Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

HenriqueSPFC

[Arquivado] internet lenta, muito lenta....

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

HenriqueSPFC    0

HenriqueSPFC
Postado

Logfile of HijackThis v1.99.1

Scan saved at 21:53 Henrique, on 2/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

C:\Arquivos de programas\VHLabs\VHScrCap\VHScrCapDlg.exe

C:\WINDOWS\system32\taskmgr.exe

D:\Downloads Programas\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.spfc.com.br

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com.br/Community.aspx?cmm=56747661

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sRS Audio Sandbox] "C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Broken Internet access because of LSP provider 'avsda.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F85F72B0-623E-41CF-9829-1DAE1F47874F}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

 

 

Obrigado.

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa HenriqueSPFC,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um log do Hijackthis.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

HenriqueSPFC    0

HenriqueSPFC
Postado

Muito obrigado pela atenção

 

percebi q a varredura do Combofix eliminou as barras do ie7 como a barra do google

 

segue o ComboFix.txt

 

ComboFix 08-07-03.5 - Henrique 2008-07-04 13:35:26.1 - NTFSx86

Executando de: D:\Downloads Programas\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\ktd32.atm

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-04 to 2008-07-04 ))))))))))))))))))))))))))))))))

.

 

2008-07-04 12:33 . 2008-07-04 12:33 <DIR> d-------- C:\Documents and Settings\Daniela\Dados de aplicativos\AdobeUM

2008-07-03 13:27 . 2008-07-04 13:28 <DIR> d-------- C:\Documents and Settings\Henrique\Dados de aplicativos\AdobeUM

2008-07-03 10:10 . 2008-07-03 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\MSScanAppDataDir

2008-06-30 19:45 . 2008-06-30 19:45 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-06-30 19:38 . 2008-06-30 19:38 <DIR> d-------- C:\Documents and Settings\Henrique\Dados de aplicativos\DAEMON Tools

2008-06-30 19:38 . 2008-06-30 19:38 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-06-30 01:22 . 2008-06-30 19:31 3,639 --a------ C:\WINDOWS\VGSCDAPI.VXD

2008-06-27 19:52 . 2008-07-03 09:06 421 --a------ C:\WINDOWS\ODBC.INI

2008-06-27 19:51 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-06-27 19:47 . 2008-06-27 19:47 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-06-27 19:39 . 2008-06-27 19:39 <DIR> dr-h----- C:\MSOCache

2008-06-26 22:21 . 2008-06-26 22:21 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-06-22 23:07 . 2008-06-26 13:00 <DIR> d-------- C:\Arquivos de programas\BMO

2008-06-14 10:19 . 2008-06-27 19:48 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-06-12 22:43 . 2008-06-26 13:01 <DIR> d-------- C:\Arquivos de programas\Easy Audio Cutter

2008-06-12 22:35 . 2008-06-12 22:35 <DIR> d-------- C:\Arquivos de programas\TFM

2008-06-12 21:47 . 2008-06-12 21:47 <DIR> d-------- C:\Documents and Settings\Henrique\Dados de aplicativos\GrabPro

2008-06-10 20:52 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-10 01:01 . 2008-06-10 05:33 <DIR> d-------- C:\Arquivos de programas\GameSpy Arcade

2008-06-10 00:44 . 2008-06-10 00:44 <DIR> d-------- C:\Arquivos de programas\Sierra

2008-06-08 20:51 . 2008-06-08 20:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-06-08 20:51 . 2008-06-08 20:51 1,409 --a------ C:\WINDOWS\QTFont.for

2008-06-06 13:42 . 2008-06-30 20:23 2,077 --a------ C:\foto.jpeg

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-04 16:29 --------- d-----w C:\Documents and Settings\Henrique\Dados de aplicativos\Orbit

2008-07-04 16:28 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-07-04 16:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-07-04 15:46 --------- d-----w C:\Arquivos de programas\Google

2008-07-04 15:35 --------- d-----w C:\Documents and Settings\Daniela\Dados de aplicativos\Orbit

2008-07-03 23:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-07-02 20:16 --------- d-----w C:\Arquivos de programas\Xvid

2008-06-27 10:42 --------- d-----w C:\Arquivos de programas\eMule

2008-06-26 16:02 --------- d-----w C:\Arquivos de programas\Orbitdownloader

2008-06-26 16:01 --------- d-----w C:\Arquivos de programas\forsage3

2008-06-16 16:46 --------- d-----w C:\Arquivos de programas\GameVicio

2008-06-16 01:32 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-06-16 01:00 --------- d-----w C:\Arquivos de programas\EA SPORTS

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-01 17:05 --------- d-----w C:\Arquivos de programas\NitroPC

2008-05-28 22:33 --------- d-----w C:\Documents and Settings\Henrique\Dados de aplicativos\uTorrent

2008-05-23 10:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-05-13 23:22 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys

2008-05-13 22:50 --------- d-----w C:\Arquivos de programas\Stardock

2008-05-13 22:50 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Stardock

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-17 19:19 0 ----a-r C:\logwmemory.bin

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 15:34 3739672]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 01:13 68856]

"SRS Audio Sandbox"="C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-10-26 16:04 4354048]

"NitroPC"="C:\Arquivos de programas\NitroPC\NitroPC.exe" [2007-11-15 14:03 1975824]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"ATIPTA"="C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-11 21:10 344064]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2008-04-01 15:49 36352]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2007-08-31 12:25 249896]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"StartCCC"="C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

"PWRISOVM.EXE"="C:\Arquivos de programas\PowerISO\PWRISOVM.EXE" [2008-03-14 20:50 233472]

"BootSkin Startup Jobs"="C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]

"SoundMan"="SOUNDMAN.EXE" [2006-01-11 15:08 577536 C:\WINDOWS\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 Henrique 29696]

Google Updater.lnk - C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe [2008-04-17 01:13:16 Henrique 124400]

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-04-16 23:28:17 Henrique 1678536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Soldat\\Soldat.exe"=

"C:\\Arquivos de programas\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

 

R1 BIOS;BIOS;C:\WINDOWS\System32\drivers\BIOS.sys [2005-03-16 03:23]

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-07-04 03:20:01 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-04 12:00:01 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-04 13:00:00 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-04 14:00:00 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-04 15:00:00 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-04 16:00:00 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-03 17:00:00 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-03 18:00:00 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-03 19:00:05 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-01 20:00:00 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-02 21:00:00 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-04 04:00:00 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-02 22:00:02 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-02 23:00:00 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-04 00:00:02 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-04 01:00:05 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-04 02:00:00 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-04 05:00:00 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-04 06:00:00 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-01 07:00:00 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-01 08:00:00 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-07-01 09:00:00 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-06-27 10:00:00 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

"2008-06-30 11:00:02 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\system32\Ic74eiy2.exe

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Explorer_Run-DirectX For Microsoft® Windows - C:\WINDOWS\system32\fservice.exe

Notify-WgaLogon - (no file)

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-04 13:44:36

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-04 13:49:07

ComboFix-quarantined-files.txt 2008-07-04 16:49:03

 

Pre-Run: 37,129,117,696 bytes disponíveis

Post-Run: 37,899,829,248 bytes disponíveis

 

174 --- E O F --- 2008-06-26 20:38:34

 

[/b]

 

Logfile of HijackThis v1.99.1

Scan saved at 14:02 Henrique, on 4/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

D:\Downloads Programas\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com.br/Community.aspx?cmm=56747661

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sRS Audio Sandbox] "C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Broken Internet access because of LSP provider 'avsda.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F85F72B0-623E-41CF-9829-1DAE1F47874F}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa HenriqueSPFC,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\WINDOWS\system32\Ic74eiy2.exe

C:\WINDOWS\system32\fservice.exe

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\VGSCDAPI.VXD

C:\WINDOWS\ODBC.INI

C:\logwmemory.bin

C:\foto.jpeg

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

  • 2. Salve o arquivo como CFScript.txt;
     
    3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
    645i642.gif
     
    4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

HenriqueSPFC    0

HenriqueSPFC
Postado

opa brigadão em

 

percebi q resolveu até o problema de uma janelinha q aparecia sempre q ligava o pc com uma mensagem "n foi encontrado fservice.exe..."

 

segue os logs

ComboFix 08-07-03.5 - Henrique 2008-07-06 21:41:21.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.14 [GMT -3:00]Executando de: D:\Downloads Programas\ComboFix.exe

Command switches used :: D:\Downloads Programas\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\foto.jpeg

C:\logwmemory.bin

C:\WINDOWS\ODBC.INI

C:\WINDOWS\system32\fservice.exe

C:\WINDOWS\system32\Ic74eiy2.exe

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

C:\WINDOWS\VGSCDAPI.VXD

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\foto.jpeg

C:\logwmemory.bin

C:\WINDOWS\ODBC.INI

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

C:\WINDOWS\VGSCDAPI.VXD

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))))

.

 

2008-07-04 22:58 . 2008-07-04 23:15 <DIR> d-------- C:\Arquivos de programas\WinPcap

2008-07-04 22:45 . 2008-07-04 22:45 <DIR> d-------- C:\Arquivos de programas\GFI

2008-07-04 22:45 . 2008-07-04 22:45 0 --a------ C:\WINDOWS\system32\dfwmysf.win

2008-07-04 12:33 . 2008-07-04 12:33 <DIR> d-------- C:\Documents and Settings\Daniela\Dados de aplicativos\AdobeUM

2008-07-03 13:27 . 2008-07-04 13:28 <DIR> d-------- C:\Documents and Settings\Henrique\Dados de aplicativos\AdobeUM

2008-07-03 10:10 . 2008-07-03 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\MSScanAppDataDir

2008-06-30 19:45 . 2008-06-30 19:45 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-06-30 19:38 . 2008-06-30 19:38 <DIR> d-------- C:\Documents and Settings\Henrique\Dados de aplicativos\DAEMON Tools

2008-06-30 19:38 . 2008-06-30 19:38 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-06-27 19:51 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-06-27 19:47 . 2008-06-27 19:47 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-06-27 19:39 . 2008-06-27 19:39 <DIR> dr-h----- C:\MSOCache

2008-06-26 22:21 . 2008-06-26 22:21 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-06-22 23:07 . 2008-06-26 13:00 <DIR> d-------- C:\Arquivos de programas\BMO

2008-06-14 10:19 . 2008-06-27 19:48 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-06-12 22:43 . 2008-06-26 13:01 <DIR> d-------- C:\Arquivos de programas\Easy Audio Cutter

2008-06-12 22:35 . 2008-06-12 22:35 <DIR> d-------- C:\Arquivos de programas\TFM

2008-06-12 21:47 . 2008-06-12 21:47 <DIR> d-------- C:\Documents and Settings\Henrique\Dados de aplicativos\GrabPro

2008-06-10 20:52 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-10 01:01 . 2008-06-10 05:33 <DIR> d-------- C:\Arquivos de programas\GameSpy Arcade

2008-06-10 00:44 . 2008-06-10 00:44 <DIR> d-------- C:\Arquivos de programas\Sierra

2008-06-08 20:51 . 2008-06-08 20:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-06-08 20:51 . 2008-06-08 20:51 1,409 --a------ C:\WINDOWS\QTFont.for

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-06 23:28 --------- d-----w C:\Documents and Settings\Henrique\Dados de aplicativos\Orbit

2008-07-06 23:26 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-07-06 14:49 --------- d-----w C:\Documents and Settings\Daniela\Dados de aplicativos\Orbit

2008-07-06 01:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-07-05 01:58 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-07-04 16:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-07-04 15:46 --------- d-----w C:\Arquivos de programas\Google

2008-07-02 20:16 --------- d-----w C:\Arquivos de programas\Xvid

2008-06-27 10:42 --------- d-----w C:\Arquivos de programas\eMule

2008-06-26 16:02 --------- d-----w C:\Arquivos de programas\Orbitdownloader

2008-06-26 16:01 --------- d-----w C:\Arquivos de programas\forsage3

2008-06-16 16:46 --------- d-----w C:\Arquivos de programas\GameVicio

2008-06-16 01:32 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-06-16 01:00 --------- d-----w C:\Arquivos de programas\EA SPORTS

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-01 17:05 --------- d-----w C:\Arquivos de programas\NitroPC

2008-05-28 22:33 --------- d-----w C:\Documents and Settings\Henrique\Dados de aplicativos\uTorrent

2008-05-23 10:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-05-13 23:22 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys

2008-05-13 22:50 --------- d-----w C:\Arquivos de programas\Stardock

2008-05-13 22:50 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Stardock

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-04_13.48.47,17 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-04 16:27:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-06 23:25:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2007-01-25 17:31:34 42,000 ----a-w C:\WINDOWS\system32\drivers\npf.sys

+ 2007-01-25 17:31:34 88,952 ----a-w C:\WINDOWS\system32\Packet.dll

+ 2007-01-25 17:31:36 53,299 ----a-w C:\WINDOWS\system32\pthreadVC.dll

+ 2007-01-25 17:31:34 68,480 ----a-w C:\WINDOWS\system32\WanPacket.dll

+ 2007-01-25 17:31:36 240,496 ----a-w C:\WINDOWS\system32\wpcap.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 15:34 3739672]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 01:13 68856]

"SRS Audio Sandbox"="C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-10-26 16:04 4354048]

"NitroPC"="C:\Arquivos de programas\NitroPC\NitroPC.exe" [2007-11-15 14:03 1975824]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"ATIPTA"="C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-11 21:10 344064]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2008-04-01 15:49 36352]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2007-08-31 12:25 249896]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"StartCCC"="C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

"PWRISOVM.EXE"="C:\Arquivos de programas\PowerISO\PWRISOVM.EXE" [2008-03-14 20:50 233472]

"BootSkin Startup Jobs"="C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]

"SoundMan"="SOUNDMAN.EXE" [2006-01-11 15:08 577536 C:\WINDOWS\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 Henrique 29696]

Google Updater.lnk - C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe [2008-04-17 01:13:16 Henrique 124400]

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-04-16 23:28:17 Henrique 1678536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Soldat\\Soldat.exe"=

"C:\\Arquivos de programas\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

 

R1 BIOS;BIOS;C:\WINDOWS\System32\drivers\BIOS.sys [2005-03-16 03:23]

R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2007-07-18 08:09]

R3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 14:31]

S2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2007-08-28 13:08]

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-06 21:49:24

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-06 21:54:20

ComboFix-quarantined-files.txt 2008-07-07 00:54:15

ComboFix2.txt 2008-07-04 16:49:10

 

Pre-Run: 38,971,420,672 bytes disponíveis

Post-Run: 39,129,321,472 bytes disponíveis

 

193 --- E O F --- 2008-07-05 19:27:51

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:04 Henrique, on 6/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

D:\Downloads Programas\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com.br/Community.aspx?cmm=56747661

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sRS Audio Sandbox] "C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Broken Internet access because of LSP provider 'avsda.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F85F72B0-623E-41CF-9829-1DAE1F47874F}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

 

[/i]

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa HenriqueSPFC,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\WINDOWS\system32\dfwmysf.win

C:\WINDOWS\bootstat.dat

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

  • 2. Salve o arquivo como CFScript.txt;
     
    3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
    645i642.gif
     
    4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

HenriqueSPFC    0

HenriqueSPFC
Postado

descupa a demora, acabei de chegar de viagem

 

segue os logs

 

 

ComboFix 08-07-03.5 - Henrique 2008-07-14 12:12:55.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.35 [GMT -3:00]

Executando de: D:\Downloads Programas\ComboFix.exe

Command switches used :: D:\Downloads Programas\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\bootstat.dat

C:\WINDOWS\system32\dfwmysf.win

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\bootstat.dat

C:\WINDOWS\system32\dfwmysf.win

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))

.

 

2008-07-08 23:05 . 2008-07-08 23:05 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DirectX

2008-07-08 22:58 . 2008-07-08 22:58 <DIR> d-------- C:\GAMES

2008-07-08 21:47 . 2008-07-08 21:47 0 -ra------ C:\logwmemory.bin

2008-07-08 13:08 . 2008-07-08 15:42 2,011 --a------ C:\foto.jpeg

2008-07-07 10:03 . 2008-07-07 10:03 <DIR> d-------- C:\Documents and Settings\Henrique\Dados de aplicativos\fltk.org

2008-07-07 00:33 . 2008-07-07 00:33 3,639 --a------ C:\WINDOWS\VGSCDAPI.VXD

2008-07-04 22:58 . 2008-07-04 23:15 <DIR> d-------- C:\Arquivos de programas\WinPcap

2008-07-04 22:45 . 2008-07-04 22:45 <DIR> d-------- C:\Arquivos de programas\GFI

2008-07-04 12:33 . 2008-07-04 12:33 <DIR> d-------- C:\Documents and Settings\Daniela\Dados de aplicativos\AdobeUM

2008-07-03 13:27 . 2008-07-04 13:28 <DIR> d-------- C:\Documents and Settings\Henrique\Dados de aplicativos\AdobeUM

2008-07-03 10:10 . 2008-07-03 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\MSScanAppDataDir

2008-06-30 19:45 . 2008-06-30 19:45 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-06-30 19:38 . 2008-06-30 19:38 <DIR> d-------- C:\Documents and Settings\Henrique\Dados de aplicativos\DAEMON Tools

2008-06-30 19:38 . 2008-06-30 19:38 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-06-27 19:51 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-06-27 19:47 . 2008-06-27 19:47 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-06-27 19:39 . 2008-06-27 19:39 <DIR> dr-h----- C:\MSOCache

2008-06-26 22:21 . 2008-06-26 22:21 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-06-22 23:07 . 2008-06-26 13:00 <DIR> d-------- C:\Arquivos de programas\BMO

2008-06-20 14:41 . 2008-06-20 14:41 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 07:44 . 2008-06-20 07:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys

2008-06-14 10:19 . 2008-06-27 19:48 <DIR> d-------- C:\WINDOWS\SHELLNEW

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-14 14:19 --------- d-----w C:\Arquivos de programas\Orbitdownloader

2008-07-14 14:18 --------- d-----w C:\Documents and Settings\Henrique\Dados de aplicativos\Orbit

2008-07-14 14:17 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-07-14 04:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-07-10 21:59 --------- d-----w C:\Documents and Settings\Daniela\Dados de aplicativos\Orbit

2008-07-09 16:46 --------- d-----w C:\Documents and Settings\Henrique\Dados de aplicativos\GrabPro

2008-07-05 01:58 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-07-04 16:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-07-04 15:46 --------- d-----w C:\Arquivos de programas\Google

2008-07-02 20:16 --------- d-----w C:\Arquivos de programas\Xvid

2008-06-27 10:42 --------- d-----w C:\Arquivos de programas\eMule

2008-06-26 16:01 --------- d-----w C:\Arquivos de programas\forsage3

2008-06-26 16:01 --------- d-----w C:\Arquivos de programas\Easy Audio Cutter

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-16 16:46 --------- d-----w C:\Arquivos de programas\GameVicio

2008-06-16 01:32 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-06-16 01:00 --------- d-----w C:\Arquivos de programas\EA SPORTS

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-13 01:35 --------- d-----w C:\Arquivos de programas\TFM

2008-06-10 08:33 --------- d-----w C:\Arquivos de programas\GameSpy Arcade

2008-06-10 03:44 --------- d-----w C:\Arquivos de programas\Sierra

2008-06-01 17:05 --------- d-----w C:\Arquivos de programas\NitroPC

2008-05-28 22:33 --------- d-----w C:\Documents and Settings\Henrique\Dados de aplicativos\uTorrent

2008-05-23 10:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-04_13.48.47,17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-08-16 12:14:18 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll

+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys

+ 2008-06-20 17:36:55 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll

+ 2008-06-20 17:36:55 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll

+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys

+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys

+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys

+ 2008-06-20 17:48:21 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll

+ 2008-06-20 17:48:21 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll

+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys

+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys

+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys

+ 2008-06-20 17:44:42 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll

+ 2008-06-20 17:44:42 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys

+ 2007-11-30 12:39:04 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll

+ 2007-11-30 12:39:04 233,336 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe

+ 2007-11-30 12:39:04 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll

+ 2007-11-30 12:38:57 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe

+ 2007-11-30 12:38:57 395,128 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll

- 2008-02-20 05:37:59 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll

+ 2008-06-20 17:41:07 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

- 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys

+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys

- 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys

+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

- 2008-02-20 05:37:59 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

+ 2008-06-20 17:41:07 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

+ 2007-01-25 17:31:34 42,000 ----a-w C:\WINDOWS\system32\drivers\npf.sys

- 2004-08-04 03:45:26 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

+ 2008-06-20 17:41:07 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

+ 2007-01-25 17:31:34 88,952 ----a-w C:\WINDOWS\system32\Packet.dll

+ 2007-01-25 17:31:36 53,299 ----a-w C:\WINDOWS\system32\pthreadVC.dll

- 2007-11-30 11:18:16 18,296 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 12:39:04 18,296 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-01-25 17:31:34 68,480 ----a-w C:\WINDOWS\system32\WanPacket.dll

+ 2007-01-25 17:31:36 240,496 ----a-w C:\WINDOWS\system32\wpcap.dll

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"= "C:\Arquivos de programas\Orbitdownloader\GrabPro.dll" [2008-06-10 10:47 457848]

 

[HKEY_CLASSES_ROOT\clsid\{c55bbcd6-41ad-48ad-9953-3609c48eacc7}]

[HKEY_CLASSES_ROOT\GrabPro.FindBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}]

[HKEY_CLASSES_ROOT\GrabPro.FindBar]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"= "C:\Arquivos de programas\Orbitdownloader\GrabPro.dll" [2008-06-10 10:47 457848]

 

[HKEY_CLASSES_ROOT\clsid\{c55bbcd6-41ad-48ad-9953-3609c48eacc7}]

[HKEY_CLASSES_ROOT\GrabPro.FindBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}]

[HKEY_CLASSES_ROOT\GrabPro.FindBar]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 15:34 3739672]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 01:13 68856]

"SRS Audio Sandbox"="C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-10-26 16:04 4354048]

"NitroPC"="C:\Arquivos de programas\NitroPC\NitroPC.exe" [2007-11-15 14:03 1975824]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"ATIPTA"="C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-11 21:10 344064]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2008-04-01 15:49 36352]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2007-08-31 12:25 249896]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"StartCCC"="C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

"PWRISOVM.EXE"="C:\Arquivos de programas\PowerISO\PWRISOVM.EXE" [2008-03-14 20:50 233472]

"BootSkin Startup Jobs"="C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]

"SoundMan"="SOUNDMAN.EXE" [2006-01-11 15:08 577536 C:\WINDOWS\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 Henrique 29696]

Google Updater.lnk - C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe [2008-04-17 01:13:16 Henrique 124400]

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-04-16 23:28:17 Henrique 1690824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Soldat\\Soldat.exe"=

"C:\\Arquivos de programas\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

 

R1 BIOS;BIOS;C:\WINDOWS\System32\drivers\BIOS.sys [2005-03-16 03:23]

R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2007-07-18 08:09]

S2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2007-08-28 13:08]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 14:31]

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-14 12:21:45

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-14 12:26:32

ComboFix-quarantined-files.txt 2008-07-14 15:26:27

ComboFix2.txt 2008-07-07 00:54:22

ComboFix3.txt 2008-07-04 16:49:10

 

Pre-Run: 36,965,789,696 bytes disponíveis

Post-Run: 37,564,284,928 bytes disponíveis

 

190 --- E O F --- 2008-07-09 05:35:11

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:41 Henrique, on 14/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

D:\Downloads Programas\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com.br/Community.aspx?cmm=56747661

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sRS Audio Sandbox] "C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Broken Internet access because of LSP provider 'avsda.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F85F72B0-623E-41CF-9829-1DAE1F47874F}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

 

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa HenriqueSPFC,

 

Poste um novo log do ComboFix.

 

Abraços.

 

PS.: Desculpe a demora.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito