[Arquivado] Problemas com arquivos exe

[Xymb 0]

Boa Noite,

 

Bom pessoal me ocorreu um problema com 2 executaveis (imapi.exe / dumprep.exe), meu problema e o seguinte. Quando abro o internet explorer, winamp, media player, etc. Meu PC simplesmente trava e sou obrigado a usar o gerenciador que por causa do problema demora uma eternidade pra aparecer, sendo mais facil reiniciar a maquina!

 

Queria saber de voces se tem alguma maneira de concertar isso?! =/

 

Espero respostas e ate fiz um log pelo hijackthis.

 

Logfile of HijackThis v1.99.1

Scan saved at 23:56:20, on 23/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Arquivos de programas\CyberLink\PowerBackup\PBKScheduler.exe"

O4 - HKLM\..\Run: [b'sCLiP] C:\ARQUIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Power2GoExpress] "C:\Arquivos de programas\CyberLink\Power2Go\Power2GoExpress.exe" /Startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{806640A1-CC83-4CC5-930D-1BBA966089F7}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

 

Esse "msmsgs.exe" nao seria uma infeccao tb?

 

Agradeco desde ja,

 

 

Warley

[jgarcia 1]

Opa Xymb,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[Xymb 0]

Obrigado pela resposta rapida jgarcia ^^

 

Como pedido este e o log do combofix

 

ComboFix 08-03-24.1 - Xymbica 2008-03-25 0:38:41.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.455 [GMT -3:00]

Executando de: C:\Documents and Settings\Xymbica\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

-- Script messages for sUBs --

pv -kf -l"* pid.bat *"

CF16749.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\* >Windir.dat"

VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\*

CF16749.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Arquivos de programas\*" >progfile.dat"

VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Arquivos de programas\*"

CF16749.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

 

((((((((((((((((((((((( Ficheiros criados de 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))))

.

 

2008-03-24 13:51 . 2008-03-24 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2008-03-24 06:48 . 2008-03-24 06:48 1,190 --a------ C:\WINDOWS\mozver.dat

2008-03-23 23:53 . 2008-03-23 23:56 <DIR> d-------- C:\hijackthis

2008-03-23 20:21 . 2008-03-23 21:02 31 --a------ C:\WINDOWS\GunzLauncher.INI

2008-03-23 18:51 . 2008-03-23 21:02 <DIR> d-------- C:\Arquivos de programas\The Duel

2008-03-23 18:46 . 2008-03-23 18:46 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-21 18:26 . 2008-03-21 18:26 <DIR> d-------- C:\Documents and Settings\Xymbica\Dados de aplicativos\Media Player Classic

2008-03-20 04:22 . 2008-03-20 04:22 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\NSV

2008-03-18 19:48 . 2008-03-18 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-03-17 23:18 . 2008-03-18 17:26 <DIR> d-------- C:\Downloads

2008-03-17 18:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-03-17 13:07 . 2008-03-18 18:33 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

2008-03-17 13:02 . 2008-03-17 13:02 <DIR> d-------- C:\WINDOWS\Sun

2008-03-17 12:53 . 2008-03-17 18:36 <DIR> d-------- C:\Arquivos de programas\Java

2008-03-17 12:51 . 2008-03-17 12:51 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-03-16 03:24 . 2008-03-16 03:24 268 --ah----- C:\sqmdata04.sqm

2008-03-16 03:24 . 2008-03-16 03:24 244 --ah----- C:\sqmnoopt04.sqm

2008-03-16 00:55 . 2008-03-16 00:55 268 --ah----- C:\sqmdata03.sqm

2008-03-16 00:55 . 2008-03-16 00:55 244 --ah----- C:\sqmnoopt03.sqm

2008-03-16 00:35 . 2008-03-16 00:35 <DIR> d-------- C:\Documents and Settings\Xymbica\Dados de aplicativos\Locktime

2008-03-16 00:27 . 2008-03-16 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Locktime

2008-03-16 00:22 . 2008-03-16 00:22 <DIR> d-------- C:\Fraps

2008-03-16 00:18 . 2008-03-16 00:17 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2008-03-16 00:18 . 2008-03-16 00:17 298,104 --a------ C:\WINDOWS\system32\imon.dll

2008-03-16 00:18 . 2008-03-16 00:17 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2008-03-16 00:17 . 2008-03-25 00:38 <DIR> d-------- C:\Arquivos de programas\ESET

2008-03-16 00:15 . 2008-03-16 00:55 <DIR> d-------- C:\Documents and Settings\Xymbica\Dados de aplicativos\CyberLink

2008-03-16 00:15 . 2005-01-07 17:34 486,766 --a------ C:\WINDOWS\BsUDF.tbl

2008-03-16 00:15 . 2005-03-23 19:23 164,608 --a------ C:\WINDOWS\system32\drivers\BsUDF.sys

2008-03-16 00:15 . 2005-03-23 19:45 131,072 --a------ C:\WINDOWS\IBUnInst.exe

2008-03-16 00:15 . 2005-03-23 19:23 10,368 --a------ C:\WINDOWS\system32\drivers\BsStor.sys

2008-03-16 00:14 . 2008-03-16 00:14 268 --ah----- C:\sqmdata02.sqm

2008-03-16 00:14 . 2008-03-16 00:14 244 --ah----- C:\sqmnoopt02.sqm

2008-03-16 00:10 . 2008-03-16 00:12 <DIR> d-------- C:\Arquivos de programas\DivX

2008-03-16 00:10 . 2008-03-16 00:12 5,642 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2008-03-16 00:10 . 2008-03-16 00:12 56 -r-hs---- C:\WINDOWS\system32\5C07F26FC3.sys

2008-03-16 00:09 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe

2008-03-16 00:08 . 2008-03-16 00:09 <DIR> d-------- C:\WINDOWS\system32\QuickTime

2008-03-16 00:08 . 2008-03-16 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\QuickTime

2008-03-16 00:08 . 2008-03-16 00:09 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-03-16 00:07 . 2008-03-16 00:07 <DIR> d-------- C:\MyWorks

2008-03-16 00:07 . 2008-03-16 00:15 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2008-03-16 00:07 . 2008-03-16 00:15 <DIR> d-------- C:\Arquivos de programas\CyberLink

2008-03-16 00:02 . 2008-03-16 00:02 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2008-03-16 00:00 . 2008-03-16 00:00 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-03-16 00:00 . 2008-03-16 00:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-03-15 23:45 . 2008-03-15 23:45 268 --ah----- C:\sqmdata01.sqm

2008-03-15 23:45 . 2008-03-15 23:45 244 --ah----- C:\sqmnoopt01.sqm

2008-03-15 23:28 . 2008-03-16 19:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-03-15 23:28 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-03-15 23:17 . 2008-03-15 23:17 <DIR> d-------- C:\Arquivos de programas\CDex_150

2008-03-15 23:12 . 2008-03-23 12:22 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-25 03:39 --------- d-----w C:\Documents and Settings\Xymbica\Dados de aplicativos\Skype

2008-03-25 03:29 --------- d-----w C:\Documents and Settings\Xymbica\Dados de aplicativos\skypePM

2008-03-18 20:54 --------- d-----w C:\Arquivos de programas\FlashGet

2008-03-16 06:46 --------- d-----w C:\Arquivos de programas\TVSuper3

2008-03-16 03:06 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-03-16 01:53 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2008-03-16 01:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-03-16 01:51 --------- d-----w C:\Arquivos de programas\Skype

2008-03-16 01:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2008-03-16 01:45 --------- d-----w C:\Arquivos de programas\KAIZEN Games

2008-03-16 01:35 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-03-16 01:34 --------- d-----w C:\Arquivos de programas\Lavasoft

2008-03-16 01:33 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-03-16 01:29 --------- d-----w C:\Documents and Settings\Xymbica\Dados de aplicativos\Winamp

2008-03-16 01:29 --------- d-----w C:\Documents and Settings\Xymbica\Dados de aplicativos\teamspeak2

2008-03-16 01:29 --------- d-----w C:\Arquivos de programas\Winamp

2008-03-16 01:29 --------- d-----w C:\Arquivos de programas\Teamspeak2_RC2

2008-03-16 01:26 --------- d-----w C:\Arquivos de programas\Windows Live

2008-03-16 01:26 --------- d-----w C:\Arquivos de programas\Real Alternative

2008-03-16 01:25 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-03-16 01:25 --------- d-----w C:\Documents and Settings\Xymbica\Dados de aplicativos\DAEMON Tools

2008-03-16 01:10 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-03-16 01:05 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-03-16 01:03 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34 3739672]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-02-13 20:09 486856]

"Power2GoExpress"="C:\Arquivos de programas\CyberLink\Power2Go\Power2GoExpress.exe" [2005-03-23 14:34 1630303]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 02:47 7311360]

"nwiz"="nwiz.exe" [2005-11-11 02:47 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 02:47 86016]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-03-16 00:09 77824]

"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="C:\Arquivos de programas\CyberLink\PowerBackup\PBKScheduler.exe" [2005-04-11 15:34 69721]

"B'sCLiP"="C:\ARQUIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2005-03-23 19:45 696320]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2008-03-16 00:17 949376]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\FlashGet\\flashget.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\The Duel\\GunzLauncher.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5100:TCP"= 5100:TCP:*:Disabled:5100

"6000:TCP"= 6000:TCP:*:Disabled:6000

"7777:UDP"= 7777:UDP:*:Disabled:7777

"7778:UDP"= 7778:UDP:*:Disabled:7778

"8900:UDP"= 8900:UDP:*:Disabled:8900

 

R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2005-03-23 19:23]

R2 BsUDF;B.H.A UDF Filesystem;C:\WINDOWS\system32\drivers\BsUDF.sys [2005-03-23 19:23]

S3 XDva068;XDva068;C:\WINDOWS\system32\XDva068.sys []

S3 XDva081;XDva081;C:\WINDOWS\system32\XDva081.sys []

S3 XDva095;XDva095;C:\WINDOWS\system32\XDva095.sys []

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-25 00:40:54

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Arquivos de programas\Eset\pr_imon.dll

.

Tempo para conclusão: 2008-03-25 0:42:47

ComboFix-quarantined-files.txt 2008-03-25 03:42:38

.

2008-03-16 22:45:19 --- E O F ---

 

 

 

Na sequencia o log do HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 00:50:25, on 25/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Arquivos de programas\CyberLink\PowerBackup\PBKScheduler.exe"

O4 - HKLM\..\Run: [b'sCLiP] C:\ARQUIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Power2GoExpress] "C:\Arquivos de programas\CyberLink\Power2Go\Power2GoExpress.exe" /Startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{806640A1-CC83-4CC5-930D-1BBA966089F7}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

espero que possa me ajudar =]

[jgarcia 1]

Opa Xymb,

 

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão ;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.