[Arquivado] Log HijackThis

[scorpio 7]

Meu computador ta MUITO lento pra desliga... eu clico em Iniciar -> Desligar computador e ele fica uns 3 minutos travado depois aparece a janela pra desliga mesmo...

E outra... do nada meu mouse para de funciona, sei.. pode ser problema no hardware, mas sei lá.. ta estranho.. funciona, pára, funciona, pára

 

Logfile of HijackThis v1.99.1

Scan saved at 20:41:47, on 11/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

E:\windows\System32\smss.exe

E:\windows\system32\csrss.exe

E:\windows\system32\winlogon.exe

E:\windows\system32\services.exe

E:\windows\system32\lsass.exe

E:\windows\system32\Ati2evxx.exe

E:\windows\system32\svchost.exe

E:\windows\system32\svchost.exe

E:\windows\System32\svchost.exe

E:\windows\system32\svchost.exe

E:\windows\system32\svchost.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

E:\windows\system32\Ati2evxx.exe

E:\windows\Explorer.EXE

E:\windows\system32\spoolsv.exe

E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

E:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

E:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

E:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

E:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

E:\windows\System32\alg.exe

E:\windows\system32\svchost.exe

E:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

E:\Arquivos de programas\Mozilla Firefox\firefox.exe

E:\HiJackThis\HijackThis.exe

 

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210450202296

O20 - Winlogon Notify: WgaLogon - E:\windows\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - E:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - E:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - E:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

 

 

Flw Vlw!

[jgarcia 1]

Opa §¢ö®Þ¡ö,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em E:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[scorpio 7]

Ta na mão!

 

ComboFix 08-05-11.1 - Sebastião 2008-05-11 21:52:58.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1542 [GMT -3:00]

Executando de: E:\Documents and Settings\Sebastião\Meus documentos\Lucas\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

The following files were disabled during the run:

E:\Arquivos de programas\GbPluggin\gbplib.dll

E:\Arquivos de programas\GbPluggin\gbppdist.dll

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))

.

 

2008-05-11 20:41 . 2008-05-11 20:41 <DIR> d-------- E:\HiJackThis

2008-05-11 11:07 . 2008-05-11 11:08 <DIR> d-------- E:\Arquivos de programas\PSUML

2008-05-10 20:01 . 2008-05-10 20:01 <DIR> d-------- E:\WINDOWS\system32\AGEIA

2008-05-10 20:01 . 2006-09-28 16:05 2,414,360 --a------ E:\WINDOWS\system32\d3dx9_31.dll

2008-05-10 20:00 . 2008-05-10 20:00 <DIR> d-------- E:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-05-10 20:00 . 2008-05-10 20:01 <DIR> d-------- E:\Arquivos de programas\AGEIA Technologies

2008-05-10 19:41 . 2008-05-10 19:41 <DIR> d-------- E:\Arquivos de programas\THQ

2008-05-10 01:15 . 2008-05-10 01:15 <DIR> d-------- E:\Arquivos de programas\Arquivos comuns\ParallelGraphics

2008-05-10 01:15 . 1998-06-19 12:23 270,848 --a------ E:\WINDOWS\UNWISE32.EXE

2008-05-05 22:51 . 2008-05-05 22:51 <DIR> d-------- E:\Arquivos de programas\fabFORCE

2008-05-05 22:51 . 2008-05-05 22:51 <DIR> d-------- E:\Arquivos de programas\Arquivos comuns\fabFORCE

2008-04-27 12:09 . 2008-04-27 12:09 <DIR> d-------- E:\Arquivos de programas\AquaMark3

2008-04-27 12:09 . 1999-10-21 11:12 20,400 --a------ E:\WINDOWS\system32\drivers\entech.sys

2008-04-25 13:15 . 2008-05-11 21:53 6,736 --a------ E:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-04-23 13:20 . 2008-04-23 13:20 <DIR> d-------- E:\Arquivos de programas\Windows Media Connect 2

2008-04-23 13:20 . 2004-08-04 00:45 221,184 --a------ E:\WINDOWS\system32\wmpns.dll

2008-04-23 13:18 . 2008-04-23 13:19 <DIR> d-------- E:\WINDOWS\system32\drivers\UMDF

2008-04-22 16:27 . 2008-04-22 17:15 <DIR> d-------- E:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-04-22 16:27 . 2008-04-22 17:16 <DIR> d-------- E:\Arquivos de programas\Symantec

2008-04-22 16:27 . 2008-04-22 16:28 123,952 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-04-22 16:27 . 2008-04-22 16:28 60,800 --a------ E:\WINDOWS\system32\S32EVNT1.DLL

2008-04-22 16:27 . 2008-04-22 16:28 10,563 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-04-22 16:27 . 2008-04-22 16:28 805 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-04-22 16:23 . 2008-04-22 17:17 <DIR> d-------- E:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-04-22 16:20 . 2008-05-11 21:52 1,024 --ah----- E:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG

2008-04-22 11:07 . 2008-04-25 09:53 3,760 --a------ E:\WINDOWS\svchost

2008-04-22 11:03 . 2008-05-11 21:59 <DIR> d-------- E:\Arquivos de programas\GbPluggin

2008-04-22 10:13 . 2008-04-22 10:13 <DIR> d-------- E:\Arquivos de programas\Alwil Software

2008-04-22 10:13 . 2003-03-18 17:20 1,060,864 --a------ E:\WINDOWS\system32\MFC71.dll

2008-04-21 11:37 . 2008-04-21 11:37 <DIR> d-------- E:\Arquivos de programas\Microsoft Synchronization Services

2008-04-21 11:37 . 2008-04-21 11:37 <DIR> d-------- E:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-04-21 11:35 . 2008-04-21 11:36 <DIR> d-------- E:\Arquivos de programas\Microsoft Visual Studio 9.0

2008-04-21 11:29 . 2008-04-21 11:29 <DIR> d-------- E:\Arquivos de programas\Microsoft SDKs

2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- E:\WINDOWS\system32\XPSViewer

2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- E:\Arquivos de programas\Reference Assemblies

2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- E:\Arquivos de programas\MSBuild

2008-04-21 11:28 . 2006-06-29 13:07 14,048 --------- E:\WINDOWS\system32\spmsg2.dll

2008-04-21 11:27 . 2008-04-21 11:27 <DIR> d-------- E:\Arquivos de programas\MSXML 6.0

2008-04-17 11:40 . 2004-08-03 23:08 31,616 --a------ E:\WINDOWS\system32\drivers\usbccgp.sys

2008-04-17 11:40 . 2004-08-03 23:08 31,616 --a--c--- E:\WINDOWS\system32\dllcache\usbccgp.sys

2008-04-16 21:42 . 2008-04-16 21:42 <DIR> d-------- E:\Documents and Settings\All Users\Dados de aplicativos\SiteAdvisor

2008-04-16 21:42 . 2008-04-16 21:42 <DIR> d-------- E:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-04-14 09:14 . 2008-04-14 09:14 <DIR> dr-h----- E:\$VAULT$.AVG

2008-04-13 19:54 . 2008-04-13 19:54 <DIR> d-------- E:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2008-04-12 08:13 . 2008-05-11 08:54 66,872 --a------ E:\WINDOWS\system32\PnkBstrA.exe

2008-04-12 08:12 . 2008-04-20 19:30 103,736 --a------ E:\WINDOWS\system32\PnkBstrB.exe

2008-04-12 08:12 . 2008-04-20 19:30 22,328 --a------ E:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-04-12 08:10 . 2008-04-23 13:18 <DIR> d-------- E:\WINDOWS\system32\LogFiles

2008-04-12 07:59 . 2007-03-12 16:42 3,495,784 --a------ E:\WINDOWS\system32\d3dx9_33.dll

2008-04-12 07:59 . 2007-03-12 16:42 1,123,696 --a------ E:\WINDOWS\system32\D3DCompiler_33.dll

2008-04-12 07:59 . 2007-03-15 16:57 443,752 --a------ E:\WINDOWS\system32\d3dx10_33.dll

2008-04-12 07:59 . 2007-06-20 20:46 266,088 --a------ E:\WINDOWS\system32\xactengine2_8.dll

2008-04-12 07:59 . 2007-04-04 18:55 261,480 --a------ E:\WINDOWS\system32\xactengine2_7.dll

2008-04-12 07:59 . 2007-01-24 15:27 255,848 --a------ E:\WINDOWS\system32\xactengine2_6.dll

2008-04-12 07:59 . 2007-06-20 20:45 18,280 --a------ E:\WINDOWS\system32\x3daudio1_2.dll

2008-04-12 07:59 . 2007-03-05 12:42 15,128 --a------ E:\WINDOWS\system32\x3daudio1_1.dll

2008-04-12 07:50 . 2008-01-07 14:29 366 --ah----- E:\WINDOWS\nod32fixtemdono.reg

2008-04-12 07:49 . 2008-04-12 07:49 <DIR> d-------- E:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-04-12 07:49 . 2008-04-12 07:49 <DIR> d-------- E:\Arquivos de programas\ESET

2008-04-12 07:45 . 2008-04-23 10:41 <DIR> d-------- E:\Documents and Settings\All Users\Dados de aplicativos\Avg7

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-11 17:13 --------- d-----w E:\Arquivos de programas\Steam

2008-05-11 14:50 --------- d-----w E:\Arquivos de programas\DreMule

2008-05-10 22:40 --------- d--h--w E:\Arquivos de programas\InstallShield Installation Information

2008-05-10 04:15 --------- d-----w E:\Arquivos de programas\ParallelGraphics

2008-04-21 14:37 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-04-12 11:11 --------- d-----w E:\Arquivos de programas\GameVicio

2008-04-12 10:59 --------- d-----w E:\Arquivos de programas\Electronic Arts

2008-04-10 22:57 --------- d-----w E:\Arquivos de programas\Programas RFB

2008-04-06 15:21 --------- d-----w E:\Arquivos de programas\Lavasoft

2008-04-06 12:43 --------- d-----w E:\Arquivos de programas\EA GAMES

2008-04-05 18:36 --------- d-----w E:\Arquivos de programas\Empire Interactive

2008-03-30 13:36 --------- d-----w E:\Arquivos de programas\Microsoft Silverlight

2008-03-23 20:33 --------- d-----w E:\Arquivos de programas\Valve

2008-03-23 11:55 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\Autodesk

2008-03-23 11:53 --------- d-----w E:\Arquivos de programas\Autodesk

2008-03-23 11:53 --------- d-----w E:\Arquivos de programas\Arquivos comuns\Autodesk Shared

2008-03-22 18:27 --------- d-----w E:\Arquivos de programas\glassfish-v2ur1

2008-03-21 07:34 --------- d-----w E:\Arquivos de programas\Blender Foundation

2008-03-15 11:49 --------- d-----w E:\Arquivos de programas\photo editor

2008-03-13 13:29 --------- d-----w E:\Arquivos de programas\Java

2008-03-12 15:42 --------- d-----w E:\Arquivos de programas\Google

2008-02-12 17:27 122,880 ----a-w E:\windows\DesinstRecnet.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-04-25_13.20.01,68 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-25 12:51:44 2,048 --s-a-w E:\windows\bootstat.dat

+ 2008-05-12 00:59:18 2,048 --s-a-w E:\windows\bootstat.dat

+ 2007-07-23 12:03:30 53,248 ----a-w E:\windows\system32\AgCPanelFrench.dll

+ 2007-07-23 12:03:30 53,248 ----a-w E:\windows\system32\AgCPanelGerman.dll

+ 2007-07-23 12:03:30 53,248 ----a-w E:\windows\system32\AgCPanelJapanese.dll

+ 2007-07-23 12:03:30 53,248 ----a-w E:\windows\system32\AgCPanelKorean.dll

+ 2007-07-23 12:03:30 53,248 ----a-w E:\windows\system32\AgCPanelPortugese.dll

+ 2007-07-23 12:03:30 53,248 ----a-w E:\windows\system32\AgCPanelSimplifiedChinese.dll

+ 2007-07-23 12:03:32 53,248 ----a-w E:\windows\system32\AgCPanelSpanish.dll

+ 2007-07-23 12:03:32 53,248 ----a-w E:\windows\system32\AgCPanelSwedish.dll

+ 2007-07-23 12:03:32 53,248 ----a-w E:\windows\system32\AgCPanelTraditionalChinese.dll

+ 2007-07-24 11:20:06 207,405 ----a-w E:\windows\system32\AGEIA\AG1011\app.bin

+ 2007-05-16 11:42:42 122,249 ----a-w E:\windows\system32\AGEIA\AG1011\diag.bin

+ 2007-07-25 11:30:38 214,141 ----a-w E:\windows\system32\AGEIA\AG1021\app.bin

+ 2007-10-25 11:29:50 114,505 ----a-w E:\windows\system32\AGEIA\AG1021\diag.bin

- 2007-04-10 16:01:04 236,928 -c----w E:\windows\system32\dllcache\WgaLogon.dll

+ 2007-04-10 17:01:04 236,928 -c----w E:\windows\system32\dllcache\WgaLogon.dll

- 2007-04-10 16:01:30 337,280 -c----w E:\windows\system32\dllcache\WgaTray.exe

+ 2007-04-10 17:01:30 337,280 -c----w E:\windows\system32\dllcache\WgaTray.exe

- 2007-07-30 21:19:46 203,096 -c--a-w E:\windows\system32\dllcache\wuweb.dll

+ 2007-07-30 22:19:46 203,096 -c--a-w E:\windows\system32\dllcache\wuweb.dll

+ 2007-09-13 10:43:00 120,320 -c--a-w E:\windows\system32\DRVSTORE\PhysX32_FFB51AAB1A2BF852A002A5B1138133BBA89337D4\physX32.sys

+ 2007-11-13 13:54:36 70,944 ----a-w E:\windows\system32\PhysXLoader.dll

- 2006-09-25 20:58:48 14,640 ------w E:\windows\system32\spmsg.dll

+ 2006-12-10 17:10:08 15,664 ------w E:\windows\system32\spmsg.dll

- 2007-04-10 16:01:04 236,928 ------w E:\windows\system32\WgaLogon.dll

+ 2007-04-10 17:01:04 236,928 ------w E:\windows\system32\WgaLogon.dll

- 2007-04-10 16:01:30 337,280 ------w E:\windows\system32\WgaTray.exe

+ 2007-04-10 17:01:30 337,280 ------w E:\windows\system32\WgaTray.exe

- 2007-07-30 21:19:46 203,096 ----a-w E:\windows\system32\wuweb.dll

+ 2007-07-30 22:19:46 203,096 ----a-w E:\windows\system32\wuweb.dll

+ 2008-05-12 00:59:22 16,384 ----atw E:\windows\Temp\Perflib_Perfdata_5d0.dat

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 "E:\Arquivos de programas\GbPluggin\gbiehdst.dll" SpecialFunction

 

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Image Transfer.lnk]

path=E:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Image Transfer.lnk

backup=E:\windows\pss\Image Transfer.lnkCommon Startup

 

[HKLM\~\startupfolder\E:^Documents and Settings^Sebastião^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=E:\Documents and Settings\Sebastião\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=E:\windows\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

-r------- 2007-02-06 09:08 1953792 E:\WINDOWS\system32\JMRaidSetup.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 E:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 07:43 69632 E:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-03-12 12:49 153136 E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 00:45 15360 E:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

-r------- 2006-10-30 09:44 36864 E:\WINDOWS\JM\JMInsIDE.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2007-02-07 15:21 54832 E:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-09 17:53 153136 E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2007-02-07 15:24 71216 E:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-04-12 06:33 16132608 E:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

--a------ 2006-11-10 11:35 90112 E:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 E:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

E:\Arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\Arquivos de programas\\Valve\\hl.exe"=

"E:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"E:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"E:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"E:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"E:\\Arquivos de programas\\DreMule\\emule.exe"=

"E:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"E:\\Arquivos de programas\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"E:\\Arquivos de programas\\Borland\\Delphi6\\Projects\\Project1.exe"=

"E:\\Arquivos de programas\\Sierra\\FEAR\\FEAR.exe"=

"E:\\Arquivos de programas\\Steam\\steamapps\\scorpiosjc\\team fortress 2\\hl2.exe"=

"E:\\Arquivos de programas\\Java\\jre1.6.0_05\\bin\\java.exe"=

"E:\\Arquivos de programas\\Java\\jdk1.5.0_14\\bin\\java.exe"=

"E:\\Arquivos de programas\\Java\\jdk1.5.0_14\\jre\\bin\\java.exe"=

"E:\\Arquivos de programas\\Autodesk\\3ds Max 9\\3dsmax.exe"=

"E:\\Arquivos de programas\\Autodesk\\Backburner\\monitor.exe"=

"E:\\Arquivos de programas\\Autodesk\\Backburner\\manager.exe"=

"E:\\Arquivos de programas\\Autodesk\\Backburner\\server.exe"=

"E:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"=

"E:\\Arquivos de programas\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=

 

R1 aswSP;avast! Self Protection;E:\windows\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};E:\Arquivos de programas\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]

R2 aswFsBlk;aswFsBlk;E:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

R2 InterBaseGuardian;InterBase Guardian;E:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe [2004-03-18 22:20]

R3 InterBaseServer;InterBase Server;E:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe [2004-03-18 22:20]

S3 gdrv;gdrv;E:\WINDOWS\gdrv.sys [2008-01-16 17:04]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAX5-90401C608512}]

c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-11 21:59:32

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\E:\Arquivos de programas\CyberLink\PowerDVD\000.fcl"

.

------------------------ Other Running Processes ------------------------

.

E:\WINDOWS\system32\ati2evxx.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

E:\WINDOWS\system32\ati2evxx.exe

E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

E:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

E:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-05-11 22:04:17 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-12 01:04:14

ComboFix2.txt 2008-04-25 16:20:30

 

Pre-Run: 145,768,660,992 bytes disponíveis

Post-Run: 145,968,746,496 bytes dispon¡veis

 

244 --- E O F --- 2008-04-27 13:48:42

[jgarcia 1]

Opa §¢ö®Þ¡ö,

 

Siga as instruções:

 

1. Reinicie a máquina em Modo Seguro.

 

2. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe

E:\Arquivos de programas\GbPluggin\gbplib.dll

E:\Arquivos de programas\GbPluggin\gbppdist.dll

E:\Arquivos de programas\GbPluggin\gbiehdst.dll

E:\WINDOWS\nod32fixtemdono.reg

E:\windows\bootstat.dat

Folder::

E:\WINDOWS\svchost

E:\Arquivos de programas\GbPluggin

c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000000

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAX5-90401C608512}]

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 3. Salve o arquivo como CFScript.txt;
   
  4. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  5. Ao término do processo a ferramenta irá gerar um log. Poste-o (E:\ComboFix.txt) em sua próxima resposta.
  

Abraços.

[scorpio 7]

Pronto!

ComboFix 08-05-11.1 - Sebastião 2008-05-12 22:53:09.3 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1759 [GMT -3:00]

Executando de: E:\Documents and Settings\Sebastião\Meus documentos\Lucas\ComboFix.exe

Command switches used :: E:\Documents and Settings\Sebastião\Meus documentos\Lucas\CFScript.txt

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe

E:\Arquivos de programas\GbPluggin\gbiehdst.dll

E:\Arquivos de programas\GbPluggin\gbplib.dll

E:\Arquivos de programas\GbPluggin\gbppdist.dll

E:\windows\bootstat.dat

E:\WINDOWS\nod32fixtemdono.reg

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

E:\Arquivos de programas\GbPluggin

E:\Arquivos de programas\GbPluggin\gbiehdst.dll

E:\Arquivos de programas\GbPluggin\gbiehdst.gmd

E:\Arquivos de programas\GbPluggin\gbiehdt.gpc

E:\Arquivos de programas\GbPluggin\gbplib.dll

E:\Arquivos de programas\GbPluggin\gbppdist.dll

E:\Arquivos de programas\GbPluggin\gbppsv.exe

E:\Arquivos de programas\GbPluggin\svchost

E:\windows\bootstat.dat

E:\WINDOWS\nod32fixtemdono.reg

E:\WINDOWS\svchost\

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))))

.

 

2008-05-11 22:04 . 2008-05-11 22:04 <DIR> d-------- E:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-05-11 22:04 . 2008-05-11 22:04 <DIR> d-------- E:\Documents and Settings\SebastiÒo

2008-05-11 22:04 . 2008-05-11 22:04 <DIR> d-------- E:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-05-11 22:04 . 2008-05-11 22:04 <DIR> d-------- E:\Documents and Settings\LocalService\Configuraþ§es locais

2008-05-11 20:41 . 2008-05-11 20:41 <DIR> d-------- E:\HiJackThis

2008-05-11 11:07 . 2008-05-11 11:08 <DIR> d-------- E:\Arquivos de programas\PSUML

2008-05-10 20:01 . 2008-05-10 20:01 <DIR> d-------- E:\WINDOWS\system32\AGEIA

2008-05-10 20:01 . 2006-09-28 16:05 2,414,360 --a------ E:\WINDOWS\system32\d3dx9_31.dll

2008-05-10 20:00 . 2008-05-10 20:00 <DIR> d-------- E:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-05-10 20:00 . 2008-05-10 20:01 <DIR> d-------- E:\Arquivos de programas\AGEIA Technologies

2008-05-10 19:41 . 2008-05-10 19:41 <DIR> d-------- E:\Arquivos de programas\THQ

2008-05-10 01:15 . 2008-05-10 01:15 <DIR> d-------- E:\Arquivos de programas\Arquivos comuns\ParallelGraphics

2008-05-10 01:15 . 1998-06-19 12:23 270,848 --a------ E:\WINDOWS\UNWISE32.EXE

2008-05-05 22:59 . 2008-05-05 23:04 <DIR> d-------- E:\Documents and Settings\Sebastião\Dados de aplicativos\DBDesigner4

2008-05-05 22:51 . 2008-05-05 22:51 <DIR> d-------- E:\Arquivos de programas\fabFORCE

2008-05-05 22:51 . 2008-05-05 22:51 <DIR> d-------- E:\Arquivos de programas\Arquivos comuns\fabFORCE

2008-04-27 12:09 . 2008-04-27 12:09 <DIR> d-------- E:\Arquivos de programas\AquaMark3

2008-04-27 12:09 . 1999-10-21 11:12 20,400 --a------ E:\WINDOWS\system32\drivers\entech.sys

2008-04-23 13:20 . 2008-04-23 13:20 <DIR> d-------- E:\Arquivos de programas\Windows Media Connect 2

2008-04-23 13:20 . 2004-08-04 00:45 221,184 --a------ E:\WINDOWS\system32\wmpns.dll

2008-04-23 13:18 . 2008-04-23 13:19 <DIR> d-------- E:\WINDOWS\system32\drivers\UMDF

2008-04-22 16:27 . 2008-04-22 17:15 <DIR> d-------- E:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-04-22 16:27 . 2008-04-22 17:16 <DIR> d-------- E:\Arquivos de programas\Symantec

2008-04-22 16:27 . 2008-04-22 16:28 123,952 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-04-22 16:27 . 2008-04-22 16:28 60,800 --a------ E:\WINDOWS\system32\S32EVNT1.DLL

2008-04-22 16:27 . 2008-04-22 16:28 10,563 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-04-22 16:27 . 2008-04-22 16:28 805 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-04-22 16:23 . 2008-04-22 17:17 <DIR> d-------- E:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-04-22 16:20 . 2008-05-11 21:52 1,024 --ah----- E:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG

2008-04-22 11:07 . 2008-04-25 09:53 3,760 --a------ E:\WINDOWS\svchost

2008-04-22 10:13 . 2008-04-22 10:13 <DIR> d-------- E:\Arquivos de programas\Alwil Software

2008-04-22 10:13 . 2003-03-18 17:20 1,060,864 --a------ E:\WINDOWS\system32\MFC71.dll

2008-04-21 11:37 . 2008-04-21 11:37 <DIR> d-------- E:\Arquivos de programas\Microsoft Synchronization Services

2008-04-21 11:37 . 2008-04-21 11:37 <DIR> d-------- E:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-04-21 11:35 . 2008-04-21 11:36 <DIR> d-------- E:\Arquivos de programas\Microsoft Visual Studio 9.0

2008-04-21 11:29 . 2008-04-21 11:29 <DIR> d-------- E:\Arquivos de programas\Microsoft SDKs

2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- E:\WINDOWS\system32\XPSViewer

2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- E:\Arquivos de programas\Reference Assemblies

2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- E:\Arquivos de programas\MSBuild

2008-04-21 11:28 . 2006-06-29 13:07 14,048 --------- E:\WINDOWS\system32\spmsg2.dll

2008-04-21 11:27 . 2008-04-21 11:27 <DIR> d-------- E:\Arquivos de programas\MSXML 6.0

2008-04-17 11:40 . 2004-08-03 23:08 31,616 --a------ E:\WINDOWS\system32\drivers\usbccgp.sys

2008-04-17 11:40 . 2004-08-03 23:08 31,616 --a--c--- E:\WINDOWS\system32\dllcache\usbccgp.sys

2008-04-16 21:42 . 2008-05-12 22:45 <DIR> d-------- E:\Documents and Settings\Sebastião\Dados de aplicativos\SiteAdvisor

2008-04-16 21:42 . 2008-04-16 21:42 <DIR> d-------- E:\Documents and Settings\All Users\Dados de aplicativos\SiteAdvisor

2008-04-16 21:42 . 2008-04-16 21:42 <DIR> d-------- E:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-04-14 09:14 . 2008-04-14 09:14 <DIR> dr-h----- E:\$VAULT$.AVG

2008-04-13 19:54 . 2008-04-23 08:00 <DIR> d-------- E:\Documents and Settings\Sebastião\Dados de aplicativos\AVG7

2008-04-13 19:54 . 2008-04-13 19:54 <DIR> d-------- E:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-12 12:08 --------- d-----w E:\Arquivos de programas\DreMule

2008-05-11 17:13 --------- d-----w E:\Arquivos de programas\Steam

2008-05-11 11:54 66,872 ----a-w E:\windows\system32\PnkBstrA.exe

2008-05-10 22:40 --------- d--h--w E:\Arquivos de programas\InstallShield Installation Information

2008-05-10 04:15 --------- d-----w E:\Arquivos de programas\ParallelGraphics

2008-04-23 13:41 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-04-21 14:37 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-04-20 22:30 22,328 ----a-w E:\windows\system32\drivers\PnkBstrK.sys

2008-04-20 22:30 103,736 ----a-w E:\windows\system32\PnkBstrB.exe

2008-04-19 15:10 --------- d-----w E:\Documents and Settings\Sebastião\Dados de aplicativos\Winamp

2008-04-12 13:20 --------- d-----w E:\Documents and Settings\Sebastião\Dados de aplicativos\Dev-Cpp

2008-04-12 11:11 --------- d-----w E:\Arquivos de programas\GameVicio

2008-04-12 10:59 --------- d-----w E:\Arquivos de programas\Electronic Arts

2008-04-12 10:49 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-04-12 10:49 --------- d-----w E:\Arquivos de programas\ESET

2008-04-10 22:57 --------- d-----w E:\Arquivos de programas\Programas RFB

2008-04-06 15:21 --------- d-----w E:\Documents and Settings\Sebastião\Dados de aplicativos\Lavasoft

2008-04-06 15:21 --------- d-----w E:\Arquivos de programas\Lavasoft

2008-04-06 12:43 --------- d-----w E:\Arquivos de programas\EA GAMES

2008-04-05 18:36 --------- d-----w E:\Arquivos de programas\Empire Interactive

2008-03-30 13:36 --------- d-----w E:\Arquivos de programas\Microsoft Silverlight

2008-03-23 20:33 --------- d-----w E:\Arquivos de programas\Valve

2008-03-23 11:55 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\Autodesk

2008-03-23 11:53 --------- d-----w E:\Arquivos de programas\Autodesk

2008-03-23 11:53 --------- d-----w E:\Arquivos de programas\Arquivos comuns\Autodesk Shared

2008-03-22 18:27 --------- d-----w E:\Arquivos de programas\glassfish-v2ur1

2008-03-21 07:34 --------- d-----w E:\Arquivos de programas\Blender Foundation

2008-03-20 08:09 1,845,376 ----a-w E:\windows\system32\win32k.sys

2008-03-17 14:03 --------- d-----w E:\Documents and Settings\Sebastião\Dados de aplicativos\Alien Skin

2008-03-15 11:49 --------- d-----w E:\Arquivos de programas\photo editor

2008-03-13 13:29 --------- d-----w E:\Arquivos de programas\Java

2008-02-26 03:12 372,736 ----a-w E:\windows\system32\ATIDEMGX.dll

2008-02-26 03:10 307,200 ----a-w E:\windows\system32\atiiiexx.dll

2008-02-26 03:10 299,520 ----a-w E:\windows\system32\ati2dvag.dll

2008-02-26 03:02 172,032 ----a-w E:\windows\system32\atipdlxx.dll

2008-02-26 03:02 126,976 ----a-w E:\windows\system32\Oemdspif.dll

2008-02-26 03:01 43,520 ----a-w E:\windows\system32\ati2edxx.dll

2008-02-26 03:01 26,112 ----a-w E:\windows\system32\Ati2mdxx.exe

2008-02-26 03:01 126,976 ----a-w E:\windows\system32\ati2evxx.dll

2008-02-26 03:00 520,192 ----a-w E:\windows\system32\ati2evxx.exe

2008-02-26 02:59 9,797,632 ----a-w E:\windows\system32\atioglx2.dll

2008-02-26 02:58 53,248 ----a-w E:\windows\system32\ATIDDC.DLL

2008-02-26 02:49 3,176,480 ----a-w E:\windows\system32\ati3duag.dll

2008-02-26 02:41 1,755,264 ----a-w E:\windows\system32\ativvaxx.dll

2008-02-26 02:29 46,080 ----a-w E:\windows\system32\amdpcom32.dll

2008-02-26 02:25 393,216 ----a-w E:\windows\system32\atikvmag.dll

2008-02-26 02:23 17,408 ----a-w E:\windows\system32\atitvo32.dll

2008-02-26 02:19 167,936 ----a-w E:\windows\system32\atiok3x2.dll

2008-02-26 02:16 520,192 ----a-w E:\windows\system32\ati2cqag.dll

2008-02-26 00:05 593,920 ------w E:\windows\system32\ati2sgag.exe

2008-02-20 06:51 282,624 ----a-w E:\windows\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w E:\windows\system32\dnsrslvr.dll

2008-02-16 09:03 661,504 ----a-w E:\windows\system32\wininet.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Image Transfer.lnk]

path=E:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Image Transfer.lnk

backup=E:\windows\pss\Image Transfer.lnkCommon Startup

 

[HKLM\~\startupfolder\E:^Documents and Settings^Sebastião^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=E:\Documents and Settings\Sebastião\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=E:\windows\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

-r------- 2007-02-06 09:08 1953792 E:\WINDOWS\system32\JMRaidSetup.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 E:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 07:43 69632 E:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-03-12 12:49 153136 E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 00:45 15360 E:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

-r------- 2006-10-30 09:44 36864 E:\WINDOWS\JM\JMInsIDE.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2007-02-07 15:21 54832 E:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-09 17:53 153136 E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2007-02-07 15:24 71216 E:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-04-12 06:33 16132608 E:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

--a------ 2006-11-10 11:35 90112 E:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 E:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

E:\Arquivos de programas\Winamp\winampa.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\Arquivos de programas\\Valve\\hl.exe"=

"E:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"E:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"E:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"E:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"E:\\Arquivos de programas\\DreMule\\emule.exe"=

"E:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"E:\\Arquivos de programas\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"E:\\Arquivos de programas\\Borland\\Delphi6\\Projects\\Project1.exe"=

"E:\\Arquivos de programas\\Sierra\\FEAR\\FEAR.exe"=

"E:\\Arquivos de programas\\Steam\\steamapps\\scorpiosjc\\team fortress 2\\hl2.exe"=

"E:\\Arquivos de programas\\Java\\jre1.6.0_05\\bin\\java.exe"=

"E:\\Arquivos de programas\\Java\\jdk1.5.0_14\\bin\\java.exe"=

"E:\\Arquivos de programas\\Java\\jdk1.5.0_14\\jre\\bin\\java.exe"=

"E:\\Arquivos de programas\\Autodesk\\3ds Max 9\\3dsmax.exe"=

"E:\\Arquivos de programas\\Autodesk\\Backburner\\monitor.exe"=

"E:\\Arquivos de programas\\Autodesk\\Backburner\\manager.exe"=

"E:\\Arquivos de programas\\Autodesk\\Backburner\\server.exe"=

"E:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"=

"E:\\Arquivos de programas\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=

 

S1 aswSP;avast! Self Protection;E:\windows\system32\drivers\aswSP.sys [2008-03-29 15:31]

S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};E:\Arquivos de programas\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]

S2 aswFsBlk;aswFsBlk;E:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

S2 InterBaseGuardian;InterBase Guardian;E:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe [2004-03-18 22:20]

S3 gdrv;gdrv;E:\WINDOWS\gdrv.sys [2008-01-16 17:04]

S3 InterBaseServer;InterBase Server;E:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe [2004-03-18 22:20]

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-12 22:56:04

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\E:\Arquivos de programas\CyberLink\PowerDVD\000.fcl"

.

Tempo para conclusão: 2008-05-12 22:59:12

ComboFix-quarantined-files.txt 2008-05-13 01:59:10

ComboFix2.txt 2008-05-12 01:04:17

ComboFix3.txt 2008-04-25 16:20:30

 

Pre-Run: 146,414,968,832 bytes disponíveis

Post-Run: 146,417,336,320 bytes disponíveis

 

223 --- E O F --- 2008-04-27 13:48:42

[jgarcia 1]

Opa scorpio,

 

Reinicie em Modo Seguro.

 

Localize e delete:

E:\WINDOWS\svchost <- a pasta

 

Reinicie em Modo Normal.

 

Retorne com um novo log do ComboFix.

 

Abraços.

[scorpio 7]

não achei essa pasta não

mas ta aqui o outro log

ComboFix 08-05-11.1 - Sebastião 2008-05-15 22:59:47.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1628 [GMT -3:00]

Executando de: E:\Documents and Settings\Sebastião\Meus documentos\Lucas\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

E:\windows\system32\ativva5x.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))

.

 

2008-05-15 22:40 . 2008-05-15 22:40 <DIR> d-------- E:\Documents and Settings\Administrador

2008-05-11 22:04 . 2008-05-11 22:04 <DIR> d-------- E:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-05-11 22:04 . 2008-05-11 22:04 <DIR> d-------- E:\Documents and Settings\SebastiÒo

2008-05-11 22:04 . 2008-05-11 22:04 <DIR> d-------- E:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-05-11 22:04 . 2008-05-11 22:04 <DIR> d-------- E:\Documents and Settings\LocalService\Configuraþ§es locais

2008-05-11 20:41 . 2008-05-11 20:41 <DIR> d-------- E:\HiJackThis

2008-05-11 11:07 . 2008-05-11 11:08 <DIR> d-------- E:\Arquivos de programas\PSUML

2008-05-10 20:01 . 2008-05-10 20:01 <DIR> d-------- E:\WINDOWS\system32\AGEIA

2008-05-10 20:01 . 2006-09-28 16:05 2,414,360 --a------ E:\WINDOWS\system32\d3dx9_31.dll

2008-05-10 20:00 . 2008-05-10 20:00 <DIR> d-------- E:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-05-10 20:00 . 2008-05-10 20:01 <DIR> d-------- E:\Arquivos de programas\AGEIA Technologies

2008-05-10 19:41 . 2008-05-10 19:41 <DIR> d-------- E:\Arquivos de programas\THQ

2008-05-10 01:15 . 2008-05-10 01:15 <DIR> d-------- E:\Arquivos de programas\Arquivos comuns\ParallelGraphics

2008-05-10 01:15 . 1998-06-19 12:23 270,848 --a------ E:\WINDOWS\UNWISE32.EXE

2008-05-05 22:59 . 2008-05-05 23:04 <DIR> d-------- E:\Documents and Settings\Sebastião\Dados de aplicativos\DBDesigner4

2008-05-05 22:51 . 2008-05-05 22:51 <DIR> d-------- E:\Arquivos de programas\fabFORCE

2008-05-05 22:51 . 2008-05-05 22:51 <DIR> d-------- E:\Arquivos de programas\Arquivos comuns\fabFORCE

2008-04-27 12:09 . 2008-04-27 12:09 <DIR> d-------- E:\Arquivos de programas\AquaMark3

2008-04-27 12:09 . 1999-10-21 11:12 20,400 --a------ E:\WINDOWS\system32\drivers\entech.sys

2008-04-23 13:20 . 2008-04-23 13:20 <DIR> d-------- E:\Arquivos de programas\Windows Media Connect 2

2008-04-23 13:20 . 2004-08-04 00:45 221,184 --a------ E:\WINDOWS\system32\wmpns.dll

2008-04-23 13:18 . 2008-04-23 13:19 <DIR> d-------- E:\WINDOWS\system32\drivers\UMDF

2008-04-22 16:27 . 2008-04-22 17:15 <DIR> d-------- E:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-04-22 16:27 . 2008-04-22 17:16 <DIR> d-------- E:\Arquivos de programas\Symantec

2008-04-22 16:27 . 2008-04-22 16:28 123,952 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-04-22 16:27 . 2008-04-22 16:28 60,800 --a------ E:\WINDOWS\system32\S32EVNT1.DLL

2008-04-22 16:27 . 2008-04-22 16:28 10,563 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-04-22 16:27 . 2008-04-22 16:28 805 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-04-22 16:23 . 2008-04-22 17:17 <DIR> d-------- E:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-04-22 16:20 . 2008-05-11 21:52 1,024 --ah----- E:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG

2008-04-22 11:07 . 2008-04-25 09:53 3,760 --a------ E:\WINDOWS\svchost

2008-04-22 10:13 . 2008-04-22 10:13 <DIR> d-------- E:\Arquivos de programas\Alwil Software

2008-04-22 10:13 . 2003-03-18 17:20 1,060,864 --a------ E:\WINDOWS\system32\MFC71.dll

2008-04-21 11:37 . 2008-04-21 11:37 <DIR> d-------- E:\Arquivos de programas\Microsoft Synchronization Services

2008-04-21 11:37 . 2008-04-21 11:37 <DIR> d-------- E:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-04-21 11:35 . 2008-04-21 11:36 <DIR> d-------- E:\Arquivos de programas\Microsoft Visual Studio 9.0

2008-04-21 11:29 . 2008-04-21 11:29 <DIR> d-------- E:\Arquivos de programas\Microsoft SDKs

2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- E:\WINDOWS\system32\XPSViewer

2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- E:\Arquivos de programas\Reference Assemblies

2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- E:\Arquivos de programas\MSBuild

2008-04-21 11:28 . 2006-06-29 13:07 14,048 --------- E:\WINDOWS\system32\spmsg2.dll

2008-04-21 11:27 . 2008-04-21 11:27 <DIR> d-------- E:\Arquivos de programas\MSXML 6.0

2008-04-17 11:40 . 2004-08-03 23:08 31,616 --a------ E:\WINDOWS\system32\drivers\usbccgp.sys

2008-04-17 11:40 . 2004-08-03 23:08 31,616 --a--c--- E:\WINDOWS\system32\dllcache\usbccgp.sys

2008-04-16 21:42 . 2008-05-15 22:56 <DIR> d-------- E:\Documents and Settings\Sebastião\Dados de aplicativos\SiteAdvisor

2008-04-16 21:42 . 2008-04-16 21:42 <DIR> d-------- E:\Documents and Settings\All Users\Dados de aplicativos\SiteAdvisor

2008-04-16 21:42 . 2008-04-16 21:42 <DIR> d-------- E:\Documents and Settings\All Users\Dados de aplicativos\McAfee

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-15 17:04 --------- d-----w E:\Arquivos de programas\DreMule

2008-05-11 17:13 --------- d-----w E:\Arquivos de programas\Steam

2008-05-11 11:54 66,872 ----a-w E:\windows\system32\PnkBstrA.exe

2008-05-10 22:40 --------- d--h--w E:\Arquivos de programas\InstallShield Installation Information

2008-05-10 04:15 --------- d-----w E:\Arquivos de programas\ParallelGraphics

2008-04-23 13:41 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-04-23 11:00 --------- d-----w E:\Documents and Settings\Sebastião\Dados de aplicativos\AVG7

2008-04-21 14:37 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-04-20 22:30 22,328 ----a-w E:\windows\system32\drivers\PnkBstrK.sys

2008-04-20 22:30 103,736 ----a-w E:\windows\system32\PnkBstrB.exe

2008-04-19 15:10 --------- d-----w E:\Documents and Settings\Sebastião\Dados de aplicativos\Winamp

2008-04-13 22:54 --------- d-----w E:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2008-04-12 13:20 --------- d-----w E:\Documents and Settings\Sebastião\Dados de aplicativos\Dev-Cpp

2008-04-12 11:11 --------- d-----w E:\Arquivos de programas\GameVicio

2008-04-12 10:59 --------- d-----w E:\Arquivos de programas\Electronic Arts

2008-04-12 10:49 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-04-12 10:49 --------- d-----w E:\Arquivos de programas\ESET

2008-04-10 22:57 --------- d-----w E:\Arquivos de programas\Programas RFB

2008-04-06 15:21 --------- d-----w E:\Documents and Settings\Sebastião\Dados de aplicativos\Lavasoft

2008-04-06 15:21 --------- d-----w E:\Arquivos de programas\Lavasoft

2008-04-06 12:43 --------- d-----w E:\Arquivos de programas\EA GAMES

2008-04-05 18:36 --------- d-----w E:\Arquivos de programas\Empire Interactive

2008-03-30 13:36 --------- d-----w E:\Arquivos de programas\Microsoft Silverlight

2008-03-25 04:49 621,344 ----a-w E:\windows\system32\mswstr10.dll

2008-03-25 04:49 183,072 ----a-w E:\windows\system32\msjint40.dll

2008-03-23 20:33 --------- d-----w E:\Arquivos de programas\Valve

2008-03-23 11:55 --------- d-----w E:\Documents and Settings\All Users\Dados de aplicativos\Autodesk

2008-03-23 11:53 --------- d-----w E:\Arquivos de programas\Autodesk

2008-03-23 11:53 --------- d-----w E:\Arquivos de programas\Arquivos comuns\Autodesk Shared

2008-03-22 18:27 --------- d-----w E:\Arquivos de programas\glassfish-v2ur1

2008-03-21 07:34 --------- d-----w E:\Arquivos de programas\Blender Foundation

2008-03-20 08:09 1,845,376 ----a-w E:\windows\system32\win32k.sys

2008-03-17 14:03 --------- d-----w E:\Documents and Settings\Sebastião\Dados de aplicativos\Alien Skin

2008-02-26 03:12 372,736 ----a-w E:\windows\system32\ATIDEMGX.dll

2008-02-26 03:10 307,200 ----a-w E:\windows\system32\atiiiexx.dll

2008-02-26 03:10 299,520 ----a-w E:\windows\system32\ati2dvag.dll

2008-02-26 03:02 172,032 ----a-w E:\windows\system32\atipdlxx.dll

2008-02-26 03:02 126,976 ----a-w E:\windows\system32\Oemdspif.dll

2008-02-26 03:01 43,520 ----a-w E:\windows\system32\ati2edxx.dll

2008-02-26 03:01 26,112 ----a-w E:\windows\system32\Ati2mdxx.exe

2008-02-26 03:01 126,976 ----a-w E:\windows\system32\ati2evxx.dll

2008-02-26 03:00 520,192 ----a-w E:\windows\system32\ati2evxx.exe

2008-02-26 02:59 9,797,632 ----a-w E:\windows\system32\atioglx2.dll

2008-02-26 02:58 53,248 ----a-w E:\windows\system32\ATIDDC.DLL

2008-02-26 02:49 3,176,480 ----a-w E:\windows\system32\ati3duag.dll

2008-02-26 02:41 1,755,264 ----a-w E:\windows\system32\ativvaxx.dll

2008-02-26 02:29 46,080 ----a-w E:\windows\system32\amdpcom32.dll

2008-02-26 02:25 393,216 ----a-w E:\windows\system32\atikvmag.dll

2008-02-26 02:23 17,408 ----a-w E:\windows\system32\atitvo32.dll

2008-02-26 02:19 167,936 ----a-w E:\windows\system32\atiok3x2.dll

2008-02-26 02:16 520,192 ----a-w E:\windows\system32\ati2cqag.dll

2008-02-26 00:05 593,920 ------w E:\windows\system32\ati2sgag.exe

2008-02-20 06:51 282,624 ----a-w E:\windows\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w E:\windows\system32\dnsrslvr.dll

2008-02-16 09:03 661,504 ----a-w E:\windows\system32\wininet.dll

.

 

((((((((((((((((((((((((((((( snapshot_2008-05-11_22.04.08.79 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-10 19:57:59 593,920 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-05-14 01:16:13 593,920 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-04-10 19:57:59 12,288 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-05-14 01:16:13 12,288 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-04-10 19:57:59 86,016 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-05-14 01:16:13 86,016 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2008-04-10 19:57:59 135,168 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-05-14 01:16:13 135,168 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-04-10 19:57:59 11,264 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-05-14 01:16:13 11,264 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-04-10 19:58:00 27,136 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-05-14 01:16:13 27,136 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-04-10 19:58:00 4,096 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-05-14 01:16:13 4,096 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-04-10 19:58:00 794,624 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-05-14 01:16:13 794,624 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-04-10 19:57:59 249,856 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-05-14 01:16:13 249,856 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-04-10 19:57:59 61,440 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-05-14 01:16:13 61,440 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-04-10 19:58:00 23,040 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-05-14 01:16:13 23,040 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-04-10 19:57:59 286,720 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-05-14 01:16:13 286,720 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-04-10 19:57:59 409,600 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-05-14 01:16:13 409,600 ----a-r E:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2004-08-04 03:45:22 561,179 -c--a-w E:\windows\system32\dllcache\dao360.dll

+ 2008-03-25 04:50:25 554,008 -c--a-w E:\windows\system32\dllcache\dao360.dll

- 2004-08-04 03:45:24 512,029 -c--a-w E:\windows\system32\dllcache\msexch40.dll

+ 2008-03-25 04:50:28 518,944 -c--a-w E:\windows\system32\dllcache\msexch40.dll

- 2004-08-04 03:45:24 319,517 -c--a-w E:\windows\system32\dllcache\msexcl40.dll

+ 2008-03-25 04:50:30 326,432 -c--a-w E:\windows\system32\dllcache\msexcl40.dll

- 2004-08-04 03:45:26 1,507,356 -c--a-w E:\windows\system32\dllcache\msjet40.dll

+ 2008-03-25 04:50:34 1,516,568 -c--a-w E:\windows\system32\dllcache\msjet40.dll

- 2004-07-17 14:34:48 358,976 -c--a-w E:\windows\system32\dllcache\msjetol1.dll

+ 2008-03-25 04:50:40 355,112 -c--a-w E:\windows\system32\dllcache\msjetol1.dll

- 2004-08-04 03:45:26 176,159 -c--a-w E:\windows\system32\dllcache\msjint40.dll

+ 2008-03-25 04:49:45 183,072 -c--a-w E:\windows\system32\dllcache\msjint40.dll

- 2004-08-04 03:45:26 53,279 -c--a-w E:\windows\system32\dllcache\msjter40.dll

+ 2008-03-25 04:50:42 60,192 -c--a-w E:\windows\system32\dllcache\msjter40.dll

- 2004-08-04 03:45:26 241,693 -c--a-w E:\windows\system32\dllcache\msjtes40.dll

+ 2008-03-25 04:50:42 248,608 -c--a-w E:\windows\system32\dllcache\msjtes40.dll

- 2004-08-04 03:45:26 213,023 -c--a-w E:\windows\system32\dllcache\msltus40.dll

+ 2008-03-25 04:50:44 219,936 -c--a-w E:\windows\system32\dllcache\msltus40.dll

- 2004-08-04 03:45:26 348,189 -c--a-w E:\windows\system32\dllcache\mspbde40.dll

+ 2008-03-25 04:50:45 355,104 -c--a-w E:\windows\system32\dllcache\mspbde40.dll

- 2004-08-04 03:45:26 421,919 -c--a-w E:\windows\system32\dllcache\msrd2x40.dll

+ 2008-03-25 04:50:47 432,928 -c--a-w E:\windows\system32\dllcache\msrd2x40.dll

- 2004-08-04 03:45:26 315,423 -c--a-w E:\windows\system32\dllcache\msrd3x40.dll

+ 2008-03-25 04:50:49 322,336 -c--a-w E:\windows\system32\dllcache\msrd3x40.dll

- 2004-08-04 03:45:26 552,989 -c--a-w E:\windows\system32\dllcache\msrepl40.dll

+ 2008-03-25 04:50:52 559,904 -c--a-w E:\windows\system32\dllcache\msrepl40.dll

- 2004-08-04 03:45:26 258,077 -c--a-w E:\windows\system32\dllcache\mstext40.dll

+ 2008-03-25 04:50:55 264,992 -c--a-w E:\windows\system32\dllcache\mstext40.dll

- 2004-08-04 03:45:26 831,519 -c--a-w E:\windows\system32\dllcache\mswdat10.dll

+ 2008-03-25 04:50:57 838,432 -c--a-w E:\windows\system32\dllcache\mswdat10.dll

- 2004-08-04 03:45:26 614,429 -c--a-w E:\windows\system32\dllcache\mswstr10.dll

+ 2008-03-25 04:49:46 621,344 -c--a-w E:\windows\system32\dllcache\mswstr10.dll

- 2004-08-04 03:45:26 348,189 -c--a-w E:\windows\system32\dllcache\msxbde40.dll

+ 2008-03-25 04:50:58 355,104 -c--a-w E:\windows\system32\dllcache\msxbde40.dll

- 2004-08-04 03:45:24 512,029 ----a-w E:\windows\system32\msexch40.dll

+ 2008-03-25 04:50:28 518,944 ----a-w E:\windows\system32\msexch40.dll

- 2004-08-04 03:45:24 319,517 ----a-w E:\windows\system32\msexcl40.dll

+ 2008-03-25 04:50:30 326,432 ----a-w E:\windows\system32\msexcl40.dll

- 2004-08-04 03:45:26 1,507,356 ----a-w E:\windows\system32\msjet40.dll

+ 2008-03-25 04:50:34 1,516,568 ----a-w E:\windows\system32\msjet40.dll

- 2004-07-17 14:34:48 358,976 ----a-w E:\windows\system32\msjetoledb40.dll

+ 2008-03-25 04:50:40 355,112 ----a-w E:\windows\system32\msjetoledb40.dll

- 2004-08-04 03:45:26 53,279 ----a-w E:\windows\system32\msjter40.dll

+ 2008-03-25 04:50:42 60,192 ----a-w E:\windows\system32\msjter40.dll

- 2004-08-04 03:45:26 241,693 ----a-w E:\windows\system32\msjtes40.dll

+ 2008-03-25 04:50:42 248,608 ----a-w E:\windows\system32\msjtes40.dll

- 2004-08-04 03:45:26 213,023 ----a-w E:\windows\system32\msltus40.dll

+ 2008-03-25 04:50:44 219,936 ----a-w E:\windows\system32\msltus40.dll

- 2004-08-04 03:45:26 348,189 ----a-w E:\windows\system32\mspbde40.dll

+ 2008-03-25 04:50:45 355,104 ----a-w E:\windows\system32\mspbde40.dll

- 2004-08-04 03:45:26 421,919 ----a-w E:\windows\system32\msrd2x40.dll

+ 2008-03-25 04:50:47 432,928 ----a-w E:\windows\system32\msrd2x40.dll

- 2004-08-04 03:45:26 315,423 ----a-w E:\windows\system32\msrd3x40.dll

+ 2008-03-25 04:50:49 322,336 ----a-w E:\windows\system32\msrd3x40.dll

- 2004-08-04 03:45:26 552,989 ----a-w E:\windows\system32\msrepl40.dll

+ 2008-03-25 04:50:52 559,904 ----a-w E:\windows\system32\msrepl40.dll

- 2004-08-04 03:45:26 258,077 ----a-w E:\windows\system32\mstext40.dll

+ 2008-03-25 04:50:55 264,992 ----a-w E:\windows\system32\mstext40.dll

- 2004-08-04 03:45:26 831,519 ----a-w E:\windows\system32\mswdat10.dll

+ 2008-03-25 04:50:57 838,432 ----a-w E:\windows\system32\mswdat10.dll

- 2004-08-04 03:45:26 348,189 ----a-w E:\windows\system32\msxbde40.dll

+ 2008-03-25 04:50:58 355,104 ----a-w E:\windows\system32\msxbde40.dll

+ 2008-05-16 01:46:40 16,384 ----atw E:\windows\TEMP\Perflib_Perfdata_5cc.dat

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Image Transfer.lnk]

path=E:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Image Transfer.lnk

backup=E:\windows\pss\Image Transfer.lnkCommon Startup

 

[HKLM\~\startupfolder\E:^Documents and Settings^Sebastião^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=E:\Documents and Settings\Sebastião\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=E:\windows\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

-r------- 2007-02-06 09:08 1953792 E:\WINDOWS\system32\JMRaidSetup.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 E:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 07:43 69632 E:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-03-12 12:49 153136 E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 00:45 15360 E:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

-r------- 2006-10-30 09:44 36864 E:\WINDOWS\JM\JMInsIDE.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2007-02-07 15:21 54832 E:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-09 17:53 153136 E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2007-02-07 15:24 71216 E:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-04-12 06:33 16132608 E:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

--a------ 2006-11-10 11:35 90112 E:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 E:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

E:\Arquivos de programas\Winamp\winampa.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\Arquivos de programas\\Valve\\hl.exe"=

"E:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"E:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"E:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"E:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"E:\\Arquivos de programas\\DreMule\\emule.exe"=

"E:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"E:\\Arquivos de programas\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"E:\\Arquivos de programas\\Borland\\Delphi6\\Projects\\Project1.exe"=

"E:\\Arquivos de programas\\Sierra\\FEAR\\FEAR.exe"=

"E:\\Arquivos de programas\\Steam\\steamapps\\scorpiosjc\\team fortress 2\\hl2.exe"=

"E:\\Arquivos de programas\\Java\\jre1.6.0_05\\bin\\java.exe"=

"E:\\Arquivos de programas\\Java\\jdk1.5.0_14\\bin\\java.exe"=

"E:\\Arquivos de programas\\Java\\jdk1.5.0_14\\jre\\bin\\java.exe"=

"E:\\Arquivos de programas\\Autodesk\\3ds Max 9\\3dsmax.exe"=

"E:\\Arquivos de programas\\Autodesk\\Backburner\\monitor.exe"=

"E:\\Arquivos de programas\\Autodesk\\Backburner\\manager.exe"=

"E:\\Arquivos de programas\\Autodesk\\Backburner\\server.exe"=

"E:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"=

"E:\\Arquivos de programas\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=

 

R1 aswSP;avast! Self Protection;E:\windows\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};E:\Arquivos de programas\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]

R2 aswFsBlk;aswFsBlk;E:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

R2 InterBaseGuardian;InterBase Guardian;E:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe [2004-03-18 22:20]

R3 InterBaseServer;InterBase Server;E:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe [2004-03-18 22:20]

S3 gdrv;gdrv;E:\WINDOWS\gdrv.sys [2008-01-16 17:04]

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-15 23:02:34

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\E:\Arquivos de programas\CyberLink\PowerDVD\000.fcl"

.

Tempo para conclusão: 2008-05-15 23:05:36

ComboFix-quarantined-files.txt 2008-05-16 02:05:34

ComboFix2.txt 2008-05-13 01:59:13

ComboFix3.txt 2008-05-12 01:04:17

ComboFix4.txt 2008-04-25 16:20:30

 

Pre-Run: 146,112,471,040 bytes disponíveis

Post-Run: 146,165,170,176 bytes disponíveis

 

299 --- E O F --- 2008-05-14 01:16:15

 

Flw

[]'s

[jgarcia 1]

Opa scorpio,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em E:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no E.

 

Abraços.

[scorpio 7]

acho que fiz caca....

executei o bankerfix 2x.... =/

na 1x deu que os arquivos infectados foram removidos.. na segunda falou q num tinha nada

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 18/5/2008 - 20:25

-------------------------------------------------------

Lista de Definição: 2008-05-10-1

=======================================================

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

 

 

hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 20:28:35, on 18/5/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

 

Running processes:

E:\windows\System32\smss.exe

E:\windows\system32\winlogon.exe

E:\windows\system32\services.exe

E:\windows\system32\lsass.exe

E:\windows\system32\Ati2evxx.exe

E:\windows\system32\svchost.exe

E:\windows\System32\svchost.exe

E:\windows\system32\Ati2evxx.exe

E:\windows\system32\spoolsv.exe

E:\windows\Explorer.EXE

E:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

E:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

E:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

E:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

E:\ARQUIV~1\AVG\AVG8\avgrsx.exe

E:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

E:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

E:\Arquivos de programas\Steam\Steam.exe

E:\Arquivos de programas\DreMule\emule.exe

E:\Arquivos de programas\Winamp\winamp.exe

E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

E:\Arquivos de programas\Mozilla Firefox\firefox.exe

E:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AVG8_TRAY] E:\ARQUIV~1\AVG\AVG8\avgtray.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210450202296

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - E:\windows\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - E:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\windows\system32\Ati2evxx.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - E:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - E:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

[jgarcia 1]

Opa scorpio,

 

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão ;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

[scorpio 7]

Demorei um pouco né? rsrs

 

Olha... falou que tinha um virus desinfectavel Bck/VB.XB

 

 

ta ai o log

 

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-05-31 08:08:51

PROTECTIONS: 1

MALWARE: 40

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

AVG Anti-Virus Free 8.0 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@casalemedia[2].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.casalemedia.com/]

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.doubleclick.net/]

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.atdmt.com/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@atdmt[2].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@tradedoubler[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@fastclick[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@fastclick[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.fastclick.net/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.tribalfusion.com/]

00149116 Cookie/Ccbill TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@ccbill[1].txt

00159564 Cookie/WUpd TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.revenue.net/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@com[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.com.com/]

00167647 Cookie/Yadro TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@yadro[1].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@yadro[2].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.yadro.ru/]

00167704 Cookie/Xiti TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@xiti[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.xiti.com/]

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@azjmp[1].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@azjmp[2].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@toplist[1].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@toplist[1].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.toplist.cz/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@statcounter[1].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@statcounter[1].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.statcounter.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@ad.yieldmanager[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@ad.yieldmanager[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@apmebf[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.apmebf.com/]

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@apmebf[1].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@burstnet[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@bs.serving-sys[1].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[www.burstbeacon.com/]

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@www.burstbeacon[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@adtech[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@server.iad.liveperson[2].txt

00168116 Cookie/Comclick TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@fl01.ct2.comclick[1].txt

00168116 Cookie/Comclick TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[fl01.ct2.comclick.com/]

00168116 Cookie/Comclick TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[fl01.ct2.comclick.com/]

00168116 Cookie/Comclick TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[fl01.ct2.comclick.com/]

00168116 Cookie/Comclick TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@fl01.ct2.comclick[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@advertising[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@advertising[1].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[statse.webtrendslive.com/]

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@statse.webtrendslive[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@ads.pointroll[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@ads.pointroll[1].txt

00170553 Cookie/Com.com TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@ig.com[2].txt

00170553 Cookie/Com.com TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@ig.com[1].txt

00170553 Cookie/Com.com TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.ig.com.br/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@overture[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@overture[1].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@terra.com[1].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.terra.com.br/]

00170557 Cookie/Com.com TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@terra.com[1].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@uol.com[2].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.uol.com.br/]

00170559 Cookie/Com.com TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@uol.com[2].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.uol.com.br/]

00172221 Cookie/Zedo TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@zedo[2].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[.adultfriendfinder.com/]

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Dados de aplicativos\Mozilla\Firefox\Profiles\wmyb7nk3.default\cookies.txt[searchportal.information.com/]

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@searchportal.information[2].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@did-it[1].txt

00209833 Cookie/Com.com TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@acesso.uol.com[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No E:\Documents and Settings\Sebastião\Cookies\sebastião@atwola[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No E:\Jailton\salvar_Documents and Settings\Jailton\Cookies\jailton@atwola[1].txt

01176994 Bck/VB.XB Virus/Trojan No 0 No No E:\System Volume Information\_restore{2323ADA7-BAE5-4D9E-88C7-610956C8F2C5}\RP158\A0055618.exe[327882R2FWJFW\NirCmdC.cfexe]

01176994 Bck/VB.XB Virus/Trojan No 0 No No E:\Documents and Settings\Sebastião\Meus documentos\Lucas\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]

01185375 Application/Psexec.A HackTools No 0 Yes No E:\System Volume Information\_restore{2323ADA7-BAE5-4D9E-88C7-610956C8F2C5}\RP164\A0064299.EXE

02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No E:\System Volume Information\_restore{2323ADA7-BAE5-4D9E-88C7-610956C8F2C5}\RP164\A0064284.sys

02940786 Trj/Downloader.MDW Virus/Trojan No 1 Yes No E:\QooBox\Quarantine\E\Arquivos de programas\GbPluggin\gbiehdst.dll.vir

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location (]

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description (]

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

[jgarcia 1]

Opa §¢ö®Þ¡ö,

 

Desculpe a demora, pois o tempo não tem sido meu aliado ultimamente.

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

E:\System Volume Information\_restore{2323ADA7-BAE5-4D9E-88C7-610956C8F2C5}\RP158\A0055618.exe

E:\System Volume Information\_restore{2323ADA7-BAE5-4D9E-88C7-610956C8F2C5}\RP164\A0064299.EXE

E:\System Volume Information\_restore{2323ADA7-BAE5-4D9E-88C7-610956C8F2C5}\RP164\A0064284.sys

Folder::

E:\System Volume Information\_restore{2323ADA7-BAE5-4D9E-88C7-610956C8F2C5}

E:\QooBox\Quarantine

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Execute o Active Scan novamente e veja se ainda detecta algo.
  

Abraços.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.