Yeshu'a 0 Denunciar post Postado Julho 14, 2008 Toda vez que eu ligo o computador o avira encontra alguns trojans, e eu ja fiz Busca completa e busca por rootkit porem ele não disse nada.... Desde ja Vlw Vai o log do HiJackThis ai embaixo =D Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:16:50, on 14/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Arquivos de programas\Google\Update\GoogleUpdate.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Arquivos de programas\Bonjour\mDNSResponder.exe D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe D:\WINDOWS\system32\igfxtray.exe D:\WINDOWS\system32\igfxsrvc.exe D:\WINDOWS\system32\hkcmd.exe D:\WINDOWS\system32\igfxpers.exe D:\WINDOWS\RTHDCPL.EXE C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe D:\Arquivos de programas\TopDesk\topdesk.exe D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe D:\Arquivos de programas\iTunes\iTunesHelper.exe D:\WINDOWS\system32\ctfmon.exe D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\iPod\bin\iPodService.exe D:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE D:\WINDOWS\System32\svchost.exe C:\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=userinit.exe,D:\WINDOWS\lsas.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file) O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TopDesk] D:\Arquivos de programas\TopDesk\topdesk.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKLM\..\Policies\Explorer\Run: [lsas] D:\WINDOWS\lsas.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - S-1-5-18 Startup: ObjectDock.lnk = D:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: UberIcon.lnk = D:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: VisualTaskTips.lnk = D:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'SYSTEM') O4 - .DEFAULT Startup: ObjectDock.lnk = D:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user') O4 - .DEFAULT Startup: UberIcon.lnk = D:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user') O4 - .DEFAULT Startup: VisualTaskTips.lnk = D:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user') O4 - Startup: Yahoo! Widgets.lnk = D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe O4 - Global Startup: RKLauncher.lnk = D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &List Stylesheets - D:\WINDOWS\Web\CSS_Stylesheets.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html O9 - Extra 'Tools' menuitem: &List Stylesheets - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 10886 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Julho 14, 2008 Baixe o Combofix e salve no seu desktop. Feche todas as janelas e programas Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção. Quando acabar, será gerado um log, que vai estar em D:\ComboFix.txt. Atenção: Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco. Para parar ou sair do ComboFix, tecle "2" e Enter. Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt. Compartilhar este post Link para o post Compartilhar em outros sites
Yeshu'a 0 Denunciar post Postado Julho 14, 2008 Por questão de analise, vai ai os nomes dos arquivos que o avira achou "D:\Documents and Settings\UserName\Configurações locais\Temporary Internet Files\Content.IE5\ZTAA9BZQ\zpatnfjiqtimyzs[1].exe." e "D:\WINDOWS\system32\atnfj.exe." Vai ai os logs Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:44:30, on 14/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Arquivos de programas\Google\Update\GoogleUpdate.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Arquivos de programas\Bonjour\mDNSResponder.exe D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\wscntfy.exe D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe D:\WINDOWS\system32\igfxtray.exe D:\WINDOWS\system32\hkcmd.exe D:\WINDOWS\system32\igfxpers.exe D:\WINDOWS\RTHDCPL.EXE C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe D:\WINDOWS\system32\igfxsrvc.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Arquivos de programas\TopDesk\topdesk.exe D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe D:\Arquivos de programas\iTunes\iTunesHelper.exe D:\WINDOWS\system32\ctfmon.exe D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Arquivos de programas\iPod\bin\iPodService.exe D:\Arquivos de programas\iTunes\iTunes.exe D:\Arquivos de programas\Last.fm\LastFM.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\distnoted.exe D:\WINDOWS\explorer.exe D:\WINDOWS\system32\notepad.exe C:\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file) O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TopDesk] D:\Arquivos de programas\TopDesk\topdesk.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKLM\..\Policies\Explorer\Run: [lsas] D:\WINDOWS\lsas.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &List Stylesheets - D:\WINDOWS\Web\CSS_Stylesheets.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html O9 - Extra 'Tools' menuitem: &List Stylesheets - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 10106 bytes ComboFix 08-07-13.14 - UserName 2008-07-14 15:32:05.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1454 [GMT -3:00] Executando de: D:\Documents and Settings\UserName\Desktop\ComboFix.exe * Criado um novo ponto de restauro WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((( Outras Exclusäes ))))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Arquivos de programas\mjc D:\Arquivos de programas\mjc\mjc.exe D:\Arquivos de programas\Sakora D:\Arquivos de programas\Spcron D:\Arquivos de programas\Spcron\Spc.dll D:\Arquivos de programas\Temporary D:\WINDOWS\system32\AutoRun.inf D:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\CPV.stt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TCPSR -------\Service_tcpsr ((((((((((((((((((((((( Ficheiros criados de 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))) . 2008-07-14 14:31 . <DIR> D:\WINDOWS\LastGood.Tmp 2008-07-14 08:21 . 2008-07-14 13:19 192,512 --a------ D:\WINDOWS\system32\cbOCR.dll 2008-07-11 11:40 . 2008-07-11 11:39 46,320 --a------ D:\WINDOWS\php.ini 2008-07-11 11:37 . 2008-05-02 18:07 4,874,301 --a------ D:\WINDOWS\system32\php5ts.dll 2008-07-11 11:37 . 2008-05-02 18:07 2,076,672 --a------ D:\WINDOWS\system32\libmysql.dll 2008-07-09 11:49 . 2008-07-09 11:49 <DIR> d--h----- D:\WINDOWS\amcdl 2008-07-08 16:04 . 2008-07-08 16:04 <DIR> d-------- D:\Arquivos de programas\MySQL 2008-07-08 15:55 . 2008-07-08 15:55 <DIR> d-------- D:\Arquivos de programas\Apache Software Foundation 2008-07-08 09:32 . 2008-07-08 09:32 <DIR> d-------- D:\Arquivos de programas\FileZilla FTP Client 2008-07-07 11:24 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl 2008-07-07 11:22 . 2008-07-07 11:22 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\Java 2008-07-03 09:23 . 2008-07-03 09:24 <DIR> d-------- D:\Arquivos de programas\Microsoft Works 2008-07-03 09:16 . 2008-07-03 09:16 <DIR> dr-h----- D:\MSOCache 2008-06-30 16:18 . 2008-07-08 15:30 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help 2008-06-30 14:53 . 2008-06-30 14:53 <DIR> d-------- D:\WINDOWS\system32\pt-br 2008-06-30 14:50 . 2008-06-30 14:50 <DIR> d--h----- D:\WINDOWS\$hf_mig$ 2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Avira 2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Arquivos de programas\Avira 2008-06-26 13:10 . 2008-06-26 13:10 <DIR> d-------- D:\Arquivos de programas\ahead 2008-06-26 13:10 . 2008-06-26 13:10 831,488 --------- D:\WINDOWS\UNMRW.exe 2008-06-26 13:10 . 2008-06-26 13:10 155,648 --------- D:\WINDOWS\system32\NeroCheck.exe 2008-06-26 13:10 . 2008-06-26 13:10 70,532 --------- D:\WINDOWS\UNMRW.cfg 2008-06-26 13:10 . 2008-06-26 13:10 7,582 --------- D:\WINDOWS\system32\drivers\incdrm.sys 2008-06-26 09:57 . 2008-06-26 09:57 <DIR> d-------- D:\Arquivos de programas\Yahoo! 2008-06-26 08:26 . 2008-06-26 08:26 238,532 --a------ D:\WINDOWS\system32\sns.exe 2008-06-25 16:59 . 2008-06-25 16:59 371,158 --a------ D:\WINDOWS\system32\terum.exe 2008-06-25 16:59 . 2008-06-25 16:59 371,158 -rahs---- D:\WINDOWS\lsas.exe 2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\WebApps 2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Prism 2008-06-24 10:20 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll 2008-06-24 10:20 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll 2008-06-24 10:20 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui 2008-06-18 16:39 . 2008-06-18 16:39 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Flock 2008-06-18 16:39 . 2008-07-14 08:32 <DIR> d-------- D:\Arquivos de programas\Flock 2008-06-18 16:20 . 2008-06-26 14:40 305 --a------ D:\WINDOWS\wininit.ini 2008-06-17 16:40 . 2008-05-27 21:05 <DIR> d-------- D:\Arquivos de programas\True Transparency 2008-06-17 15:35 . 2008-06-17 15:35 <DIR> d-------- D:\Arquivos de programas\RK Launcher 2008-06-17 15:35 . 2008-06-17 15:36 <DIR> d-------- D:\Arquivos de programas\iShut 2008-06-17 15:35 . 2008-06-17 15:35 <DIR> d-------- D:\Arquivos de programas\Address Book 2008-06-17 14:42 . 2008-06-17 14:42 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus! 2008-06-17 14:39 . 2008-06-17 14:39 <DIR> d-------- D:\Arquivos de programas\Messenger Plus! Live 2008-06-17 13:07 . 2008-06-17 13:07 240,726 --a------ D:\WINDOWS\system32\sms.exe 2008-06-17 13:07 . 2008-06-17 13:07 0 -rahs---- D:\kb 2008-06-17 10:45 . 2008-07-14 08:33 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Google Updater 2008-06-16 18:07 . 2008-06-16 18:07 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\GrabPro 2008-06-16 10:24 . 2008-06-16 10:24 <DIR> d-------- D:\Arquivos de programas\Shock Utility 2008-06-16 10:24 . 2008-06-16 10:24 65,536 --a------ D:\WINDOWS\IFinst27.MSNFix 2008-06-16 08:24 . 2008-06-16 08:24 <DIR> d-------- D:\Arquivos de programas\DAEMON Tools Lite . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-14 18:31 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Orbit 2008-07-14 17:47 --------- d-----w D:\Arquivos de programas\Mozilla Thunderbird 2008-07-14 16:13 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\uTorrent 2008-07-14 12:44 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\FileZilla 2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iTunes 2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iPod 2008-07-10 12:35 32,000 ----a-w D:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-09 21:14 --------- d-----w D:\Arquivos de programas\Google 2008-07-07 14:24 --------- d-----w D:\Arquivos de programas\Java 2008-06-26 19:27 --------- d-----w D:\Arquivos de programas\ESET 2008-06-25 12:53 --------- d-----w D:\Arquivos de programas\eMule 2008-06-18 19:15 --------- d-----w D:\Arquivos de programas\JC-Email Direct Express 4.2 2008-06-18 18:46 --------- d-----w D:\Arquivos de programas\Cheat Engine 2008-06-18 18:45 --------- d-----w D:\Arquivos de programas\Orbitdownloader 2008-06-16 18:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Apple Computer 2008-06-13 18:21 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys 2008-06-13 18:21 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\DAEMON Tools 2008-06-12 18:42 --------- d-----w D:\Arquivos de programas\Safari 2008-06-11 13:55 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Ahead 2008-06-10 11:34 --------- d-----w D:\Arquivos de programas\QuickTime 2008-06-09 17:08 --------- d-----w D:\Arquivos de programas\Magic Swf2Avi 2008 2008-06-03 19:30 --------- d-----w D:\Arquivos de programas\Last.fm 2008-06-02 14:06 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Last.fm 2008-05-27 16:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\iSproggler 2008-05-27 13:58 --------- d-----w D:\Arquivos de programas\AviSynth 2.5 2008-05-27 13:04 --------- d-----w D:\Arquivos de programas\Bonjour 2008-05-27 12:50 --------- d-----w D:\Arquivos de programas\iPod(2) 2008-05-26 14:33 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\LimeWire 2008-05-26 14:14 --------- d-----w D:\Arquivos de programas\Red Kawa 2008-05-26 13:44 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Any Video Converter 2008-05-26 12:31 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer 2008-05-26 12:30 --------- d-----w D:\Arquivos de programas\Arquivos comuns\Apple 2008-05-26 12:26 --------- d-----w D:\Arquivos de programas\eRightSoft 2004-02-12 20:25 65,536 ----a-w D:\Arquivos de programas\internet explorer\plugins\CSSEdit.dll . ------- Sigcheck ------- 2007-06-26 08:02 359040 27a5959c94ee173a063ca06bd14f021a D:\WINDOWS\system32\drivers\tcpip.sys 2007-04-26 17:10 1778688 8a9fbd4c096cb4467df00687703bd086 D:\WINDOWS\explorer.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360] "msnmsgr"="D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "DAEMON Tools Lite"="D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856] "SpybotSD TeaTimer"="D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "swg"="D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 10:45 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Vistadrv"="D:\WINDOWS\HDbar\vsdrv.exe" [2006-07-30 02:37 121089] "UnlockerAssistant"="D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872] "IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2007-04-20 02:57 142104] "HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2007-04-20 02:57 162584] "Persistence"="D:\WINDOWS\system32\igfxpers.exe" [2007-04-20 02:57 138008] "Adobe Reader Speed Launcher"="D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "G4Listener"="C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" [2008-01-11 12:00 93184] "QuickTime Task"="D:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "avgnt"="D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "TopDesk"="D:\Arquivos de programas\TopDesk\topdesk.exe" [2006-02-05 17:00 195584] "SunJavaUpdateSched"="D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "AppleSyncNotifier"="D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "iTunesHelper"="D:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 D:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "lsas"="D:\WINDOWS\lsas.exe" [2008-06-25 16:59 371158] D:\WINDOWS\system32\config\systemprofile\Menu Iniciar\Programas\Inicializar\ ObjectDock.lnk - D:\Arquivos de programas\OBjectDock\ObjectDock.exe [2008-03-12 13:57:04 1826885] UberIcon.lnk - D:\Arquivos de programas\UberIcon\UberIcon Manager.exe [2008-03-12 13:54:21 188416] VisualTaskTips.lnk - D:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe [2008-03-12 13:54:22 36864] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe,D:\\WINDOWS\\lsas.exe" "UIHost"="%windir%\\Resources\\Logon\\Newlogo.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.CSCD"= camcodec.dll "vidc.ffds"= D:\ARQUIV~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nsd22.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uap14.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff74.sys] @="Driver" [HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^UberIcon.lnk] path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\UberIcon.lnk backup=D:\WINDOWS\pss\UberIcon.lnkStartup [HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^VisualTaskTips.lnk] path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\VisualTaskTips.lnk backup=D:\WINDOWS\pss\VisualTaskTips.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "D:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "D:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"= "D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "D:\\WINDOWS\\system32\\LMabcoms.exe"= "D:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "D:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "D:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "C:\\Santander\\Gerenciador de Arquivos\\Bin\\Listener.exe"= "D:\\Arquivos de programas\\eMule\\emule.exe"= "C:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "D:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe"= "D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= "D:\\Arquivos de programas\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8322:TCP"= 8322:TCP:BitComet 8322 TCP "8322:UDP"= 8322:UDP:BitComet 8322 UDP S0 Nsd22;Nsd22;D:\WINDOWS\system32\Drivers\Nsd22.sys [] S0 Uap14;Uap14;D:\WINDOWS\system32\Drivers\Uap14.sys [] S0 Winff74;Winff74;D:\WINDOWS\system32\Drivers\Winff74.sys [] S2 gupdate1c8c104853bc198;Google Update Service (gupdate1c8c104853bc198);D:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2008-07-09 09:22] S3 FXDrv32;FXDrv32;E:\FXDrv32.sys [] S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 08:59] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [] S3 XDva120;XDva120;D:\WINDOWS\system32\XDva120.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{901264ee-20dd-11dd-b705-001c25463545}] \Shell\AutoRun\command - NTsys.exe \Shell\explore\Command - NTsys.exe \Shell\open\Command - NTsys.exe . Conte£do da pasta 'Tarefas Agendadas' "2008-04-16 16:14:59 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe "2008-07-14 18:35:38 D:\WINDOWS\Tasks\GoogleUpdateTask.job" - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-Free Download Manager - D:\Arquivos de programas\Free Download Manager\fdm.exe HKU-Default-Run-MsnMsgr - D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe MSConfigStartUp-MsnMsgr - D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-14 15:36:11 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializ veis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: D:\WINDOWS\explorer.exe -> D:\Arquivos de programas\TopDesk\topdesk.dll -> D:\Arquivos de programas\Unlocker\UnlockerHook.dll . ------------------------ Other Running Processes ------------------------ . D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Arquivos de programas\Bonjour\mDNSResponder.exe D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\system32\igfxsrvc.exe D:\Arquivos de programas\iPod\bin\iPodService.exe D:\Arquivos de programas\iTunes\iTunes.exe D:\Arquivos de programas\Last.fm\LastFM.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\distnoted.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\guardgui.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\guardgui.exe . ************************************************************************** . Tempo para conclusÆo: 2008-07-14 15:42:56 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-14 18:42:37 ComboFix2.txt 2008-06-24 13:38:58 Pre-Run: 165,619,671,040 bytes disponíveis Post-Run: 166,297,513,984 bytes dispon¡veis 253 Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Julho 14, 2008 Boa noite, WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! <!> Antes de qualquer medida, faça a instalação do RC! --------------------------------------- <!> Vá ao site da Microsoft: < Link > <!> Selecione o download, que seja adequado, ao seu Sistema Operacional! <!> Faça o download, do arquivo, e salve-o no seu desktop. <!> Feche todos os programas, que estejam abertos! <!> Feche, também, seus programas de proteção! ( Antivírus,Antispywares e Firewall ) <!> Arraste o setup, baixado do site da Microsoft, para o interior do ComboFix.exe <!> Veja, abaixo, a demonstração! <!> Siga as mensagens que aparecem na tela,para iniciar o ComboFix. <!> Aceite o contrato da Microsoft, para instalar o "Console de Recuperação da Microsoft". <!> Na próxima mensagem, clique em "Yes", para realizar um scan com o ComboFix. <!> Terminando, poste os relatórios: <!> C:\ComboFix.txt mais o log do HijackThis, atualizado. Abraços Compartilhar este post Link para o post Compartilhar em outros sites
Yeshu'a 0 Denunciar post Postado Julho 15, 2008 Segue os Logs Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:37:06, on 15/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Arquivos de programas\Google\Update\GoogleUpdate.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Arquivos de programas\Bonjour\mDNSResponder.exe D:\WINDOWS\system32\igfxtray.exe D:\WINDOWS\system32\hkcmd.exe D:\WINDOWS\system32\igfxpers.exe D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe D:\WINDOWS\RTHDCPL.EXE D:\WINDOWS\system32\igfxsrvc.exe D:\WINDOWS\System32\svchost.exe C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Arquivos de programas\TopDesk\topdesk.exe D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe D:\Arquivos de programas\iTunes\iTunesHelper.exe D:\WINDOWS\system32\ctfmon.exe D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\WINDOWS\system32\wscntfy.exe D:\Arquivos de programas\iPod\bin\iPodService.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe D:\WINDOWS\explorer.exe D:\WINDOWS\system32\notepad.exe C:\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file) O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TopDesk] D:\Arquivos de programas\TopDesk\topdesk.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKLM\..\Policies\Explorer\Run: [lsas] D:\WINDOWS\lsas.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &List Stylesheets - D:\WINDOWS\Web\CSS_Stylesheets.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html O9 - Extra 'Tools' menuitem: &List Stylesheets - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 9767 bytes ComboFix 08-07-13.14 - UserName 2008-07-15 8:33:06.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1519 [GMT -3:00] Executando de: D:\Documents and Settings\UserName\Desktop\ComboFix.exe Command switches used :: D:\Documents and Settings\UserName\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((( Ficheiros criados de 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))) . 2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais 2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\UserName\Configuraþ§es locais 2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\NetworkService\Configuraþ§es locais 2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\LocalService\Configuraþ§es locais 2008-07-14 08:21 . 2008-07-14 13:19 192,512 --a------ D:\WINDOWS\system32\cbOCR.dll 2008-07-11 11:40 . 2008-07-11 11:39 46,320 --a------ D:\WINDOWS\php.ini 2008-07-11 11:37 . 2008-05-02 18:07 4,874,301 --a------ D:\WINDOWS\system32\php5ts.dll 2008-07-11 11:37 . 2008-05-02 18:07 2,076,672 --a------ D:\WINDOWS\system32\libmysql.dll 2008-07-09 11:49 . 2008-07-09 11:49 <DIR> d--h----- D:\WINDOWS\amcdl 2008-07-08 16:04 . 2008-07-08 16:04 <DIR> d-------- D:\Arquivos de programas\MySQL 2008-07-08 15:55 . 2008-07-08 15:55 <DIR> d-------- D:\Arquivos de programas\Apache Software Foundation 2008-07-08 09:32 . 2008-07-08 09:32 <DIR> d-------- D:\Arquivos de programas\FileZilla FTP Client 2008-07-07 11:24 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl 2008-07-07 11:22 . 2008-07-07 11:22 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\Java 2008-07-03 09:23 . 2008-07-03 09:24 <DIR> d-------- D:\Arquivos de programas\Microsoft Works 2008-07-03 09:16 . 2008-07-03 09:16 <DIR> dr-h----- D:\MSOCache 2008-06-30 16:18 . 2008-07-08 15:30 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help 2008-06-30 14:53 . 2008-06-30 14:53 <DIR> d-------- D:\WINDOWS\system32\pt-br 2008-06-30 14:50 . 2008-06-30 14:50 <DIR> d--h----- D:\WINDOWS\$hf_mig$ 2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Avira 2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Arquivos de programas\Avira 2008-06-26 13:10 . 2008-06-26 13:10 <DIR> d-------- D:\Arquivos de programas\ahead 2008-06-26 13:10 . 2008-06-26 13:10 831,488 --------- D:\WINDOWS\UNMRW.exe 2008-06-26 13:10 . 2008-06-26 13:10 155,648 --------- D:\WINDOWS\system32\NeroCheck.exe 2008-06-26 13:10 . 2008-06-26 13:10 70,532 --------- D:\WINDOWS\UNMRW.cfg 2008-06-26 13:10 . 2008-06-26 13:10 7,582 --------- D:\WINDOWS\system32\drivers\incdrm.sys 2008-06-26 09:57 . 2008-06-26 09:57 <DIR> d-------- D:\Arquivos de programas\Yahoo! 2008-06-26 08:26 . 2008-06-26 08:26 238,532 --a------ D:\WINDOWS\system32\sns.exe 2008-06-25 16:59 . 2008-06-25 16:59 371,158 --a------ D:\WINDOWS\system32\terum.exe 2008-06-25 16:59 . 2008-06-25 16:59 371,158 -rahs---- D:\WINDOWS\lsas.exe 2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\WebApps 2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Prism 2008-06-24 10:20 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll 2008-06-24 10:20 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll 2008-06-24 10:20 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui 2008-06-18 16:39 . 2008-06-18 16:39 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Flock 2008-06-18 16:39 . 2008-07-15 08:18 <DIR> d-------- D:\Arquivos de programas\Flock 2008-06-18 16:20 . 2008-06-26 14:40 305 --a------ D:\WINDOWS\wininit.ini 2008-06-17 16:40 . 2008-05-27 21:05 <DIR> d-------- D:\Arquivos de programas\True Transparency 2008-06-17 15:35 . 2008-06-17 15:35 <DIR> d-------- D:\Arquivos de programas\RK Launcher 2008-06-17 15:35 . 2008-06-17 15:36 <DIR> d-------- D:\Arquivos de programas\iShut 2008-06-17 15:35 . 2008-06-17 15:35 <DIR> d-------- D:\Arquivos de programas\Address Book 2008-06-17 14:42 . 2008-06-17 14:42 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus! 2008-06-17 14:39 . 2008-06-17 14:39 <DIR> d-------- D:\Arquivos de programas\Messenger Plus! Live 2008-06-17 13:07 . 2008-06-17 13:07 240,726 --a------ D:\WINDOWS\system32\sms.exe 2008-06-17 13:07 . 2008-06-17 13:07 0 -rahs---- D:\kb 2008-06-17 10:45 . 2008-07-14 08:33 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Google Updater 2008-06-16 18:07 . 2008-06-16 18:07 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\GrabPro 2008-06-16 10:24 . 2008-06-16 10:24 <DIR> d-------- D:\Arquivos de programas\Shock Utility 2008-06-16 10:24 . 2008-06-16 10:24 65,536 --a------ D:\WINDOWS\IFinst27.MSNFix 2008-06-16 08:24 . 2008-06-16 08:24 <DIR> d-------- D:\Arquivos de programas\DAEMON Tools Lite . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-15 11:32 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Orbit 2008-07-14 21:01 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\uTorrent 2008-07-14 20:53 --------- d-----w D:\Arquivos de programas\Mozilla Thunderbird 2008-07-14 12:44 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\FileZilla 2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iTunes 2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iPod 2008-07-10 12:35 32,000 ----a-w D:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-09 21:14 --------- d-----w D:\Arquivos de programas\Google 2008-07-07 14:24 --------- d-----w D:\Arquivos de programas\Java 2008-06-26 19:27 --------- d-----w D:\Arquivos de programas\ESET 2008-06-25 12:53 --------- d-----w D:\Arquivos de programas\eMule 2008-06-18 19:15 --------- d-----w D:\Arquivos de programas\JC-Email Direct Express 4.2 2008-06-18 18:46 --------- d-----w D:\Arquivos de programas\Cheat Engine 2008-06-18 18:45 --------- d-----w D:\Arquivos de programas\Orbitdownloader 2008-06-16 18:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Apple Computer 2008-06-13 18:21 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys 2008-06-13 18:21 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\DAEMON Tools 2008-06-12 18:42 --------- d-----w D:\Arquivos de programas\Safari 2008-06-11 13:55 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Ahead 2008-06-10 11:34 --------- d-----w D:\Arquivos de programas\QuickTime 2008-06-09 17:08 --------- d-----w D:\Arquivos de programas\Magic Swf2Avi 2008 2008-06-03 19:30 --------- d-----w D:\Arquivos de programas\Last.fm 2008-06-02 14:06 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Last.fm 2008-05-27 16:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\iSproggler 2008-05-27 13:58 --------- d-----w D:\Arquivos de programas\AviSynth 2.5 2008-05-27 13:04 --------- d-----w D:\Arquivos de programas\Bonjour 2008-05-27 12:50 --------- d-----w D:\Arquivos de programas\iPod(2) 2008-05-26 14:33 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\LimeWire 2008-05-26 14:14 --------- d-----w D:\Arquivos de programas\Red Kawa 2008-05-26 13:44 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Any Video Converter 2008-05-26 12:31 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer 2008-05-26 12:30 --------- d-----w D:\Arquivos de programas\Arquivos comuns\Apple 2008-05-26 12:26 --------- d-----w D:\Arquivos de programas\eRightSoft 2004-02-12 20:25 65,536 ----a-w D:\Arquivos de programas\internet explorer\plugins\CSSEdit.dll . ------- Sigcheck ------- 2007-06-26 08:02 359040 27a5959c94ee173a063ca06bd14f021a D:\WINDOWS\system32\drivers\tcpip.sys 2007-04-26 17:10 1778688 8a9fbd4c096cb4467df00687703bd086 D:\WINDOWS\explorer.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360] "msnmsgr"="D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "DAEMON Tools Lite"="D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856] "SpybotSD TeaTimer"="D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "swg"="D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 10:45 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Vistadrv"="D:\WINDOWS\HDbar\vsdrv.exe" [2006-07-30 02:37 121089] "UnlockerAssistant"="D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872] "IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2007-04-20 02:57 142104] "HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2007-04-20 02:57 162584] "Persistence"="D:\WINDOWS\system32\igfxpers.exe" [2007-04-20 02:57 138008] "Adobe Reader Speed Launcher"="D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "G4Listener"="C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" [2008-01-11 12:00 93184] "QuickTime Task"="D:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "avgnt"="D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "TopDesk"="D:\Arquivos de programas\TopDesk\topdesk.exe" [2006-02-05 17:00 195584] "SunJavaUpdateSched"="D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "AppleSyncNotifier"="D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "iTunesHelper"="D:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 D:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "lsas"="D:\WINDOWS\lsas.exe" [2008-06-25 16:59 371158] D:\WINDOWS\system32\config\systemprofile\Menu Iniciar\Programas\Inicializar\ ObjectDock.lnk - D:\Arquivos de programas\OBjectDock\ObjectDock.exe [2008-03-12 13:57:04 1826885] UberIcon.lnk - D:\Arquivos de programas\UberIcon\UberIcon Manager.exe [2008-03-12 13:54:21 188416] VisualTaskTips.lnk - D:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe [2008-03-12 13:54:22 36864] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="%windir%\\Resources\\Logon\\Newlogo.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.CSCD"= camcodec.dll "vidc.ffds"= D:\ARQUIV~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nsd22.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uap14.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff74.sys] @="Driver" [HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^UberIcon.lnk] path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\UberIcon.lnk backup=D:\WINDOWS\pss\UberIcon.lnkStartup [HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^VisualTaskTips.lnk] path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\VisualTaskTips.lnk backup=D:\WINDOWS\pss\VisualTaskTips.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "D:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "D:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"= "D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "D:\\WINDOWS\\system32\\LMabcoms.exe"= "D:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "D:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "D:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "C:\\Santander\\Gerenciador de Arquivos\\Bin\\Listener.exe"= "D:\\Arquivos de programas\\eMule\\emule.exe"= "C:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "D:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe"= "D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= "D:\\Arquivos de programas\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8322:TCP"= 8322:TCP:BitComet 8322 TCP "8322:UDP"= 8322:UDP:BitComet 8322 UDP S0 Nsd22;Nsd22;D:\WINDOWS\system32\Drivers\Nsd22.sys [] S0 Uap14;Uap14;D:\WINDOWS\system32\Drivers\Uap14.sys [] S0 Winff74;Winff74;D:\WINDOWS\system32\Drivers\Winff74.sys [] S2 gupdate1c8c104853bc198;Google Update Service (gupdate1c8c104853bc198);D:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2008-07-09 09:22] S3 FXDrv32;FXDrv32;E:\FXDrv32.sys [] S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 08:59] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [] S3 XDva120;XDva120;D:\WINDOWS\system32\XDva120.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{901264ee-20dd-11dd-b705-001c25463545}] \Shell\AutoRun\command - NTsys.exe \Shell\explore\Command - NTsys.exe \Shell\open\Command - NTsys.exe *Newly Created Service* - CATCHME . Conteúdo da pasta 'Tarefas Agendadas' "2008-04-16 16:14:59 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe "2008-07-15 11:14:03 D:\WINDOWS\Tasks\GoogleUpdateTask.job" - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-15 08:35:10 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-07-15 8:36:18 ComboFix-quarantined-files.txt 2008-07-15 11:35:45 ComboFix2.txt 2008-07-14 18:42:57 ComboFix3.txt 2008-06-24 13:38:58 Pre-Run: 166,018,048,000 bytes disponíveis Post-Run: 166,066,368,512 bytes disponíveis WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 221 Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Julho 15, 2008 - Faça o download do SDFix: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix) - Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização); 1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat 2. Tecle Y para que a ferramenta inicie o processo de remoção 3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente 4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla. 5. Uma janela com o relatório do SDFix irá aparecer. 6. Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt. - Gere novo log do HijackThis e cole na sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Yeshu'a 0 Denunciar post Postado Julho 15, 2008 SDFix: Version 1.205 Run by UserName on ter 15/07/2008 at 17:44 Microsoft Windows XP [versÆo 5.1.2600] Running From: D:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: D:\WINDOWS\lsas.exe - Deleted D:\WINDOWS\system32\sms.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-15 17:50:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="D:\Arquivos de programas\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:a7,2b,5d,89,75,a7,18,1a,6e,3d,40,62,19,be,76,9b,9a,c5,47,10,2b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,65,17,2e,86,93,93,c7,42,e5,e5,c7,58,23,32,da,d4,1b,.. "khjeh"=hex:b2,8a,0e,27,4e,e1,e5,6a,33,f9,44,e4,de,6a,d6,d1,82,3e,a7,36,e5,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:9a,1b,2c,60,60,82,2d,d8,34,4c,9a,39,0d,d6,18,56,2b,f2,a5,d1,cf,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="D:\Arquivos de programas\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:a7,2b,5d,89,75,a7,18,1a,6e,3d,40,62,19,be,76,9b,9a,c5,47,10,2b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,65,17,2e,86,93,93,c7,42,e5,e5,c7,58,23,32,da,d4,1b,.. "khjeh"=hex:b2,8a,0e,27,4e,e1,e5,6a,33,f9,44,e4,de,6a,d6,d1,82,3e,a7,36,e5,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:9a,1b,2c,60,60,82,2d,d8,34,4c,9a,39,0d,d6,18,56,2b,f2,a5,d1,cf,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"="D:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit" "D:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"="D:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit" "D:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"="D:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" "D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\\WINDOWS\\system32\\LMabcoms.exe"="D:\\WINDOWS\\system32\\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP" "D:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="D:\\Arquivos de programas\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" "D:\\Arquivos de programas\\LimeWire\\LimeWire.exe"="D:\\Arquivos de programas\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "D:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"="D:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Santander\\Gerenciador de Arquivos\\Bin\\Listener.exe"="C:\\Santander\\Gerenciador de Arquivos\\Bin\\Listener.exe:*:Enabled:Listener" "D:\\Arquivos de programas\\eMule\\emule.exe"="D:\\Arquivos de programas\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"="C:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3" "D:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe"="D:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player" "D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"="C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe:*:Enabled:Apache HTTP Server" "D:\\Arquivos de programas\\iTunes\\iTunes.exe"="D:\\Arquivos de programas\\iTunes\\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - D:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 28 Jan 2008 1,404,240 A.SHR --- "D:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "D:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" Sun 23 Mar 2008 72,704 ..SHR --- "D:\Arquivos de programas\eRightSoft\SUPER\Setup.exe" Thu 26 Apr 2007 338 A..HR --- "D:\WINDOWS\Resources\Logon\NewLogo.reg" Tue 8 Apr 2008 1,123,880 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\44e979936d19a4e833746e7d6f8e194d\BIT44DE.tmp" Tue 6 May 2008 8,300 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4CB.tmp" Tue 6 May 2008 3,048 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4CC.tmp" Tue 6 May 2008 5,583 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4CD.tmp" Tue 6 May 2008 12,679 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4CE.tmp" Tue 6 May 2008 6,909 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4CF.tmp" Tue 6 May 2008 3,852 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4D0.tmp" Tue 6 May 2008 2,747 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4D1.tmp" Tue 6 May 2008 3,840 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4D2.tmp" Mon 5 May 2008 11,163 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4D3.tmp" Tue 6 May 2008 35 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4D4.tmp" Tue 6 May 2008 35 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\yexords.deviantart.com~gallery\BIT4C8.tmp" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:54:38, on 15/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Arquivos de programas\Google\Update\GoogleUpdate.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Arquivos de programas\Bonjour\mDNSResponder.exe D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\system32\notepad.exe D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe D:\WINDOWS\system32\igfxtray.exe D:\WINDOWS\system32\hkcmd.exe D:\WINDOWS\system32\igfxpers.exe D:\WINDOWS\system32\igfxsrvc.exe D:\WINDOWS\RTHDCPL.EXE D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Arquivos de programas\TopDesk\topdesk.exe D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe D:\Arquivos de programas\iTunes\iTunesHelper.exe D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Arquivos de programas\Orbitdownloader\orbitdm.exe D:\Arquivos de programas\iPod\bin\iPodService.exe D:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file) O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TopDesk] D:\Arquivos de programas\TopDesk\topdesk.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &List Stylesheets - D:\WINDOWS\Web\CSS_Stylesheets.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html O9 - Extra 'Tools' menuitem: &List Stylesheets - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 9988 bytes Ae o avira não acho mais nada qnd ligei o pc Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Julho 19, 2008 Desculpe a demora. ;) Acesse o scan online da Kaspersky Só funciona com o Internet Explorer! Clique no botão Clique em I Accept. Vai aparecer na barra de informações que o site está pedindo para instalar o controle ActiveX. Confirme. Aguarde a instalação e a atualização (demora um pouco), então clique em Scan Settings. Em Scan Settings, deixe as opções abaixo marcadas: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases e clique em OK. Na próxima página, clique em My Computer para inicie o scan. O scan é demorado, tenha paciência. Ao final do scan, clique em Save as text para salvar o log. Poste o log do Kaspersky mais um do Hijackthis. Compartilhar este post Link para o post Compartilhar em outros sites
Yeshu'a 0 Denunciar post Postado Julho 23, 2008 Desculpe a demora tbm :rolleyes: Log do HiJackTHis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:36:40, on 23/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Arquivos de programas\Google\Update\GoogleUpdate.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe D:\WINDOWS\system32\igfxtray.exe D:\WINDOWS\system32\igfxsrvc.exe D:\WINDOWS\system32\hkcmd.exe D:\WINDOWS\system32\igfxpers.exe D:\WINDOWS\RTHDCPL.EXE C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe D:\Arquivos de programas\iTunes\iTunesHelper.exe D:\WINDOWS\system32\ctfmon.exe D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe D:\Arquivos de programas\Bonjour\mDNSResponder.exe D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\wscntfy.exe D:\Arquivos de programas\iPod\bin\iPodService.exe D:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Orbitdownloader\orbitdm.exe D:\Arquivos de programas\Google\Google Talk\googletalk.exe D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe D:\Arquivos de programas\iTunes\iTunes.exe D:\Arquivos de programas\Last.fm\LastFM.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\distnoted.exe D:\Arquivos de programas\Safari\Safari.exe D:\Arquivos de programas\Mozilla Thunderbird\thunderbird.exe D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\SyncServer.exe C:\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: CIEStub Class - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - D:\WINDOWS\system32\amcis2.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de programas\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RK Launcher] "D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &List Stylesheets - D:\WINDOWS\Web\CSS_Stylesheets.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html O9 - Extra 'Tools' menuitem: &List Stylesheets - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 11115 bytes Kaspersky -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, July 23, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, July 23, 2008 09:32:37 Records in database: 996706 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 138809 Threat name: 4 Infected objects: 18 Suspicious objects: 0 Duration of the scan: 02:50:41 File name / Threat name / Threats count D:\Arquivos de programas\Aureate\Group Mail\ajj.exe Infected: not-a-virus:AdWare.Win32.Aureate.d 1 D:\Documents and Settings\Default User\7zS887.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1 D:\Documents and Settings\UserName\7zS887.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1 D:\Downloads\Utils\Instalers\agmfree.exe Infected: not-a-virus:AdWare.Win32.Aureate.d 2 D:\Downloads\Utils\Instalers\agmfree.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 5 D:\Incomplete\T-5745425-digging for fire pixies.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 D:\WINDOWS\system32\adimage.dll Infected: not-a-virus:AdWare.Win32.Aureate.a 1 D:\WINDOWS\system32\ajj.exe Infected: not-a-virus:AdWare.Win32.Aureate.d 1 D:\WINDOWS\system32\Amcis2.dll Infected: not-a-virus:AdWare.Win32.Aureate.a 1 D:\WINDOWS\system32\config\systemprofile\7zS887.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1 D:\WINDOWS\system32\htmdeng.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 1 D:\WINDOWS\system32\IPCClient.dll Infected: not-a-virus:AdWare.Win32.Aureate.a 1 D:\WINDOWS\system32\msipcsv.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 1 The selected area was scanned. Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Julho 24, 2008 Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento. Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt. File::D:\Documents and Settings\Default User\7zS887.tmp\cmdow.exe D:\Documents and Settings\UserName\7zS887.tmp\cmdow.exe D:\Downloads\Utils\Instalers\agmfree.exe D:\Downloads\Utils\Instalers\agmfree.exe D:\Incomplete\T-5745425-digging for fire pixies.mp3 D:\WINDOWS\system32\adimage.dll D:\WINDOWS\system32\ajj.exe D:\WINDOWS\system32\Amcis2.dll D:\WINDOWS\system32\config\systemprofile\7zS887.tmp\cmdow.exe D:\WINDOWS\system32\htmdeng.exe D:\WINDOWS\system32\IPCClient.dll D:\WINDOWS\system32\msipcsv.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{901264ee-20dd-11dd-b705-001c25463545}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "lsas"=- Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos. Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo. O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Poste-o junto com o novo log do hijackthis Faça também um novo scan com o kaspersky Compartilhar este post Link para o post Compartilhar em outros sites
Yeshu'a 0 Denunciar post Postado Julho 24, 2008 ComboFix 08-07-13.14 - UserName 2008-07-24 10:05:27.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1576 [GMT -3:00] Executando de: D:\Documents and Settings\UserName\Desktop\Security\ComboFix.exe Command switches used :: D:\Documents and Settings\UserName\Desktop\CFScript.txt * Criado um novo ponto de restauro FILE :: D:\Documents and Settings\Default User\7zS887.tmp\cmdow.exe D:\Documents and Settings\UserName\7zS887.tmp\cmdow.exe D:\Downloads\Utils\Instalers\agmfree.exe D:\Incomplete\T-5745425-digging for fire pixies.mp3 D:\WINDOWS\system32\adimage.dll D:\WINDOWS\system32\ajj.exe D:\WINDOWS\system32\Amcis2.dll D:\WINDOWS\system32\config\systemprofile\7zS887.tmp\cmdow.exe D:\WINDOWS\system32\htmdeng.exe D:\WINDOWS\system32\IPCClient.dll D:\WINDOWS\system32\msipcsv.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat D:\Documents and Settings\Default User\7zS887.tmp\cmdow.exe D:\Documents and Settings\UserName\7zS887.tmp\cmdow.exe D:\Downloads\Utils\Instalers\agmfree.exe D:\Incomplete\T-5745425-digging for fire pixies.mp3 D:\WINDOWS\system32\adimage.dll D:\WINDOWS\system32\ajj.exe D:\WINDOWS\system32\Amcis2.dll D:\WINDOWS\system32\config\systemprofile\7zS887.tmp\cmdow.exe D:\WINDOWS\system32\htmdeng.exe D:\WINDOWS\system32\IPCClient.dll D:\WINDOWS\system32\msipcsv.exe ----- BITS: Possible infected sites ----- hxxp://cr . ((((((((((((((((((((((( Ficheiros criados de 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))) . 2008-07-22 15:28 . 2008-07-22 15:53 21,840 --a----t- D:\WINDOWS\system32\SIntfNT.dll 2008-07-22 15:28 . 2008-07-22 15:53 17,212 --a----t- D:\WINDOWS\system32\SIntf32.dll 2008-07-22 15:28 . 2008-07-22 15:53 12,067 --a----t- D:\WINDOWS\system32\SIntf16.dll 2008-07-22 15:27 . 2008-07-22 15:27 94,208 --a------ D:\WINDOWS\DIIUnin.exe 2008-07-22 15:27 . 2008-07-22 15:31 38,731 --a------ D:\WINDOWS\DIIUnin.dat 2008-07-22 15:27 . 2008-07-22 15:27 2,829 --a------ D:\WINDOWS\DIIUnin.pif 2008-07-22 15:26 . 2008-07-22 15:32 <DIR> d-------- D:\Arquivos de programas\Diablo II 2008-07-22 10:03 . 2008-07-22 16:44 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\DiskAid 2008-07-22 10:03 . 2008-07-22 10:03 <DIR> d-------- D:\Arquivos de programas\DigiDNA 2008-07-21 08:18 . 2008-07-21 08:18 <DIR> d-------- D:\Arquivos de programas\blinkx Brasil 2008-07-15 17:41 . 2008-07-15 17:41 <DIR> d-------- D:\WINDOWS\ERUNT 2008-07-15 17:30 . 2008-07-15 17:52 <DIR> d-------- D:\SDFix 2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais 2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\UserName\Configuraþ§es locais 2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\NetworkService\Configuraþ§es locais 2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\LocalService\Configuraþ§es locais 2008-07-14 08:21 . 2008-07-14 13:19 192,512 --a------ D:\WINDOWS\system32\cbOCR.dll 2008-07-11 11:40 . 2008-07-11 11:39 46,320 --a------ D:\WINDOWS\php.ini 2008-07-11 11:37 . 2008-05-02 18:07 4,874,301 --a------ D:\WINDOWS\system32\php5ts.dll 2008-07-11 11:37 . 2008-05-02 18:07 2,076,672 --a------ D:\WINDOWS\system32\libmysql.dll 2008-07-09 11:49 . 2008-07-09 11:49 <DIR> d--h----- D:\WINDOWS\amcdl 2008-07-08 16:04 . 2008-07-08 16:04 <DIR> d-------- D:\Arquivos de programas\MySQL 2008-07-08 15:55 . 2008-07-08 15:55 <DIR> d-------- D:\Arquivos de programas\Apache Software Foundation 2008-07-08 09:32 . 2008-07-08 09:32 <DIR> d-------- D:\Arquivos de programas\FileZilla FTP Client 2008-07-07 11:24 . 2008-06-10 02:32 73,728 --a------ D:\WINDOWS\system32\javacpl.cpl 2008-07-07 11:22 . 2008-07-07 11:22 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\Java 2008-07-03 09:23 . 2008-07-03 09:24 <DIR> d-------- D:\Arquivos de programas\Microsoft Works 2008-07-03 09:16 . 2008-07-03 09:16 <DIR> dr-h----- D:\MSOCache 2008-06-30 16:18 . 2008-07-08 15:30 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help 2008-06-30 14:53 . 2008-06-30 14:53 <DIR> d-------- D:\WINDOWS\system32\pt-br 2008-06-30 14:50 . 2008-06-30 14:50 <DIR> d--h----- D:\WINDOWS\$hf_mig$ 2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Avira 2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Arquivos de programas\Avira 2008-06-26 13:10 . 2008-06-26 13:10 <DIR> d-------- D:\Arquivos de programas\ahead 2008-06-26 13:10 . 2008-06-26 13:10 831,488 --------- D:\WINDOWS\UNMRW.exe 2008-06-26 13:10 . 2008-06-26 13:10 155,648 --------- D:\WINDOWS\system32\NeroCheck.exe 2008-06-26 13:10 . 2008-06-26 13:10 70,532 --------- D:\WINDOWS\UNMRW.cfg 2008-06-26 13:10 . 2008-06-26 13:10 7,582 --------- D:\WINDOWS\system32\drivers\incdrm.sys 2008-06-26 09:57 . 2008-06-26 09:57 <DIR> d-------- D:\Arquivos de programas\Yahoo! 2008-06-26 08:26 . 2008-06-26 08:26 238,532 --a------ D:\WINDOWS\system32\sns.exe 2008-06-25 16:59 . 2008-06-25 16:59 371,158 --a------ D:\WINDOWS\system32\terum.exe 2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\WebApps 2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Prism 2008-06-24 10:20 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll 2008-06-24 10:20 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll 2008-06-24 10:20 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-24 13:04 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Orbit 2008-07-24 13:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\uTorrent 2008-07-24 11:44 --------- d-----w D:\Arquivos de programas\Mozilla Thunderbird 2008-07-24 11:34 --------- d-----w D:\Arquivos de programas\Flock 2008-07-23 13:21 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Google Updater 2008-07-23 11:22 --------- d-----w D:\Arquivos de programas\Orbitdownloader 2008-07-21 13:35 --------- d-----w D:\Arquivos de programas\Java 2008-07-18 21:01 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-07-18 20:07 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\FileZilla 2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iTunes 2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iPod 2008-07-10 12:35 32,000 ----a-w D:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-09 21:14 --------- d-----w D:\Arquivos de programas\Google 2008-06-26 19:27 --------- d-----w D:\Arquivos de programas\ESET 2008-06-25 12:53 --------- d-----w D:\Arquivos de programas\eMule 2008-06-18 19:39 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Flock 2008-06-18 19:15 --------- d-----w D:\Arquivos de programas\JC-Email Direct Express 4.2 2008-06-18 18:46 --------- d-----w D:\Arquivos de programas\Cheat Engine 2008-06-17 18:36 --------- d-----w D:\Arquivos de programas\iShut 2008-06-17 18:35 --------- d-----w D:\Arquivos de programas\RK Launcher 2008-06-17 18:35 --------- d-----w D:\Arquivos de programas\Address Book 2008-06-17 17:42 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus! 2008-06-17 17:39 --------- d-----w D:\Arquivos de programas\Messenger Plus! Live 2008-06-16 21:07 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\GrabPro 2008-06-16 18:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Apple Computer 2008-06-16 13:24 --------- d-----w D:\Arquivos de programas\Shock Utility 2008-06-16 11:24 --------- d-----w D:\Arquivos de programas\DAEMON Tools Lite 2008-06-13 18:21 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys 2008-06-13 18:21 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\DAEMON Tools 2008-06-12 18:42 --------- d-----w D:\Arquivos de programas\Safari 2008-06-11 13:55 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Ahead 2008-06-10 11:34 --------- d-----w D:\Arquivos de programas\QuickTime 2008-06-09 17:08 --------- d-----w D:\Arquivos de programas\Magic Swf2Avi 2008 2008-06-03 19:30 --------- d-----w D:\Arquivos de programas\Last.fm 2008-06-02 14:06 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Last.fm 2008-05-28 00:05 --------- d-----w D:\Arquivos de programas\True Transparency 2008-05-27 16:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\iSproggler 2008-05-27 13:58 --------- d-----w D:\Arquivos de programas\AviSynth 2.5 2008-05-27 13:04 --------- d-----w D:\Arquivos de programas\Bonjour 2008-05-27 12:50 --------- d-----w D:\Arquivos de programas\iPod(2) 2008-05-26 14:33 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\LimeWire 2008-05-26 14:14 --------- d-----w D:\Arquivos de programas\Red Kawa 2008-05-26 13:44 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Any Video Converter 2008-05-26 12:31 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer 2008-05-26 12:30 --------- d-----w D:\Arquivos de programas\Arquivos comuns\Apple 2008-05-26 12:26 --------- d-----w D:\Arquivos de programas\eRightSoft 2004-02-12 20:25 65,536 ----a-w D:\Arquivos de programas\internet explorer\plugins\CSSEdit.dll . ------- Sigcheck ------- 2007-06-26 08:02 359040 27a5959c94ee173a063ca06bd14f021a D:\WINDOWS\system32\drivers\tcpip.sys 2007-04-26 17:10 1778688 8a9fbd4c096cb4467df00687703bd086 D:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-07-14_15.42.22.07 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-15 02:41:59 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-07-15 20:41:23 6,623,232 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat + 2008-07-15 20:41:23 286,720 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-07-15 02:41:59 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-07-15 20:41:21 6,623,232 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat + 2008-07-15 20:41:21 286,720 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2008-03-04 16:28:53 79,424 ----a-w D:\WINDOWS\system32\drivers\avipbb.sys + 2008-07-18 11:25:44 75,072 ----a-w D:\WINDOWS\system32\drivers\avipbb.sys - 2008-03-25 04:28:39 135,168 ----a-w D:\WINDOWS\system32\java.exe + 2008-06-10 04:21:01 135,168 ----a-w D:\WINDOWS\system32\java.exe - 2008-03-25 04:28:43 135,168 ----a-w D:\WINDOWS\system32\javaw.exe + 2008-06-10 04:21:04 135,168 ----a-w D:\WINDOWS\system32\javaw.exe - 2008-03-25 05:37:01 139,264 ----a-w D:\WINDOWS\system32\javaws.exe + 2008-06-10 05:32:34 139,264 ----a-w D:\WINDOWS\system32\javaws.exe - 2008-03-24 23:21:00 218,496 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-03-25 03:21:20 218,496 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe - 2008-06-26 12:57:38 74,137 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2008-07-21 11:18:28 74,137 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2008-07-18 18:59:42 70,264 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360] "msnmsgr"="D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "DAEMON Tools Lite"="D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856] "SpybotSD TeaTimer"="D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "swg"="D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 10:45 68856] "RK Launcher"="D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe" [2007-03-16 17:05 708608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Vistadrv"="D:\WINDOWS\HDbar\vsdrv.exe" [2006-07-30 02:37 121089] "UnlockerAssistant"="D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872] "IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2007-04-20 02:57 142104] "HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2007-04-20 02:57 162584] "Persistence"="D:\WINDOWS\system32\igfxpers.exe" [2007-04-20 02:57 138008] "Adobe Reader Speed Launcher"="D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "G4Listener"="C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" [2008-01-11 12:00 93184] "QuickTime Task"="D:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "avgnt"="D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 08:25 266497] "SunJavaUpdateSched"="D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "AppleSyncNotifier"="D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "iTunesHelper"="D:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 D:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360] D:\WINDOWS\system32\config\systemprofile\Menu Iniciar\Programas\Inicializar\ ObjectDock.lnk - D:\Arquivos de programas\OBjectDock\ObjectDock.exe [2008-03-12 13:57:04 1826885] UberIcon.lnk - D:\Arquivos de programas\UberIcon\UberIcon Manager.exe [2008-03-12 13:54:21 188416] VisualTaskTips.lnk - D:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe [2008-03-12 13:54:22 36864] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="%windir%\\Resources\\Logon\\Newlogo.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.CSCD"= camcodec.dll "vidc.ffds"= D:\ARQUIV~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nsd22.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uap14.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff74.sys] @="Driver" [HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^UberIcon.lnk] path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\UberIcon.lnk backup=D:\WINDOWS\pss\UberIcon.lnkStartup [HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^VisualTaskTips.lnk] path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\VisualTaskTips.lnk backup=D:\WINDOWS\pss\VisualTaskTips.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "D:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "D:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"= "D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "D:\\WINDOWS\\system32\\LMabcoms.exe"= "D:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "D:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "D:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "C:\\Santander\\Gerenciador de Arquivos\\Bin\\Listener.exe"= "D:\\Arquivos de programas\\eMule\\emule.exe"= "C:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "D:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe"= "D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= "D:\\Arquivos de programas\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8322:TCP"= 8322:TCP:BitComet 8322 TCP "8322:UDP"= 8322:UDP:BitComet 8322 UDP S0 Nsd22;Nsd22;D:\WINDOWS\system32\Drivers\Nsd22.sys [] S0 Uap14;Uap14;D:\WINDOWS\system32\Drivers\Uap14.sys [] S0 Winff74;Winff74;D:\WINDOWS\system32\Drivers\Winff74.sys [] S2 gupdate1c8c104853bc198;Google Update Service (gupdate1c8c104853bc198);D:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2008-07-09 09:22] S3 FXDrv32;FXDrv32;E:\FXDrv32.sys [] S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 08:59] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [] S3 XDva120;XDva120;D:\WINDOWS\system32\XDva120.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Conteúdo da pasta 'Tarefas Agendadas' "2008-04-16 16:14:59 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe "2008-07-24 11:22:09 D:\WINDOWS\Tasks\GoogleUpdateTask.job" - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-24 10:07:25 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-07-24 10:09:24 ComboFix-quarantined-files.txt 2008-07-24 13:08:55 ComboFix2.txt 2008-07-15 11:36:19 ComboFix3.txt 2008-07-14 18:42:57 ComboFix4.txt 2008-06-24 13:38:58 Pre-Run: 157,779,755,008 bytes disponíveis Post-Run: 157,832,237,056 bytes disponíveis 268 -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, July 23, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, July 23, 2008 09:32:37 Records in database: 996706 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 138809 Threat name: 4 Infected objects: 18 Suspicious objects: 0 Duration of the scan: 02:50:41 File name / Threat name / Threats count D:\Arquivos de programas\Aureate\Group Mail\ajj.exe Infected: not-a-virus:AdWare.Win32.Aureate.d 1 D:\Documents and Settings\Default User\7zS887.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1 D:\Documents and Settings\UserName\7zS887.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1 D:\Downloads\Utils\Instalers\agmfree.exe Infected: not-a-virus:AdWare.Win32.Aureate.d 2 D:\Downloads\Utils\Instalers\agmfree.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 5 D:\Incomplete\T-5745425-digging for fire pixies.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 D:\WINDOWS\system32\adimage.dll Infected: not-a-virus:AdWare.Win32.Aureate.a 1 D:\WINDOWS\system32\ajj.exe Infected: not-a-virus:AdWare.Win32.Aureate.d 1 D:\WINDOWS\system32\Amcis2.dll Infected: not-a-virus:AdWare.Win32.Aureate.a 1 D:\WINDOWS\system32\config\systemprofile\7zS887.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1 D:\WINDOWS\system32\htmdeng.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 1 D:\WINDOWS\system32\IPCClient.dll Infected: not-a-virus:AdWare.Win32.Aureate.a 1 D:\WINDOWS\system32\msipcsv.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 1 The selected area was scanned. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:10:57, on 24/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Arquivos de programas\Google\Update\GoogleUpdate.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\WINDOWS\system32\igfxtray.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\WINDOWS\system32\hkcmd.exe D:\WINDOWS\system32\igfxsrvc.exe D:\WINDOWS\system32\igfxpers.exe D:\Arquivos de programas\Bonjour\mDNSResponder.exe D:\WINDOWS\RTHDCPL.EXE D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe D:\Arquivos de programas\iTunes\iTunesHelper.exe D:\WINDOWS\system32\ctfmon.exe D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\WINDOWS\system32\wscntfy.exe D:\Arquivos de programas\iPod\bin\iPodService.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe D:\WINDOWS\system32\notepad.exe D:\WINDOWS\explorer.exe C:\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - (no file) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de programas\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RK Launcher] "D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &List Stylesheets - D:\WINDOWS\Web\CSS_Stylesheets.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html O9 - Extra 'Tools' menuitem: &List Stylesheets - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 10002 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Julho 25, 2008 Faça o donwload do Kill Box - Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em abaixo na caixa cinza, selecionando-a e clicando com o botão direito do mouse -> copiar... D:\Arquivos de programas\Google\Update\GoogleUpdate.exe No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no . ... e responda Não à pergunta. Reinicie o mirco em modo seguro. Rode o hijackthis, e clique em Do a System Scan Only e marque as entradas abaixo na caixa cinza O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: &List Stylesheets - D:\WINDOWS\Web\CSS_Stylesheets.html O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe Ao final da seleção, clique em Fix Checked... @- Reinicie em modo normal. @- Copie o(s) log(s) do Hijack (atualizado) e cole-o(s) na sequência. Compartilhar este post Link para o post Compartilhar em outros sites
Yeshu'a 0 Denunciar post Postado Julho 25, 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:54:48, on 25/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Arquivos de programas\Bonjour\mDNSResponder.exe D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe D:\WINDOWS\system32\igfxtray.exe D:\WINDOWS\system32\hkcmd.exe D:\WINDOWS\system32\igfxsrvc.exe D:\WINDOWS\system32\igfxpers.exe D:\WINDOWS\RTHDCPL.EXE D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe D:\Arquivos de programas\iTunes\iTunesHelper.exe D:\WINDOWS\system32\ctfmon.exe D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe D:\Arquivos de programas\Orbitdownloader\orbitdm.exe D:\WINDOWS\system32\wscntfy.exe D:\Arquivos de programas\Orbitdownloader\orbitnet.exe D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe D:\Arquivos de programas\iPod\bin\iPodService.exe D:\WINDOWS\system32\dwwin.exe D:\WINDOWS\system32\wuauclt.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\dumprep.exe D:\WINDOWS\system32\dwwin.exe C:\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: CIEStub Class - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - D:\WINDOWS\system32\amcis.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de programas\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RK Launcher] "D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - AppInit_DLLs: D:\ARQUIV~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gerenciador do Google Desktop 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Unknown owner - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 9966 bytes Cara uma perguntinha, o Listener que você mando eu apaga agora pouco, não faz parte do Gerenciador do Satander?? Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Julho 25, 2008 Opa!, Faça o download do Spyware Terminator 2.3.0.481 O Spyware Terminator é uma das ferramentas mais famosas para combater os temidos spywares. Este tipo de praga é responsável por instalar propagandas, mudar configurações do computador e até mesmo roubar informações do usuário sem o consentimento dele. Além disso, são pragas bem comuns na Internet e muito fáceis de serem adquiridas, principalmente em computadores que não possuem uma camada proteção eficiente contra elas, como o Spyware Terminator. Esta ferramenta tem um alto potencial de combate a esse tipo de pragas, sendo considerado um dos melhores aplicativos para esse fim. Além do poderio de detecção, oferece proteção em tempo real, também conhecida como proteção residente, para prevenir o computador de novas contaminações ao longo de seu uso, o ponto forte do aplicativo. Faça um scan em seu micro com a ferramenta depois poste um novo log do hijackthis. Compartilhar este post Link para o post Compartilhar em outros sites
Yeshu'a 0 Denunciar post Postado Julho 28, 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:00:06, on 28/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Arquivos de programas\Bonjour\mDNSResponder.exe D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe D:\WINDOWS\system32\igfxtray.exe D:\WINDOWS\system32\hkcmd.exe D:\WINDOWS\system32\igfxsrvc.exe D:\WINDOWS\system32\igfxpers.exe D:\WINDOWS\RTHDCPL.EXE D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe D:\Arquivos de programas\iTunes\iTunesHelper.exe D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe D:\WINDOWS\system32\ctfmon.exe D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Arquivos de programas\Orbitdownloader\orbitdm.exe D:\WINDOWS\system32\wscntfy.exe D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe D:\Arquivos de programas\Orbitdownloader\orbitnet.exe D:\Arquivos de programas\iPod\bin\iPodService.exe D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe D:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe D:\WINDOWS\system32\svchost.exe D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe D:\Arquivos de programas\Palringo\palringo.exe C:\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de programas\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RK Launcher] "D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - AppInit_DLLs: D:\ARQUIV~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gerenciador do Google Desktop 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Unknown owner - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 10119 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Julho 28, 2008 Opa Yeshu'a, Reinicie o mirco em modo seguro. Rode o hijackthis, e clique em Do a System Scan Only e marque a entrada abaixo na caixa cinza O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Unknown owner - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe (file missing) Ao final da seleção, clique em Fix Checked... @- Reinicie em modo normal. @- Copie o(s) log(s) do Hijack (atualizado) e cole-o(s) na sequência. Feito isso, faça o download do combofix novamente. Abraços Compartilhar este post Link para o post Compartilhar em outros sites
Yeshu'a 0 Denunciar post Postado Julho 29, 2008 ComboFix 08-07-28.6 - UserName 2008-07-29 12:15:19.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1579 [GMT -3:00] Executando de: D:\Documents and Settings\UserName\Desktop\ComboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusäes ))))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Sites possivelmente infetados ----- http://yexords.deviantart.com http://s.deviantart.com http://pixel.quantserve.com http://www.deviantart.com http://tn1-1.pv.deviantart.com http://tn1-2.pv.deviantart.com http://st.deviantart.com . ((((((((((((((((((((((( Ficheiros criados de 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))) . 2008-07-29 12:07 . 2008-07-29 12:07 22,207,742 --a------ D:\Santander.rar 2008-07-28 09:52 . 2008-07-28 09:57 <DIR> d-------- D:\Arquivos de programas\Palringo 2008-07-28 09:25 . 2008-07-29 08:15 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Spyware Terminator 2008-07-28 09:25 . 2008-07-29 08:57 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator 2008-07-28 09:25 . 2008-07-29 08:57 <DIR> d-------- D:\Arquivos de programas\Spyware Terminator 2008-07-28 09:25 . 2008-07-28 09:25 141,312 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-07-25 16:25 . 2008-07-25 16:25 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\fretsonfire 2008-07-25 16:25 . 2008-07-25 16:30 <DIR> d-------- D:\Arquivos de programas\Frets on Fire 2008-07-25 15:16 . 2008-07-25 15:16 <DIR> d-------- D:\Arquivos de programas\FileZilla FTP Client 2008-07-25 11:02 . 1999-11-04 13:11 111,896 --a------ D:\WINDOWS\system32\Cspop32.ocx 2008-07-25 11:02 . 1999-12-11 17:02 110,592 --a------ D:\WINDOWS\system32\adimage.dll 2008-07-25 11:02 . 1999-11-22 14:31 65,536 --a------ D:\WINDOWS\system32\anadsc.ocx 2008-07-25 11:02 . 2000-01-04 14:18 57,344 --a------ D:\WINDOWS\system32\tfde.dll 2008-07-25 11:02 . 1999-11-29 13:15 53,248 --a------ D:\WINDOWS\system32\htmdeng.exe 2008-07-25 11:02 . 1999-11-23 09:21 36,864 --a------ D:\WINDOWS\system32\IPCClient.dll 2008-07-25 11:02 . 1998-12-02 10:12 20,480 --a------ D:\WINDOWS\system32\ajj.exe 2008-07-25 10:50 . 2008-07-25 10:50 912 --a------ D:\WINDOWS\megaemail.ini 2008-07-25 09:38 . 2008-07-25 09:39 <DIR> d-------- D:\!KillBox 2008-07-25 09:10 . 2008-07-25 09:10 27,136 --a------ D:\WINDOWS\~GLH0000.TMP 2008-07-24 17:25 . 2008-07-24 17:25 55 -ra------ D:\WINDOWS\amunres.lsl 2008-07-24 17:20 . 2008-07-24 17:20 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\EmailSender 2008-07-24 16:41 . 2008-07-24 17:25 <DIR> d-------- D:\Arquivos de programas\Carteiro 2008-07-24 16:41 . 2001-07-01 17:30 112,640 --a------ D:\WINDOWS\lsb_un20.exe 2008-07-24 16:12 . 2008-07-24 17:05 <DIR> d--h----- D:\WINDOWS\amc 2008-07-24 16:12 . 2008-07-24 17:05 103 --a------ D:\WINDOWS\Group Mail 2008-07-24 16:10 . 1999-10-22 11:30 448,248 --a------ D:\WINDOWS\system32\sstbars2.ocx 2008-07-24 16:10 . 1999-09-02 10:18 290,816 --a------ D:\WINDOWS\system32\sstabs2.ocx 2008-07-24 16:10 . 1999-06-04 12:20 102,272 --a------ D:\WINDOWS\system32\pop40.ocx 2008-07-24 16:10 . 1999-04-01 14:52 45,056 --a------ D:\WINDOWS\system32\amcis.dll 2008-07-24 16:00 . 1995-05-22 08:00 640,512 --------- D:\WINDOWS\system32\Oc30.dll 2008-07-24 16:00 . 1998-07-14 14:54 362,552 --------- D:\WINDOWS\system32\sstbars.ocx 2008-07-24 16:00 . 1999-01-29 15:25 332,800 --------- D:\WINDOWS\system32\AdvertX.ocx 2008-07-24 16:00 . 1997-02-24 17:04 264,288 --a------ D:\WINDOWS\system32\American.vtd 2008-07-24 16:00 . 1999-05-07 00:00 209,408 --------- D:\WINDOWS\system32\Tabctl32.ocx 2008-07-24 16:00 . 1995-10-11 01:00 133,904 --------- D:\WINDOWS\system32\Mfcans32.dll 2008-07-24 16:00 . 1999-06-08 13:50 97,280 --a------ D:\WINDOWS\system32\Vspell32.ocx 2008-07-24 16:00 . 1997-02-24 17:44 70,656 --a------ D:\WINDOWS\system32\Vspell32.dll 2008-07-24 16:00 . 1998-07-15 00:03 54,784 --a------ D:\WINDOWS\system32\Netcod33.ocx 2008-07-24 16:00 . 1997-02-24 17:04 15,819 --a------ D:\WINDOWS\system32\Vspeller.hlp 2008-07-22 15:28 . 2008-07-22 15:53 21,840 --a----t- D:\WINDOWS\system32\SIntfNT.dll 2008-07-22 15:28 . 2008-07-22 15:53 17,212 --a----t- D:\WINDOWS\system32\SIntf32.dll 2008-07-22 15:28 . 2008-07-22 15:53 12,067 --a----t- D:\WINDOWS\system32\SIntf16.dll 2008-07-22 15:26 . 2008-07-28 09:56 <DIR> d-------- D:\Arquivos de programas\Diablo II 2008-07-22 10:03 . 2008-07-28 15:50 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\DiskAid 2008-07-22 10:03 . 2008-07-22 10:03 <DIR> d-------- D:\Arquivos de programas\DigiDNA 2008-07-15 17:41 . 2008-07-15 17:41 <DIR> d-------- D:\WINDOWS\ERUNT 2008-07-15 17:30 . 2008-07-15 17:52 <DIR> d-------- D:\SDFix 2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\WINDOWS\system32\config\systemprofile\Configurações locais 2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\UserName\Configurações locais 2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\NetworkService\Configurações locais 2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\LocalService\Configurações locais 2008-07-14 08:21 . 2008-07-14 13:19 192,512 --a------ D:\WINDOWS\system32\cbOCR.dll 2008-07-11 11:40 . 2008-07-11 11:39 46,320 --a------ D:\WINDOWS\php.ini 2008-07-11 11:37 . 2008-05-02 18:07 4,874,301 --a------ D:\WINDOWS\system32\php5ts.dll 2008-07-11 11:37 . 2008-05-02 18:07 2,076,672 --a------ D:\WINDOWS\system32\libmysql.dll 2008-07-09 11:49 . 2008-07-09 11:49 <DIR> d--h----- D:\WINDOWS\amcdl 2008-07-08 16:04 . 2008-07-08 16:04 <DIR> d-------- D:\Arquivos de programas\MySQL 2008-07-08 15:55 . 2008-07-08 15:55 <DIR> d-------- D:\Arquivos de programas\Apache Software Foundation 2008-07-07 11:24 . 2008-06-10 02:32 73,728 --a------ D:\WINDOWS\system32\javacpl.cpl 2008-07-07 11:22 . 2008-07-07 11:22 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\Java 2008-07-03 09:23 . 2008-07-03 09:24 <DIR> d-------- D:\Arquivos de programas\Microsoft Works 2008-07-03 09:16 . 2008-07-03 09:16 <DIR> dr-h----- D:\MSOCache 2008-06-30 16:18 . 2008-07-08 15:30 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help 2008-06-30 14:53 . 2008-06-30 14:53 <DIR> d-------- D:\WINDOWS\system32\pt-br 2008-06-30 14:50 . 2008-06-30 14:50 <DIR> d--h----- D:\WINDOWS\$hf_mig$ . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-29 15:14 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Orbit 2008-07-29 14:45 --------- d-----w D:\Arquivos de programas\Orbitdownloader 2008-07-29 12:56 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Google Updater 2008-07-29 12:45 --------- d-----w D:\Arquivos de programas\Flock 2008-07-29 12:16 --------- d-----w D:\Arquivos de programas\Mozilla Thunderbird 2008-07-28 22:26 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\uTorrent 2008-07-28 20:41 --------- d--h--w D:\Arquivos de programas\InstallShield Installation Information 2008-07-28 12:56 --------- d-----w D:\Arquivos de programas\Aureate 2008-07-28 11:50 --------- d-----w D:\Arquivos de programas\Yahoo! 2008-07-25 19:23 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\FileZilla 2008-07-25 16:21 --------- d-----w D:\Arquivos de programas\eMule 2008-07-24 17:56 --------- d-----w D:\Arquivos de programas\Google 2008-07-21 13:35 --------- d-----w D:\Arquivos de programas\Java 2008-07-18 21:01 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iTunes 2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iPod 2008-07-10 12:35 32,000 ----a-w D:\WINDOWS\system32\drivers\usbaapl.sys 2008-06-26 19:27 --------- d-----w D:\Arquivos de programas\ESET 2008-06-26 18:48 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Avira 2008-06-26 18:48 --------- d-----w D:\Arquivos de programas\Avira 2008-06-26 16:10 831,488 ------w D:\WINDOWS\UNMRW.exe 2008-06-26 16:10 7,582 ------w D:\WINDOWS\system32\drivers\incdrm.sys 2008-06-26 16:10 155,648 ------w D:\WINDOWS\system32\NeroCheck.exe 2008-06-26 16:10 --------- d-----w D:\Arquivos de programas\ahead 2008-06-26 11:26 238,532 ----a-w D:\WINDOWS\system32\sns.exe 2008-06-25 19:59 371,158 ----a-w D:\WINDOWS\system32\terum.exe 2008-06-24 18:35 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\WebApps 2008-06-24 18:35 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Prism 2008-06-18 19:39 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Flock 2008-06-18 19:15 --------- d-----w D:\Arquivos de programas\JC-Email Direct Express 4.2 2008-06-18 18:46 --------- d-----w D:\Arquivos de programas\Cheat Engine 2008-06-17 18:36 --------- d-----w D:\Arquivos de programas\iShut 2008-06-17 18:35 --------- d-----w D:\Arquivos de programas\RK Launcher 2008-06-17 18:35 --------- d-----w D:\Arquivos de programas\Address Book 2008-06-17 17:42 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus! 2008-06-17 17:39 --------- d-----w D:\Arquivos de programas\Messenger Plus! Live 2008-06-16 21:07 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\GrabPro 2008-06-16 18:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Apple Computer 2008-06-16 13:24 --------- d-----w D:\Arquivos de programas\Shock Utility 2008-06-16 11:24 --------- d-----w D:\Arquivos de programas\DAEMON Tools Lite 2008-06-13 18:21 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys 2008-06-13 18:21 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\DAEMON Tools 2008-06-12 18:42 --------- d-----w D:\Arquivos de programas\Safari 2008-06-11 13:55 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Ahead 2008-06-10 11:34 --------- d-----w D:\Arquivos de programas\QuickTime 2008-06-09 17:08 --------- d-----w D:\Arquivos de programas\Magic Swf2Avi 2008 2008-06-03 19:30 --------- d-----w D:\Arquivos de programas\Last.fm 2008-06-02 14:06 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Last.fm 2008-05-28 00:05 --------- d-----w D:\Arquivos de programas\True Transparency 2004-02-12 20:25 65,536 ----a-w D:\Arquivos de programas\internet explorer\plugins\CSSEdit.dll . ------- Sigcheck ------- 2007-06-26 08:02 359040 27a5959c94ee173a063ca06bd14f021a D:\WINDOWS\system32\drivers\tcpip.sys 2007-04-26 17:10 1778688 8a9fbd4c096cb4467df00687703bd086 D:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-07-14_15.42.22.07 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-15 02:41:59 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-07-15 20:41:23 6,623,232 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat + 2008-07-15 20:41:23 286,720 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-07-15 02:41:59 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-07-15 20:41:21 6,623,232 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat + 2008-07-15 20:41:21 286,720 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2008-03-04 16:28:53 79,424 ----a-w D:\WINDOWS\system32\drivers\avipbb.sys + 2008-07-18 11:25:44 75,072 ----a-w D:\WINDOWS\system32\drivers\avipbb.sys - 2008-03-25 04:28:39 135,168 ----a-w D:\WINDOWS\system32\java.exe + 2008-06-10 04:21:01 135,168 ----a-w D:\WINDOWS\system32\java.exe - 2008-03-25 04:28:43 135,168 ----a-w D:\WINDOWS\system32\javaw.exe + 2008-06-10 04:21:04 135,168 ----a-w D:\WINDOWS\system32\javaw.exe - 2008-03-25 05:37:01 139,264 ----a-w D:\WINDOWS\system32\javaws.exe + 2008-06-10 05:32:34 139,264 ----a-w D:\WINDOWS\system32\javaws.exe - 2008-03-24 23:21:00 218,496 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-03-25 03:21:20 218,496 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe - 2008-06-26 12:57:38 74,137 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2008-07-21 11:18:28 74,137 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2008-07-18 18:59:42 70,264 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe - 2008-03-10 16:38:40 297,984 ----a-w D:\WINDOWS\system32\midas.dll + 2005-01-02 15:16:18 297,984 ----a-w D:\WINDOWS\system32\midas.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360] "msnmsgr"="D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "DAEMON Tools Lite"="D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856] "SpybotSD TeaTimer"="D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "swg"="D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 10:45 68856] "RK Launcher"="D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe" [2007-03-16 17:05 708608] "Palringo"="D:\Arquivos de programas\Palringo\palringo.exe" [2008-04-29 06:48 360448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Vistadrv"="D:\WINDOWS\HDbar\vsdrv.exe" [2006-07-30 02:37 121089] "UnlockerAssistant"="D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872] "IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2007-04-20 02:57 142104] "HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2007-04-20 02:57 162584] "Persistence"="D:\WINDOWS\system32\igfxpers.exe" [2007-04-20 02:57 138008] "Adobe Reader Speed Launcher"="D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="D:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "avgnt"="D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 08:25 266497] "SunJavaUpdateSched"="D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "AppleSyncNotifier"="D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "iTunesHelper"="D:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "Google Desktop Search"="D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-24 14:56 29744] "G4Listener"="C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" [2008-01-11 12:00 93184] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 D:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360] D:\WINDOWS\system32\config\systemprofile\Menu Iniciar\Programas\Inicializar\ ObjectDock.lnk - D:\Arquivos de programas\OBjectDock\ObjectDock.exe [2008-03-12 13:57:04 1826885] UberIcon.lnk - D:\Arquivos de programas\UberIcon\UberIcon Manager.exe [2008-03-12 13:54:21 188416] VisualTaskTips.lnk - D:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe [2008-03-12 13:54:22 36864] D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\ Yahoo! Widgets.lnk - D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 19:34:48 3746856] D:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Orbit.lnk - D:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-03-12 15:03:55 1703112] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="%windir%\\Resources\\Logon\\Newlogo.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.CSCD"= camcodec.dll "vidc.ffds"= D:\ARQUIV~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nsd22.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uap14.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff74.sys] @="Driver" [HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^UberIcon.lnk] path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\UberIcon.lnk backup=D:\WINDOWS\pss\UberIcon.lnkStartup [HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^VisualTaskTips.lnk] path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\VisualTaskTips.lnk backup=D:\WINDOWS\pss\VisualTaskTips.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "D:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "D:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"= "D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "D:\\WINDOWS\\system32\\LMabcoms.exe"= "D:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "D:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "D:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "C:\\Santander\\Gerenciador de Arquivos\\Bin\\Listener.exe"= "D:\\Arquivos de programas\\eMule\\emule.exe"= "C:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "D:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe"= "D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= "D:\\Arquivos de programas\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8322:TCP"= 8322:TCP:BitComet 8322 TCP "8322:UDP"= 8322:UDP:BitComet 8322 UDP S0 Nsd22;Nsd22;D:\WINDOWS\system32\Drivers\Nsd22.sys [] S0 Uap14;Uap14;D:\WINDOWS\system32\Drivers\Uap14.sys [] S0 Winff74;Winff74;D:\WINDOWS\system32\Drivers\Winff74.sys [] S2 gupdate1c8c104853bc198;Google Update Service (gupdate1c8c104853bc198);D:\Arquivos de programas\Google\Update\GoogleUpdate.exe [] S3 FXDrv32;FXDrv32;E:\FXDrv32.sys [] S3 GoogleDesktopManager-051608-133132;Gerenciador do Google Desktop 5.7.805.16405;D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-24 14:56] S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 08:59] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [] S3 XDva120;XDva120;D:\WINDOWS\system32\XDva120.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Conte£do da pasta 'Tarefas Agendadas' 2008-04-16 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job - D:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . . ------- Ccan Suplementar ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com.br/ R0 -: HKCU-Main,Search Page = hxxp://www.google.com R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie R1 -: HKCU-Internet Settings,ProxyOverride = *.local R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie O8 -: &Download by Orbit - D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 -: &Grab video by Orbit - D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 -: &List Stylesheets O8 -: Do&wnload selected by Orbit - D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 -: Down&load all by Orbit - D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 -: E&xport to Microsoft Excel - D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 -: E&xportar para o Microsoft Excel - D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O16 -: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} - hxxps://netbanking2.banespa.com.br/OCX/TG.cab D:\WINDOWS\Downloaded Program Files\TG.ocx ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-29 12:19:51 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializ veis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . ------------------------ Outros Processos em Execu‡Æo ------------------------ . D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Arquivos de programas\Bonjour\mDNSResponder.exe D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\system32\igfxsrvc.exe D:\Arquivos de programas\iPod\bin\iPodService.exe D:\Arquivos de programas\Orbitdownloader\orbitnet.exe . ************************************************************************** . Tempo para conclusÆo: 2008-07-29 12:26:48 - Maquina reiniciou [userName] ComboFix-quarantined-files.txt 2008-07-29 15:25:52 ComboFix2.txt 2008-07-24 13:09:25 ComboFix3.txt 2008-07-15 11:36:19 ComboFix4.txt 2008-07-14 18:42:57 ComboFix5.txt 2008-07-29 15:12:28 Pre-Run: 18 pasta(s) 162,696,347,648 bytes disponíveis Post-Run: 21 pasta(s) 162,939,854,848 bytes dispon¡veis 314 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:28:40, on 29/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Arquivos de programas\Bonjour\mDNSResponder.exe D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe D:\WINDOWS\system32\wscntfy.exe D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe D:\WINDOWS\system32\igfxtray.exe D:\WINDOWS\system32\hkcmd.exe D:\WINDOWS\system32\igfxpers.exe D:\WINDOWS\RTHDCPL.EXE D:\WINDOWS\system32\igfxsrvc.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe D:\Arquivos de programas\iTunes\iTunesHelper.exe D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe D:\WINDOWS\system32\ctfmon.exe D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe D:\Arquivos de programas\Palringo\palringo.exe D:\Arquivos de programas\iPod\bin\iPodService.exe D:\Arquivos de programas\Orbitdownloader\orbitdm.exe D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe D:\Arquivos de programas\Orbitdownloader\orbitnet.exe D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe D:\WINDOWS\explorer.exe D:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de programas\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RK Launcher] "D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe" O4 - HKCU\..\Run: [Palringo] "D:\Arquivos de programas\Palringo\palringo.exe" /hidden O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Yahoo! Widgets.lnk = D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe O4 - Global Startup: RKLauncher.lnk = D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gerenciador do Google Desktop 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Unknown owner - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 10548 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Julho 29, 2008 Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento. Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt. File::D:\Arquivos de programas\Google\Update\GoogleUpdate.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Vistadrv"=- Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos. Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo. O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Poste-o junto com o novo log do hijackthis Compartilhar este post Link para o post Compartilhar em outros sites
Yeshu'a 0 Denunciar post Postado Julho 30, 2008 ComboFix 08-07-28.6 - UserName 2008-07-30 11:22:59.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1557 [GMT -3:00] Executando de: D:\Documents and Settings\UserName\Desktop\ComboFix.exe Command switches used :: D:\Documents and Settings\UserName\Desktop\CFScript.txt * Criado um novo ponto de restauro FILE :: D:\Arquivos de programas\Google\Update\GoogleUpdate.exe . ((((((((((((((((((((((( Ficheiros criados de 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))) . 2008-07-30 11:07 . 1999-11-30 17:30 294,912 --a------ D:\WINDOWS\system32\msipcsv.exe 2008-07-30 11:07 . 1999-11-23 09:23 40,960 --a------ D:\WINDOWS\system32\Amcis2.dll 2008-07-29 12:07 . 2008-07-29 12:07 22,207,742 --a------ D:\Santander.rar 2008-07-28 09:52 . 2008-07-28 09:57 <DIR> d-------- D:\Arquivos de programas\Palringo 2008-07-28 09:25 . 2008-07-29 08:15 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Spyware Terminator 2008-07-28 09:25 . 2008-07-29 08:57 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator 2008-07-28 09:25 . 2008-07-29 08:57 <DIR> d-------- D:\Arquivos de programas\Spyware Terminator 2008-07-28 09:25 . 2008-07-28 09:25 141,312 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-07-25 16:25 . 2008-07-29 16:29 <DIR> d-------- D:\Arquivos de programas\Frets on Fire 2008-07-25 15:16 . 2008-07-25 15:16 <DIR> d-------- D:\Arquivos de programas\FileZilla FTP Client 2008-07-25 11:02 . 1999-11-04 13:11 111,896 --a------ D:\WINDOWS\system32\Cspop32.ocx 2008-07-25 11:02 . 1999-12-11 17:02 110,592 --a------ D:\WINDOWS\system32\adimage.dll 2008-07-25 11:02 . 1999-11-22 14:31 65,536 --a------ D:\WINDOWS\system32\anadsc.ocx 2008-07-25 11:02 . 2000-01-04 14:18 57,344 --a------ D:\WINDOWS\system32\tfde.dll 2008-07-25 11:02 . 1999-11-29 13:15 53,248 --a------ D:\WINDOWS\system32\htmdeng.exe 2008-07-25 11:02 . 1999-11-23 09:21 36,864 --a------ D:\WINDOWS\system32\IPCClient.dll 2008-07-25 11:02 . 1998-12-02 10:12 20,480 --a------ D:\WINDOWS\system32\ajj.exe 2008-07-25 10:50 . 2008-07-25 10:50 912 --a------ D:\WINDOWS\megaemail.ini 2008-07-25 09:38 . 2008-07-25 09:39 <DIR> d-------- D:\!KillBox 2008-07-25 09:10 . 2008-07-25 09:10 27,136 --a------ D:\WINDOWS\~GLH0000.TMP 2008-07-24 17:25 . 2008-07-24 17:25 55 -ra------ D:\WINDOWS\amunres.lsl 2008-07-24 17:20 . 2008-07-24 17:20 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\EmailSender 2008-07-24 16:41 . 2008-07-24 17:25 <DIR> d-------- D:\Arquivos de programas\Carteiro 2008-07-24 16:41 . 2001-07-01 17:30 112,640 --a------ D:\WINDOWS\lsb_un20.exe 2008-07-24 16:12 . 2008-07-24 17:05 <DIR> d--h----- D:\WINDOWS\amc 2008-07-24 16:12 . 2008-07-24 17:05 103 --a------ D:\WINDOWS\Group Mail 2008-07-24 16:10 . 1999-10-22 11:30 448,248 --a------ D:\WINDOWS\system32\sstbars2.ocx 2008-07-24 16:10 . 1999-09-02 10:18 290,816 --a------ D:\WINDOWS\system32\sstabs2.ocx 2008-07-24 16:10 . 1999-06-04 12:20 102,272 --a------ D:\WINDOWS\system32\pop40.ocx 2008-07-24 16:10 . 1999-04-01 14:52 45,056 --a------ D:\WINDOWS\system32\amcis.dll 2008-07-24 16:00 . 1995-05-22 08:00 640,512 --------- D:\WINDOWS\system32\Oc30.dll 2008-07-24 16:00 . 1998-07-14 14:54 362,552 --------- D:\WINDOWS\system32\sstbars.ocx 2008-07-24 16:00 . 1999-01-29 15:25 332,800 --------- D:\WINDOWS\system32\AdvertX.ocx 2008-07-24 16:00 . 1997-02-24 17:04 264,288 --a------ D:\WINDOWS\system32\American.vtd 2008-07-24 16:00 . 1999-05-07 00:00 209,408 --------- D:\WINDOWS\system32\Tabctl32.ocx 2008-07-24 16:00 . 1995-10-11 01:00 133,904 --------- D:\WINDOWS\system32\Mfcans32.dll 2008-07-24 16:00 . 1999-06-08 13:50 97,280 --a------ D:\WINDOWS\system32\Vspell32.ocx 2008-07-24 16:00 . 1997-02-24 17:44 70,656 --a------ D:\WINDOWS\system32\Vspell32.dll 2008-07-24 16:00 . 1998-07-15 00:03 54,784 --a------ D:\WINDOWS\system32\Netcod33.ocx 2008-07-24 16:00 . 1997-02-24 17:04 15,819 --a------ D:\WINDOWS\system32\Vspeller.hlp 2008-07-22 15:28 . 2008-07-22 15:53 21,840 --a----t- D:\WINDOWS\system32\SIntfNT.dll 2008-07-22 15:28 . 2008-07-22 15:53 17,212 --a----t- D:\WINDOWS\system32\SIntf32.dll 2008-07-22 15:28 . 2008-07-22 15:53 12,067 --a----t- D:\WINDOWS\system32\SIntf16.dll 2008-07-22 15:26 . 2008-07-28 09:56 <DIR> d-------- D:\Arquivos de programas\Diablo II 2008-07-22 10:03 . 2008-07-28 15:50 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\DiskAid 2008-07-22 10:03 . 2008-07-22 10:03 <DIR> d-------- D:\Arquivos de programas\DigiDNA 2008-07-15 17:41 . 2008-07-15 17:41 <DIR> d-------- D:\WINDOWS\ERUNT 2008-07-15 17:30 . 2008-07-15 17:52 <DIR> d-------- D:\SDFix 2008-07-14 15:42 . 2008-07-29 12:26 <DIR> d-------- D:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais 2008-07-14 15:42 . 2008-07-29 12:26 <DIR> d-------- D:\Documents and Settings\UserName\Configuraþ§es locais 2008-07-14 15:42 . 2008-07-29 12:26 <DIR> d-------- D:\Documents and Settings\NetworkService\Configuraþ§es locais 2008-07-14 15:42 . 2008-07-29 12:26 <DIR> d-------- D:\Documents and Settings\LocalService\Configuraþ§es locais 2008-07-14 08:21 . 2008-07-14 13:19 192,512 --a------ D:\WINDOWS\system32\cbOCR.dll 2008-07-11 11:40 . 2008-07-11 11:39 46,320 --a------ D:\WINDOWS\php.ini 2008-07-11 11:37 . 2008-05-02 18:07 4,874,301 --a------ D:\WINDOWS\system32\php5ts.dll 2008-07-11 11:37 . 2008-05-02 18:07 2,076,672 --a------ D:\WINDOWS\system32\libmysql.dll 2008-07-09 11:49 . 2008-07-09 11:49 <DIR> d--h----- D:\WINDOWS\amcdl 2008-07-08 16:04 . 2008-07-08 16:04 <DIR> d-------- D:\Arquivos de programas\MySQL 2008-07-08 15:55 . 2008-07-08 15:55 <DIR> d-------- D:\Arquivos de programas\Apache Software Foundation 2008-07-07 11:24 . 2008-06-10 02:32 73,728 --a------ D:\WINDOWS\system32\javacpl.cpl 2008-07-07 11:22 . 2008-07-07 11:22 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\Java 2008-07-03 09:23 . 2008-07-03 09:24 <DIR> d-------- D:\Arquivos de programas\Microsoft Works 2008-07-03 09:16 . 2008-07-03 09:16 <DIR> dr-h----- D:\MSOCache 2008-06-30 16:18 . 2008-07-08 15:30 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help 2008-06-30 14:53 . 2008-06-30 14:53 <DIR> d-------- D:\WINDOWS\system32\pt-br 2008-06-30 14:50 . 2008-06-30 14:50 <DIR> d--h----- D:\WINDOWS\$hf_mig$ 2008-06-26 16:41 . 1999-05-07 00:00 204,296 --------- D:\WINDOWS\system32\Richtx32.ocx 2008-06-26 16:41 . 2000-02-21 03:20 107,512 --------- D:\WINDOWS\system32\Csmtp32.ocx 2008-06-26 16:41 . 2000-02-21 03:20 99,800 --------- D:\WINDOWS\system32\Csmsg32.ocx 2008-06-26 16:41 . 1998-10-13 14:08 53,248 --a------ D:\WINDOWS\system32\TinyDB6.ocx 2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Avira 2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Arquivos de programas\Avira 2008-06-26 13:10 . 2008-06-26 13:10 <DIR> d-------- D:\Arquivos de programas\ahead 2008-06-26 13:10 . 2008-06-26 13:10 831,488 --------- D:\WINDOWS\UNMRW.exe 2008-06-26 13:10 . 2008-06-26 13:10 155,648 --------- D:\WINDOWS\system32\NeroCheck.exe 2008-06-26 13:10 . 2008-06-26 13:10 70,532 --------- D:\WINDOWS\UNMRW.cfg 2008-06-26 13:10 . 2008-06-26 13:10 7,582 --------- D:\WINDOWS\system32\drivers\incdrm.sys 2008-06-26 09:57 . 2008-07-28 08:50 <DIR> d-------- D:\Arquivos de programas\Yahoo! 2008-06-26 08:26 . 2008-06-26 08:26 238,532 --a------ D:\WINDOWS\system32\sns.exe 2008-06-25 16:59 . 2008-06-25 16:59 371,158 --a------ D:\WINDOWS\system32\terum.exe 2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\WebApps 2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Prism 2008-06-24 10:20 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll 2008-06-24 10:20 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll 2008-06-24 10:20 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui 2008-06-18 16:39 . 2008-06-18 16:39 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Flock 2008-06-18 16:39 . 2008-07-30 09:55 <DIR> d-------- D:\Arquivos de programas\Flock 2008-06-18 16:20 . 2008-06-26 14:40 305 --a------ D:\WINDOWS\wininit.ini 2008-06-17 16:40 . 2008-05-27 21:05 <DIR> d-------- D:\Arquivos de programas\True Transparency 2008-06-17 15:35 . 2008-06-17 15:35 <DIR> d-------- D:\Arquivos de programas\RK Launcher 2008-06-17 15:35 . 2008-06-17 15:36 <DIR> d-------- D:\Arquivos de programas\iShut 2008-06-17 15:35 . 2008-06-17 15:35 <DIR> d-------- D:\Arquivos de programas\Address Book 2008-06-17 14:42 . 2008-06-17 14:42 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus! 2008-06-17 14:39 . 2008-06-17 14:39 <DIR> d-------- D:\Arquivos de programas\Messenger Plus! Live 2008-06-17 13:07 . 2008-06-17 13:07 0 -rahs---- D:\kb 2008-06-17 10:45 . 2008-07-30 10:56 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Google Updater 2008-06-16 18:07 . 2008-06-16 18:07 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\GrabPro 2008-06-16 10:24 . 2008-06-16 10:24 <DIR> d-------- D:\Arquivos de programas\Shock Utility 2008-06-16 10:24 . 2008-06-16 10:24 65,536 --a------ D:\WINDOWS\IFinst27.MSNFix 2008-06-16 08:24 . 2008-06-16 08:24 <DIR> d-------- D:\Arquivos de programas\DAEMON Tools Lite 2008-06-13 16:10 . 2008-06-13 16:13 318 --a------ D:\WINDOWS\WPE PRO.INI 2008-06-13 15:23 . 2008-06-18 15:46 <DIR> d-------- D:\Arquivos de programas\Cheat Engine 2008-06-13 15:23 . 2005-09-04 00:48 1,970,176 --a------ D:\WINDOWS\system32\d3dx9.dll 2008-06-13 15:21 . 2008-06-13 15:21 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\DAEMON Tools 2008-06-13 15:21 . 2008-06-13 15:21 717,296 --a------ D:\WINDOWS\system32\drivers\sptd.sys 2008-06-12 15:59 . 2008-07-03 17:50 47,300 --ah----- D:\WINDOWS\system32\mlfcache.dat 2008-06-12 15:42 . 2008-06-12 15:42 <DIR> d-------- D:\Arquivos de programas\Safari 2008-06-11 10:55 . 2008-06-11 10:55 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Ahead 2008-06-09 13:39 . 2008-06-09 14:08 <DIR> d-------- D:\Arquivos de programas\Magic Swf2Avi 2008 . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-30 14:22 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\uTorrent 2008-07-30 14:22 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Orbit 2008-07-30 14:07 --------- d-----w D:\Arquivos de programas\Aureate 2008-07-29 14:45 --------- d-----w D:\Arquivos de programas\Orbitdownloader 2008-07-29 12:16 --------- d-----w D:\Arquivos de programas\Mozilla Thunderbird 2008-07-28 20:41 --------- d--h--w D:\Arquivos de programas\InstallShield Installation Information 2008-07-25 19:23 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\FileZilla 2008-07-25 16:21 --------- d-----w D:\Arquivos de programas\eMule 2008-07-24 17:56 --------- d-----w D:\Arquivos de programas\Google 2008-07-21 13:35 --------- d-----w D:\Arquivos de programas\Java 2008-07-18 21:01 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iTunes 2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iPod 2008-07-10 12:35 32,000 ----a-w D:\WINDOWS\system32\drivers\usbaapl.sys 2008-06-26 19:27 --------- d-----w D:\Arquivos de programas\ESET 2008-06-18 19:15 --------- d-----w D:\Arquivos de programas\JC-Email Direct Express 4.2 2008-06-16 18:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Apple Computer 2008-06-10 11:34 --------- d-----w D:\Arquivos de programas\QuickTime 2008-06-03 19:30 --------- d-----w D:\Arquivos de programas\Last.fm 2008-06-02 14:06 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Last.fm 2004-02-12 20:25 65,536 ----a-w D:\Arquivos de programas\internet explorer\plugins\CSSEdit.dll . ------- Sigcheck ------- 2007-06-26 08:02 359040 27a5959c94ee173a063ca06bd14f021a D:\WINDOWS\system32\drivers\tcpip.sys 2007-04-26 17:10 1778688 8a9fbd4c096cb4467df00687703bd086 D:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-07-14_15.42.22.07 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-15 02:41:59 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-07-15 20:41:23 6,623,232 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat + 2008-07-15 20:41:23 286,720 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-07-15 02:41:59 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-07-15 20:41:21 6,623,232 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat + 2008-07-15 20:41:21 286,720 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2008-03-04 16:28:53 79,424 ----a-w D:\WINDOWS\system32\drivers\avipbb.sys + 2008-07-18 11:25:44 75,072 ----a-w D:\WINDOWS\system32\drivers\avipbb.sys - 2008-03-25 04:28:39 135,168 ----a-w D:\WINDOWS\system32\java.exe + 2008-06-10 04:21:01 135,168 ----a-w D:\WINDOWS\system32\java.exe - 2008-03-25 04:28:43 135,168 ----a-w D:\WINDOWS\system32\javaw.exe + 2008-06-10 04:21:04 135,168 ----a-w D:\WINDOWS\system32\javaw.exe - 2008-03-25 05:37:01 139,264 ----a-w D:\WINDOWS\system32\javaws.exe + 2008-06-10 05:32:34 139,264 ----a-w D:\WINDOWS\system32\javaws.exe - 2008-03-24 23:21:00 218,496 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-03-25 03:21:20 218,496 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe - 2008-06-26 12:57:38 74,137 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2008-07-21 11:18:28 74,137 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2008-07-18 18:59:42 70,264 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe - 2008-03-10 16:38:40 297,984 ----a-w D:\WINDOWS\system32\midas.dll + 2005-01-02 15:16:18 297,984 ----a-w D:\WINDOWS\system32\midas.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360] "msnmsgr"="D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "DAEMON Tools Lite"="D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856] "SpybotSD TeaTimer"="D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "swg"="D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 10:45 68856] "RK Launcher"="D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe" [2007-03-16 17:05 708608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UnlockerAssistant"="D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872] "IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2007-04-20 02:57 142104] "HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2007-04-20 02:57 162584] "Persistence"="D:\WINDOWS\system32\igfxpers.exe" [2007-04-20 02:57 138008] "Adobe Reader Speed Launcher"="D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="D:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "avgnt"="D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 08:25 266497] "SunJavaUpdateSched"="D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "AppleSyncNotifier"="D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "iTunesHelper"="D:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "Google Desktop Search"="D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-24 14:56 29744] "G4Listener"="C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" [2008-01-11 12:00 93184] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 D:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360] D:\WINDOWS\system32\config\systemprofile\Menu Iniciar\Programas\Inicializar\ ObjectDock.lnk - D:\Arquivos de programas\OBjectDock\ObjectDock.exe [2008-03-12 13:57:04 1826885] UberIcon.lnk - D:\Arquivos de programas\UberIcon\UberIcon Manager.exe [2008-03-12 13:54:21 188416] VisualTaskTips.lnk - D:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe [2008-03-12 13:54:22 36864] D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\ Yahoo! Widgets.lnk - D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 19:34:48 3746856] D:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Orbit.lnk - D:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-03-12 15:03:55 1703112] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="%windir%\\Resources\\Logon\\Newlogo.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.CSCD"= camcodec.dll "vidc.ffds"= D:\ARQUIV~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nsd22.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uap14.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff74.sys] @="Driver" [HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^UberIcon.lnk] path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\UberIcon.lnk backup=D:\WINDOWS\pss\UberIcon.lnkStartup [HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^VisualTaskTips.lnk] path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\VisualTaskTips.lnk backup=D:\WINDOWS\pss\VisualTaskTips.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "D:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "D:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"= "D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "D:\\WINDOWS\\system32\\LMabcoms.exe"= "D:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "D:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "D:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "C:\\Santander\\Gerenciador de Arquivos\\Bin\\Listener.exe"= "D:\\Arquivos de programas\\eMule\\emule.exe"= "C:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "D:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe"= "D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= "D:\\Arquivos de programas\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8322:TCP"= 8322:TCP:BitComet 8322 TCP "8322:UDP"= 8322:UDP:BitComet 8322 UDP S0 Nsd22;Nsd22;D:\WINDOWS\system32\Drivers\Nsd22.sys [] S0 Uap14;Uap14;D:\WINDOWS\system32\Drivers\Uap14.sys [] S0 Winff74;Winff74;D:\WINDOWS\system32\Drivers\Winff74.sys [] S2 gupdate1c8c104853bc198;Google Update Service (gupdate1c8c104853bc198);D:\Arquivos de programas\Google\Update\GoogleUpdate.exe [] S3 FXDrv32;FXDrv32;E:\FXDrv32.sys [] S3 GoogleDesktopManager-051608-133132;Gerenciador do Google Desktop 5.7.805.16405;D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-24 14:56] S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 08:59] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [] S3 XDva120;XDva120;D:\WINDOWS\system32\XDva120.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 *Newly Created Service* - CATCHME . Conteúdo da pasta 'Tarefas Agendadas' 2008-04-16 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job - D:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-30 11:25:05 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-07-30 11:26:49 ComboFix-quarantined-files.txt 2008-07-30 14:26:26 ComboFix2.txt 2008-07-29 15:26:49 ComboFix3.txt 2008-07-24 13:09:25 ComboFix4.txt 2008-07-15 11:36:19 ComboFix5.txt 2008-07-30 14:22:09 Pre-Run: 18 pasta(s) 162,508,726,272 bytes disponíveis Post-Run: 20 pasta(s) 162,500,984,832 bytes disponíveis 284 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:29:37, on 30/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Arquivos de programas\Bonjour\mDNSResponder.exe D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe D:\WINDOWS\system32\igfxtray.exe D:\WINDOWS\system32\igfxsrvc.exe D:\WINDOWS\system32\hkcmd.exe D:\WINDOWS\system32\igfxpers.exe D:\WINDOWS\RTHDCPL.EXE D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe D:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe D:\WINDOWS\system32\ctfmon.exe D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\WINDOWS\system32\wscntfy.exe D:\Arquivos de programas\iPod\bin\iPodService.exe D:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe D:\WINDOWS\explorer.exe D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe D:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de programas\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RK Launcher] "D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Yahoo! Widgets.lnk = D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe O4 - Global Startup: RKLauncher.lnk = D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gerenciador do Google Desktop 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Unknown owner - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 9871 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Julho 30, 2008 Opa Yeshu'a - Digite no Executar combofix /u e clique em Ok e aguarde a remoção do combofix. Seu log estar limpo, para finalizar. Visite o Windows Update e atualize o seu sistema, baixando o Service Pack 3 Ou, se preferir, baixe e instale o pacote completo (+- 300 Mb): http://www.microsoft.com/downloads/details...splayLang=pt-br - Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner • Abra o programa e clique em Executar Limpeza; • Após isto, clique em Registro > Procurar erros > Corrigir Erros - Desative e ative novamente a Restauração do Sistema Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções; Faça também o donwload do • ATF-Cleaner - Execute a Ferramenta ATF-Cleaner.exe. Marque a opção Select All e clique em Empty Selected. Aparecerá uma janela "Done Cleaning". Clique em OK e Exit. Abraços Compartilhar este post Link para o post Compartilhar em outros sites
