31:58 196,665 ----a-w C:\windows\ime\imjp8_1\imjpinst.exe

+ 2004-08-04 01:32:00 208,952 ----a-w C:\windows\ime\imjp8_1\imjpmig.exe

+ 2004-08-04 01:32:12 233,527 ----a-w C:\windows\ime\imjp8_1\imjprw.exe

+ 2001-10-28 18:06:50 45,109 ----a-w C:\windows\ime\imjp8_1\imjpuex.exe

+ 2004-08-04 01:32:16 262,200 ----a-w C:\windows\ime\imjp8_1\imjputy.exe

+ 2004-08-04 01:32:16 274,489 ----a-w C:\windows\ime\imjp8_1\imjputyc.dll

+ 2001-10-28 18:06:46 10,129,408 ----a-w C:\windows\ime\imkr6_1\applets\hwxkor.dll

+ 2004-08-04 02:04:34 86,016 ----a-w C:\windows\ime\imkr6_1\applets\imekrmbx.dll

+ 2001-10-28 18:06:42 36,864 ----a-w C:\windows\ime\imkr6_1\dicts\hanjadic.dll

+ 2004-08-04 02:04:38 106,496 ----a-w C:\windows\ime\imkr6_1\imekrcic.dll

+ 2001-10-28 18:06:46 44,032 ----a-w C:\windows\ime\imkr6_1\imekrmig.exe

+ 2001-10-28 18:06:50 59,904 ----a-w C:\windows\ime\imkr6_1\imkrinst.exe

+ 2001-10-28 18:06:46 102,463 ----a-w C:\windows\ime\shared\imepadsm.dll

+ 2001-10-28 18:06:46 311,359 ----a-w C:\windows\ime\shared\imepadsv.exe

+ 2004-08-04 01:32:28 102,456 ----a-w C:\windows\ime\shared\imlang.dll

+ 2004-08-04 01:32:12 15,872 ----a-w C:\windows\ime\shared\res\PADRS404.DLL

+ 2001-10-28 18:06:52 36,927 ----a-w C:\windows\ime\shared\res\padrs411.dll

+ 2001-10-28 18:06:52 14,336 ----a-w C:\windows\ime\shared\res\padrs412.dll

+ 2004-08-04 01:31:50 15,360 ----a-w C:\windows\ime\shared\res\padrs804.dll

+ 2001-10-28 18:06:06 19,456 ----a-w C:\windows\msagent\intl\agt0411.dll

+ 2001-10-28 18:06:06 19,456 ----a-w C:\windows\msagent\intl\agt0412.dll

+ 2001-10-28 18:06:06 19,456 ----a-w C:\windows\msagent\intl\agt0804.dll

+ 2001-10-28 18:06:18 218,112 ----a-w C:\windows\system32\c_g18030.dll

+ 2001-10-28 18:06:18 6,656 ----a-w C:\windows\system32\c_is2022.dll

- 2008-03-14 03:05:04 32,768 ----a-w C:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2008-03-17 16:19:02 32,768 ----a-w C:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

- 2008-03-14 03:05:04 32,768 ----a-w C:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

+ 2008-03-17 16:19:02 32,768 ----a-w C:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

- 2008-03-14 03:05:04 16,384 ----a-w C:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-03-17 16:19:02 16,384 ----a-w C:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2001-08-18 01:55:56 6,144 -c--a-w C:\windows\system32\dllcache\kbd101b.dll

+ 2001-08-18 01:55:56 6,144 -c--a-w C:\windows\system32\dllcache\kbd101c.dll

+ 2001-08-18 01:55:56 5,632 -c--a-w C:\windows\system32\dllcache\kbd103.dll

+ 2001-08-18 01:55:56 6,144 -c--a-w C:\windows\system32\dllcache\kbd106.dll

+ 2001-08-18 09:36:18 8,704 -c--a-w C:\windows\system32\dllcache\kbdjpn.dll

+ 2001-08-18 09:36:18 8,192 -c--a-w C:\windows\system32\dllcache\kbdkor.dll

+ 2001-10-28 18:06:32 7,168 ----a-w C:\windows\system32\f3ahvoas.dll

+ 2004-08-04 01:31:54 198,656 ----a-w C:\windows\system32\IME\CINTLGNT\CINTIME.DLL

+ 2004-08-04 01:31:56 480,256 ----a-w C:\windows\system32\IME\CINTLGNT\CINTSETP.EXE

+ 2004-08-04 01:31:50 59,392 ----a-w C:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

+ 2004-08-04 01:31:50 70,144 ----a-w C:\windows\system32\IME\PINTLGNT\PINTLPHR.EXE

+ 2004-08-04 01:31:50 67,584 ----a-w C:\windows\system32\IME\PINTLGNT\PMIGRATE.DLL

+ 2004-08-04 01:32:16 44,032 ----a-w C:\windows\system32\IME\TINTLGNT\TINTLPHR.EXE

+ 2004-08-04 01:32:16 455,168 ----a-w C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

+ 2004-08-04 01:32:14 10,240 ----a-w C:\windows\system32\IME\TINTLGNT\TMIGRATE.DLL

+ 2001-10-28 18:06:40 6,144 ----a-w C:\windows\system32\kbd101.dll

+ 2001-10-28 18:06:40 6,144 ----a-w C:\windows\system32\kbd101a.dll

+ 2001-08-18 01:55:56 6,144 ----a-w C:\windows\system32\kbd101b.dll

+ 2001-08-18 01:55:56 6,144 ----a-w C:\windows\system32\kbd101c.dll

+ 2001-08-18 01:55:56 5,632 ----a-w C:\windows\system32\kbd103.dll

+ 2001-08-18 01:55:56 6,144 ----a-w C:\windows\system32\kbd106.dll

+ 2001-10-28 18:06:40 6,144 ----a-w C:\windows\system32\kbd106n.dll

+ 2001-10-28 18:06:40 6,144 ----a-w C:\windows\system32\kbdax2.dll

+ 2001-10-28 18:06:40 7,168 ----a-w C:\windows\system32\kbdibm02.dll

+ 2001-08-18 09:36:18 8,192 ----a-w C:\windows\system32\kbdkor.dll

+ 2001-10-28 18:06:40 6,656 ----a-w C:\windows\system32\kbdlk41a.dll

+ 2001-10-28 18:06:40 6,144 ----a-w C:\windows\system32\kbdlk41j.dll

+ 2001-10-28 18:06:40 7,168 ----a-w C:\windows\system32\kbdnec95.dll

+ 2001-10-28 18:06:40 9,216 ----a-w C:\windows\system32\kbdnecAT.dll

+ 2001-10-28 18:06:40 7,680 ----a-w C:\windows\system32\kbdnecNT.dll

+ 2004-08-04 02:04:12 76,288 ----a-w C:\windows\system32\uniime.dll

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2007-03-09 18:50 200768]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2001-12-16 14:55 2899968]

 

C:\Documents and Settings\Ze Rackson\Menu Iniciar\Programas\Inicializar\

Untitled-1.png [2008-01-31 10:30:52 156012]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"disableregistrytools"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\ARQUIV~1\KASPER~1\KASPER~2.0\adialhk.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]

backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Ze Rackson^Menu Iniciar^Programas^Inicializar^BananaScreen.lnk]

backup=C:\WINDOWS\pss\BananaScreen.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Ze Rackson^Menu Iniciar^Programas^Inicializar^BitLord.lnk]

backup=C:\WINDOWS\pss\BitLord.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmiRemoveDir]

--a------ 2003-07-22 10:15 225280 C:\WINDOWS\CMIRMR~1.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2005-12-10 11:57 133016 C:\Arquivos de programas\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

--a------ 2007-01-01 19:54 3735552 C:\Arquivos de programas\Google\Google Talk\googletalk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

--a------ 2007-10-28 01:39 880896 C:\Arquivos de programas\Internet Download Manager\IDMan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2008-01-07 21:18 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

-ra------ 2001-12-16 14:55 2899968 C:\WINDOWS\system32\NvCpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

-ra------ 2001-12-16 14:55 46080 C:\WINDOWS\system32\NvMcTray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

-ra------ 2001-12-16 14:55 782336 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-11-13 23:24 77824 C:\Arquivos de programas\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 00:11 132496 C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Userinit]

C:\WINDOWS\system32\cologsver.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\CyberScript31\\CyberScript.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R3 CCCP106;D-Link CIF Webcam;C:\windows\system32\DRIVERS\cccp106.sys [2003-05-05 23:35]

S3 mirrorv3;mirrorv3;C:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 04:01]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-18 04:26:09

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-03-18 4:55:56

ComboFix-quarantined-files.txt 2008-03-18 07:53:45

ComboFix2.txt 2008-03-15 00:43:40

.

2007-10-23 01:04:56 --- E O F ---

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa Rackson,

 

Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue até a seguinte subchave:

 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg

 

Localize e delete a seguinte pasta:

 

Userinit

 

Saia do Editor do Registro.

 

Poste um novo log do ComboFix.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito