[Resolvido] Maquina lenta acho que infectada!

rosanaloretti · Abril 21, 2008

:wacko:

Por favor me ajudem!!

Meu pc parece meio doido...

Ao iniciar aparece error keybord error keybord, e fico sem teclar nada, passo avira e nao tem virus, depois passo panda on line tb nao, desligo a lerda e desconecto o teclado e conecto novamente ligo e nao aparece mas error keybord mas ela continua lerda...

Analisem meus log por favor!! encarecidamente!!

SOCORRROOOOOOOOOO!!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:03:33, on 21/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Meu Computador\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [] OSK.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [] OSK.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.novadata.com.br/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://rosanaloretti.spaces.live.com//Phot...ad/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196556059015

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rosanaloretti.spaces.live.com/Photo...ad/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows...ggPublisher.exe

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{21721F32-CA2D-4DCB-BF9F-A23BD4A1376D}: NameServer = 200.223.0.84,200.165.132.155

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--

End of file - 7963 bytes

ComboFix 08-04-20.5 - Meu Computador 2008-04-21 16:53:17.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.173 [GMT -3:00]

Executando de: C:\Documents and Settings\Meu Computador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\Downloaded Program Files\setup.inf

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))))

.

2008-04-20 16:40 . 2008-04-20 20:09 <DIR> d-------- C:\Arquivos de programas\Panda Security

2008-04-20 13:57 . 2008-04-20 13:57 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2008-04-20 13:56 . 2008-04-20 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-04-20 13:56 . 2008-04-20 13:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-04-20 13:55 . 2008-04-20 13:55 19,871,600 --a------ C:\Arquivos de programas\aaw2007.exe

2008-04-20 12:53 . 2008-04-20 12:54 <DIR> d-------- C:\Arquivos de programas\vdownloader

2008-04-20 12:52 . 2008-04-20 12:52 3,490,554 --a------ C:\Arquivos de programas\vdownloader.zip

2008-04-20 11:53 . 2008-04-20 11:54 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-04-20 00:49 . 2008-04-20 00:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-04-20 00:49 . 2008-04-20 00:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-04-04 01:09 . 2008-04-04 01:09 <DIR> d-------- C:\temp

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-20 22:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-04-20 17:16 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-04-20 16:57 1,846 ----a-w C:\Arquivos de programas\Ad-Watch 2007.lnk

2008-04-20 15:39 --------- d-----w C:\Documents and Settings\Meu Computador\Dados de aplicativos\Lavasoft

2008-04-20 15:22 --------- d-----w C:\Arquivos de programas\Glary Utilities

2008-04-19 20:04 --------- d-----w C:\Documents and Settings\Meu Computador\Dados de aplicativos\Skype

2008-03-25 17:17 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-03-25 16:04 28,904 -c--a-w C:\Documents and Settings\Meu Computador\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-15 21:49 9,723,880 ----a-w C:\Arquivos de programas\spybotsd152.exe

2008-03-15 21:22 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-03-15 21:17 7,467,056 ----a-w C:\Arquivos de programas\spybotsd15.exe

2008-03-15 02:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-03-15 02:13 --------- d-----w C:\Arquivos de programas\Avira

2008-03-11 03:55 216,064 ----a-w C:\WINDOWS\iun3404.exe

2008-03-06 00:41 7,744 ----a-w C:\Arquivos de programas\license.txt

2008-03-06 00:41 7,137 ----a-w C:\Arquivos de programas\license_ph.txt

2008-03-06 00:41 2,079 ----a-w C:\Arquivos de programas\readme.doc

2008-03-06 00:41 12,800 ----a-w C:\Arquivos de programas\license.doc

2008-03-06 00:41 12,288 ----a-w C:\Arquivos de programas\license_ph.doc

2008-03-06 00:41 1,713 ----a-w C:\Arquivos de programas\readme.txt

2008-03-06 00:41 1,606 ----a-w C:\Arquivos de programas\readme_ph.doc

2008-03-06 00:41 1,288 ----a-w C:\Arquivos de programas\readme_ph.txt

2008-03-05 20:54 29,739,032 ----a-w C:\Arquivos de programas\fo-psp702f.exe

2008-03-05 20:44 29,639,168 ----a-w C:\Arquivos de programas\fo-psp702f.zip

2008-03-05 20:44 --------- d-----w C:\Arquivos de programas\fo-psp702f

2008-03-05 20:26 32,768 -c--a-w C:\WINDOWS\plugin.dll

2008-03-05 20:23 16,018 ----a-w C:\Arquivos de programas\plugin.zip

2008-03-05 20:22 477,478 ----a-w C:\Arquivos de programas\vm_natural.zip

2008-03-05 20:22 355,283 ----a-w C:\Arquivos de programas\msvcrt.zip

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-29 15:03 --------- d-----w C:\Arquivos de programas\Lexmark X1100 Series

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2007-07-14 04:58 1,227 -c--a-w C:\Arquivos de programas\ReadMe-en.txt

2007-07-14 04:35 466 -c--a-w C:\Arquivos de programas\wani-en.cnt

2007-05-04 02:25 21,558,168 -c--a-w C:\Arquivos de programas\Nokia_PC_Suite_683_rel_14_1_por_br_web.exe

2007-05-04 02:02 2,932,968 -c--a-w C:\Arquivos de programas\ST191All_Line.exe

2007-05-03 16:54 15,949,824 -c--a-w C:\Arquivos de programas\Instalar_Nokia_All_Line.msi

2006-09-23 22:49 13,185,024 -c--a-w C:\Arquivos de programas\Nokia_DKU-5_1_24.exe

2006-09-23 22:47 18,091,008 -c--a-w C:\Arquivos de programas\Nokia_PC_Suite_681_rel_13_por_br_web.msi

2006-09-23 22:42 533,704 -c--a-w C:\Arquivos de programas\AdbeRdr708_DLM_en_US.exe

2006-09-15 03:46 4,752,968 -c--a-w C:\Arquivos de programas\MsgPlus-363.exe

2006-09-15 03:29 10,332,640 -c--a-w C:\Arquivos de programas\SkypeSetup.exe

2006-09-15 03:15 16,391,464 -c--a-w C:\Arquivos de programas\Install_Messenger.exe

2006-06-16 23:18 1,271 -c--a-w C:\Arquivos de programas\Makefile

2006-05-17 12:21 331,776 -c--a-w C:\Arquivos de programas\SDL_ttf.dll

2006-05-17 11:45 77,824 -c--a-w C:\Arquivos de programas\vorbisfile.dll

2006-05-17 11:45 53,248 -c--a-w C:\Arquivos de programas\ogg.dll

2006-05-17 11:45 229,376 -c--a-w C:\Arquivos de programas\SDL_mixer.dll

2006-05-17 11:45 196,608 -c--a-w C:\Arquivos de programas\smpeg.dll

2006-05-17 11:45 1,163,264 -c--a-w C:\Arquivos de programas\vorbis.dll

2006-05-17 03:58 77,824 -c--a-w C:\Arquivos de programas\zlib1.dll

2006-05-17 03:58 40,960 -c--a-w C:\Arquivos de programas\SDL_image.dll

2006-05-17 03:58 385,090 -c--a-w C:\Arquivos de programas\libtiff.dll

2006-05-17 03:58 169,443 -c--a-w C:\Arquivos de programas\jpeg.dll

2006-05-17 03:58 126,976 -c--a-w C:\Arquivos de programas\libpng12.dll

2006-05-17 03:21 258,048 -c--a-w C:\Arquivos de programas\SDL.dll

2003-04-02 16:34 371 -c--a-w C:\Arquivos de programas\!readme.txt

2002-07-10 12:14 84 -c--a-w C:\Arquivos de programas\DIRECTX.INI

2000-05-28 03:31 225,280 -c--a-w C:\Arquivos de programas\NPMOD32.DLL

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-12-30 14:00 15360]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 10:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-16 22:55 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"@"="OSK.exe" [2004-12-30 14:00 216064 C:\WINDOWS\system32\osk.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 15:30 347976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

C:\Arquivos de programas\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\Arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"PCSuiteTrayApplication"=C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

"Lexmark X1100 Series"="C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

S3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2005-04-06 11:30]

S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2005-08-09 10:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cee686ae-6bc3-11dc-a848-000fea977ac5}]

\Shell\AutoRun\command - E:\xo8wr9.exe

\Shell\explore\Command - E:\xo8wr9.exe

\Shell\open\Command - E:\xo8wr9.exe

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-04-21 04:25:29 C:\WINDOWS\Tasks\User_Feed_Synchronization-{E5AB5455-D155-4D57-907B-B1DA74D8E67E}.job"

- C:\WINDOWS\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-21 16:55:38

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OMSCAN]

"ImagePath"="\Sys"

.

Tempo para conclusão: 2008-04-21 16:58:56

ComboFix-quarantined-files.txt 2008-04-21 19:58:18

Pre-Run: 70,991,806,464 bytes disponíveis

Post-Run: 71,050,539,008 bytes disponíveis

149 --- E O F --- 2008-04-19 19:06:49

Silas Martins · Abril 21, 2008

Reinicie

o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

O4 - HKUS\S-1-5-18\..\RunOnce: [] OSK.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] OSK.exe (User 'Default user')

Clique em Fix Checked

Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.

Aguardo retorno.

rosanaloretti · Abril 21, 2008

Segue novo log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:02:51, on 21/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Documents and Settings\Meu Computador\Desktop\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\WgaTray.exe