Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Yeshu'a

[Resolvido!] Ele encontra toda vez que ligo o PC

Recommended Posts

Toda vez que eu ligo o computador o avira encontra alguns trojans, e eu ja fiz Busca completa e busca por rootkit porem ele não disse nada....

 

Desde ja Vlw

 

Vai o log do HiJackThis ai embaixo =D

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:16:50, on 14/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

D:\WINDOWS\system32\igfxtray.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\RTHDCPL.EXE

C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe

D:\Arquivos de programas\TopDesk\topdesk.exe

D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe

D:\Arquivos de programas\iTunes\iTunesHelper.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\WINDOWS\system32\wscntfy.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\iPod\bin\iPodService.exe

D:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

D:\WINDOWS\System32\svchost.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=userinit.exe,D:\WINDOWS\lsas.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)

O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe

O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [TopDesk] D:\Arquivos de programas\TopDesk\topdesk.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKLM\..\Policies\Explorer\Run: [lsas] D:\WINDOWS\lsas.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: ObjectDock.lnk = D:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: UberIcon.lnk = D:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: VisualTaskTips.lnk = D:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: ObjectDock.lnk = D:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT Startup: UberIcon.lnk = D:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT Startup: VisualTaskTips.lnk = D:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - Startup: Yahoo! Widgets.lnk = D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O4 - Global Startup: RKLauncher.lnk = D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &List Stylesheets - D:\WINDOWS\Web\CSS_Stylesheets.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html

O9 - Extra 'Tools' menuitem: &List Stylesheets - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

 

--

End of file - 10886 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Combofix e salve no seu desktop.

 

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

 

Quando acabar, será gerado um log, que vai estar em D:\ComboFix.txt.

 

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

 

Para parar ou sair do ComboFix, tecle "2" e Enter.

 

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Por questão de analise, vai ai os nomes dos arquivos que o avira achou

 

"D:\Documents and Settings\UserName\Configurações locais\Temporary Internet Files\Content.IE5\ZTAA9BZQ\zpatnfjiqtimyzs[1].exe."

e

"D:\WINDOWS\system32\atnfj.exe."

 

Vai ai os logs

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:44:30, on 14/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

D:\WINDOWS\system32\igfxtray.exe

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\RTHDCPL.EXE

C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

D:\Arquivos de programas\TopDesk\topdesk.exe

D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe

D:\Arquivos de programas\iTunes\iTunesHelper.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Arquivos de programas\iPod\bin\iPodService.exe

D:\Arquivos de programas\iTunes\iTunes.exe

D:\Arquivos de programas\Last.fm\LastFM.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\distnoted.exe

D:\WINDOWS\explorer.exe

D:\WINDOWS\system32\notepad.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)

O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe

O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [TopDesk] D:\Arquivos de programas\TopDesk\topdesk.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKLM\..\Policies\Explorer\Run: [lsas] D:\WINDOWS\lsas.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &List Stylesheets - D:\WINDOWS\Web\CSS_Stylesheets.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html

O9 - Extra 'Tools' menuitem: &List Stylesheets - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

 

--

End of file - 10106 bytes

 

 

ComboFix 08-07-13.14 - UserName 2008-07-14 15:32:05.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1454 [GMT -3:00]

Executando de: D:\Documents and Settings\UserName\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\Arquivos de programas\mjc

D:\Arquivos de programas\mjc\mjc.exe

D:\Arquivos de programas\Sakora

D:\Arquivos de programas\Spcron

D:\Arquivos de programas\Spcron\Spc.dll

D:\Arquivos de programas\Temporary

D:\WINDOWS\system32\AutoRun.inf

D:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\CPV.stt

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_TCPSR

-------\Service_tcpsr

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))

.

 

2008-07-14 14:31 . <DIR> D:\WINDOWS\LastGood.Tmp

2008-07-14 08:21 . 2008-07-14 13:19 192,512 --a------ D:\WINDOWS\system32\cbOCR.dll

2008-07-11 11:40 . 2008-07-11 11:39 46,320 --a------ D:\WINDOWS\php.ini

2008-07-11 11:37 . 2008-05-02 18:07 4,874,301 --a------ D:\WINDOWS\system32\php5ts.dll

2008-07-11 11:37 . 2008-05-02 18:07 2,076,672 --a------ D:\WINDOWS\system32\libmysql.dll

2008-07-09 11:49 . 2008-07-09 11:49 <DIR> d--h----- D:\WINDOWS\amcdl

2008-07-08 16:04 . 2008-07-08 16:04 <DIR> d-------- D:\Arquivos de programas\MySQL

2008-07-08 15:55 . 2008-07-08 15:55 <DIR> d-------- D:\Arquivos de programas\Apache Software Foundation

2008-07-08 09:32 . 2008-07-08 09:32 <DIR> d-------- D:\Arquivos de programas\FileZilla FTP Client

2008-07-07 11:24 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl

2008-07-07 11:22 . 2008-07-07 11:22 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\Java

2008-07-03 09:23 . 2008-07-03 09:24 <DIR> d-------- D:\Arquivos de programas\Microsoft Works

2008-07-03 09:16 . 2008-07-03 09:16 <DIR> dr-h----- D:\MSOCache

2008-06-30 16:18 . 2008-07-08 15:30 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-30 14:53 . 2008-06-30 14:53 <DIR> d-------- D:\WINDOWS\system32\pt-br

2008-06-30 14:50 . 2008-06-30 14:50 <DIR> d--h----- D:\WINDOWS\$hf_mig$

2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Arquivos de programas\Avira

2008-06-26 13:10 . 2008-06-26 13:10 <DIR> d-------- D:\Arquivos de programas\ahead

2008-06-26 13:10 . 2008-06-26 13:10 831,488 --------- D:\WINDOWS\UNMRW.exe

2008-06-26 13:10 . 2008-06-26 13:10 155,648 --------- D:\WINDOWS\system32\NeroCheck.exe

2008-06-26 13:10 . 2008-06-26 13:10 70,532 --------- D:\WINDOWS\UNMRW.cfg

2008-06-26 13:10 . 2008-06-26 13:10 7,582 --------- D:\WINDOWS\system32\drivers\incdrm.sys

2008-06-26 09:57 . 2008-06-26 09:57 <DIR> d-------- D:\Arquivos de programas\Yahoo!

2008-06-26 08:26 . 2008-06-26 08:26 238,532 --a------ D:\WINDOWS\system32\sns.exe

2008-06-25 16:59 . 2008-06-25 16:59 371,158 --a------ D:\WINDOWS\system32\terum.exe

2008-06-25 16:59 . 2008-06-25 16:59 371,158 -rahs---- D:\WINDOWS\lsas.exe

2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\WebApps

2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Prism

2008-06-24 10:20 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll

2008-06-24 10:20 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll

2008-06-24 10:20 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui

2008-06-18 16:39 . 2008-06-18 16:39 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Flock

2008-06-18 16:39 . 2008-07-14 08:32 <DIR> d-------- D:\Arquivos de programas\Flock

2008-06-18 16:20 . 2008-06-26 14:40 305 --a------ D:\WINDOWS\wininit.ini

2008-06-17 16:40 . 2008-05-27 21:05 <DIR> d-------- D:\Arquivos de programas\True Transparency

2008-06-17 15:35 . 2008-06-17 15:35 <DIR> d-------- D:\Arquivos de programas\RK Launcher

2008-06-17 15:35 . 2008-06-17 15:36 <DIR> d-------- D:\Arquivos de programas\iShut

2008-06-17 15:35 . 2008-06-17 15:35 <DIR> d-------- D:\Arquivos de programas\Address Book

2008-06-17 14:42 . 2008-06-17 14:42 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-06-17 14:39 . 2008-06-17 14:39 <DIR> d-------- D:\Arquivos de programas\Messenger Plus! Live

2008-06-17 13:07 . 2008-06-17 13:07 240,726 --a------ D:\WINDOWS\system32\sms.exe

2008-06-17 13:07 . 2008-06-17 13:07 0 -rahs---- D:\kb

2008-06-17 10:45 . 2008-07-14 08:33 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-06-16 18:07 . 2008-06-16 18:07 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\GrabPro

2008-06-16 10:24 . 2008-06-16 10:24 <DIR> d-------- D:\Arquivos de programas\Shock Utility

2008-06-16 10:24 . 2008-06-16 10:24 65,536 --a------ D:\WINDOWS\IFinst27.MSNFix

2008-06-16 08:24 . 2008-06-16 08:24 <DIR> d-------- D:\Arquivos de programas\DAEMON Tools Lite

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-14 18:31 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Orbit

2008-07-14 17:47 --------- d-----w D:\Arquivos de programas\Mozilla Thunderbird

2008-07-14 16:13 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\uTorrent

2008-07-14 12:44 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\FileZilla

2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iTunes

2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iPod

2008-07-10 12:35 32,000 ----a-w D:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-09 21:14 --------- d-----w D:\Arquivos de programas\Google

2008-07-07 14:24 --------- d-----w D:\Arquivos de programas\Java

2008-06-26 19:27 --------- d-----w D:\Arquivos de programas\ESET

2008-06-25 12:53 --------- d-----w D:\Arquivos de programas\eMule

2008-06-18 19:15 --------- d-----w D:\Arquivos de programas\JC-Email Direct Express 4.2

2008-06-18 18:46 --------- d-----w D:\Arquivos de programas\Cheat Engine

2008-06-18 18:45 --------- d-----w D:\Arquivos de programas\Orbitdownloader

2008-06-16 18:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Apple Computer

2008-06-13 18:21 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys

2008-06-13 18:21 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\DAEMON Tools

2008-06-12 18:42 --------- d-----w D:\Arquivos de programas\Safari

2008-06-11 13:55 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Ahead

2008-06-10 11:34 --------- d-----w D:\Arquivos de programas\QuickTime

2008-06-09 17:08 --------- d-----w D:\Arquivos de programas\Magic Swf2Avi 2008

2008-06-03 19:30 --------- d-----w D:\Arquivos de programas\Last.fm

2008-06-02 14:06 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Last.fm

2008-05-27 16:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\iSproggler

2008-05-27 13:58 --------- d-----w D:\Arquivos de programas\AviSynth 2.5

2008-05-27 13:04 --------- d-----w D:\Arquivos de programas\Bonjour

2008-05-27 12:50 --------- d-----w D:\Arquivos de programas\iPod(2)

2008-05-26 14:33 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\LimeWire

2008-05-26 14:14 --------- d-----w D:\Arquivos de programas\Red Kawa

2008-05-26 13:44 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Any Video Converter

2008-05-26 12:31 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-05-26 12:30 --------- d-----w D:\Arquivos de programas\Arquivos comuns\Apple

2008-05-26 12:26 --------- d-----w D:\Arquivos de programas\eRightSoft

2004-02-12 20:25 65,536 ----a-w D:\Arquivos de programas\internet explorer\plugins\CSSEdit.dll

.

 

------- Sigcheck -------

 

2007-06-26 08:02 359040 27a5959c94ee173a063ca06bd14f021a D:\WINDOWS\system32\drivers\tcpip.sys

 

2007-04-26 17:10 1778688 8a9fbd4c096cb4467df00687703bd086 D:\WINDOWS\explorer.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

"msnmsgr"="D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"DAEMON Tools Lite"="D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856]

"SpybotSD TeaTimer"="D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"swg"="D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 10:45 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Vistadrv"="D:\WINDOWS\HDbar\vsdrv.exe" [2006-07-30 02:37 121089]

"UnlockerAssistant"="D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872]

"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2007-04-20 02:57 142104]

"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2007-04-20 02:57 162584]

"Persistence"="D:\WINDOWS\system32\igfxpers.exe" [2007-04-20 02:57 138008]

"Adobe Reader Speed Launcher"="D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"G4Listener"="C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" [2008-01-11 12:00 93184]

"QuickTime Task"="D:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-27 10:50 413696]

"avgnt"="D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"TopDesk"="D:\Arquivos de programas\TopDesk\topdesk.exe" [2006-02-05 17:00 195584]

"SunJavaUpdateSched"="D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"AppleSyncNotifier"="D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"iTunesHelper"="D:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 D:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"lsas"="D:\WINDOWS\lsas.exe" [2008-06-25 16:59 371158]

 

D:\WINDOWS\system32\config\systemprofile\Menu Iniciar\Programas\Inicializar\

ObjectDock.lnk - D:\Arquivos de programas\OBjectDock\ObjectDock.exe [2008-03-12 13:57:04 1826885]

UberIcon.lnk - D:\Arquivos de programas\UberIcon\UberIcon Manager.exe [2008-03-12 13:54:21 188416]

VisualTaskTips.lnk - D:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe [2008-03-12 13:54:22 36864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe,D:\\WINDOWS\\lsas.exe"

"UIHost"="%windir%\\Resources\\Logon\\Newlogo.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.CSCD"= camcodec.dll

"vidc.ffds"= D:\ARQUIV~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nsd22.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uap14.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff74.sys]

@="Driver"

 

[HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^UberIcon.lnk]

path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\UberIcon.lnk

backup=D:\WINDOWS\pss\UberIcon.lnkStartup

 

[HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^VisualTaskTips.lnk]

path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\VisualTaskTips.lnk

backup=D:\WINDOWS\pss\VisualTaskTips.lnkStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"D:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"D:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"D:\\WINDOWS\\system32\\LMabcoms.exe"=

"D:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"D:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"D:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Santander\\Gerenciador de Arquivos\\Bin\\Listener.exe"=

"D:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=

"D:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe"=

"D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=

"D:\\Arquivos de programas\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8322:TCP"= 8322:TCP:BitComet 8322 TCP

"8322:UDP"= 8322:UDP:BitComet 8322 UDP

 

S0 Nsd22;Nsd22;D:\WINDOWS\system32\Drivers\Nsd22.sys []

S0 Uap14;Uap14;D:\WINDOWS\system32\Drivers\Uap14.sys []

S0 Winff74;Winff74;D:\WINDOWS\system32\Drivers\Winff74.sys []

S2 gupdate1c8c104853bc198;Google Update Service (gupdate1c8c104853bc198);D:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2008-07-09 09:22]

S3 FXDrv32;FXDrv32;E:\FXDrv32.sys []

S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 08:59]

S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []

S3 XDva120;XDva120;D:\WINDOWS\system32\XDva120.sys []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{901264ee-20dd-11dd-b705-001c25463545}]

\Shell\AutoRun\command - NTsys.exe

\Shell\explore\Command - NTsys.exe

\Shell\open\Command - NTsys.exe

 

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-04-16 16:14:59 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- D:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2008-07-14 18:35:38 D:\WINDOWS\Tasks\GoogleUpdateTask.job"

- D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

.

- - - - ORPHANS REMOVED - - - -

 

HKU-Default-Run-Free Download Manager - D:\Arquivos de programas\Free Download Manager\fdm.exe

HKU-Default-Run-MsnMsgr - D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

MSConfigStartUp-MsnMsgr - D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-14 15:36:11

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: D:\WINDOWS\explorer.exe

-> D:\Arquivos de programas\TopDesk\topdesk.dll

-> D:\Arquivos de programas\Unlocker\UnlockerHook.dll

.

------------------------ Other Running Processes ------------------------

.

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

D:\WINDOWS\system32\wscntfy.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\Arquivos de programas\iPod\bin\iPodService.exe

D:\Arquivos de programas\iTunes\iTunes.exe

D:\Arquivos de programas\Last.fm\LastFM.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\distnoted.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\guardgui.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\guardgui.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-07-14 15:42:56 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-14 18:42:37

ComboFix2.txt 2008-06-24 13:38:58

 

Pre-Run: 165,619,671,040 bytes disponíveis

Post-Run: 166,297,513,984 bytes dispon¡veis

 

253

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

<!> Antes de qualquer medida, faça a instalação do RC!

---------------------------------------

<!> Vá ao site da Microsoft: < Link >

 

<!> Selecione o download, que seja adequado, ao seu Sistema Operacional!

 

crecuperacaorz4.jpg

 

<!> Faça o download, do arquivo, e salve-o no seu desktop.

<!> Feche todos os programas, que estejam abertos!

<!> Feche, também, seus programas de proteção! ( Antivírus,Antispywares e Firewall )

<!> Arraste o setup, baixado do site da Microsoft, para o interior do ComboFix.exe

<!> Veja, abaixo, a demonstração!

 

rc1.gif

 

<!> Siga as mensagens que aparecem na tela,para iniciar o ComboFix.

<!> Aceite o contrato da Microsoft, para instalar o "Console de Recuperação da Microsoft".

<!> Na próxima mensagem, clique em "Yes", para realizar um scan com o ComboFix.

 

RC_whatnext.gif

 

<!> Terminando, poste os relatórios:

 

<!> C:\ComboFix.txt mais o log do HijackThis, atualizado.

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue os Logs

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:37:06, on 15/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\WINDOWS\system32\igfxtray.exe

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxpers.exe

D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

D:\WINDOWS\RTHDCPL.EXE

D:\WINDOWS\system32\igfxsrvc.exe

D:\WINDOWS\System32\svchost.exe

C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

D:\Arquivos de programas\TopDesk\topdesk.exe

D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe

D:\Arquivos de programas\iTunes\iTunesHelper.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Arquivos de programas\iPod\bin\iPodService.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

D:\WINDOWS\explorer.exe

D:\WINDOWS\system32\notepad.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)

O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe

O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [TopDesk] D:\Arquivos de programas\TopDesk\topdesk.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKLM\..\Policies\Explorer\Run: [lsas] D:\WINDOWS\lsas.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &List Stylesheets - D:\WINDOWS\Web\CSS_Stylesheets.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html

O9 - Extra 'Tools' menuitem: &List Stylesheets - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

 

--

End of file - 9767 bytes

 

 

ComboFix 08-07-13.14 - UserName 2008-07-15 8:33:06.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1519 [GMT -3:00]

Executando de: D:\Documents and Settings\UserName\Desktop\ComboFix.exe

Command switches used :: D:\Documents and Settings\UserName\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-06-15 to 2008-07-15 ))))))))))))))))))))))))))))))))

.

 

2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\UserName\Configuraþ§es locais

2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\LocalService\Configuraþ§es locais

2008-07-14 08:21 . 2008-07-14 13:19 192,512 --a------ D:\WINDOWS\system32\cbOCR.dll

2008-07-11 11:40 . 2008-07-11 11:39 46,320 --a------ D:\WINDOWS\php.ini

2008-07-11 11:37 . 2008-05-02 18:07 4,874,301 --a------ D:\WINDOWS\system32\php5ts.dll

2008-07-11 11:37 . 2008-05-02 18:07 2,076,672 --a------ D:\WINDOWS\system32\libmysql.dll

2008-07-09 11:49 . 2008-07-09 11:49 <DIR> d--h----- D:\WINDOWS\amcdl

2008-07-08 16:04 . 2008-07-08 16:04 <DIR> d-------- D:\Arquivos de programas\MySQL

2008-07-08 15:55 . 2008-07-08 15:55 <DIR> d-------- D:\Arquivos de programas\Apache Software Foundation

2008-07-08 09:32 . 2008-07-08 09:32 <DIR> d-------- D:\Arquivos de programas\FileZilla FTP Client

2008-07-07 11:24 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl

2008-07-07 11:22 . 2008-07-07 11:22 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\Java

2008-07-03 09:23 . 2008-07-03 09:24 <DIR> d-------- D:\Arquivos de programas\Microsoft Works

2008-07-03 09:16 . 2008-07-03 09:16 <DIR> dr-h----- D:\MSOCache

2008-06-30 16:18 . 2008-07-08 15:30 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-30 14:53 . 2008-06-30 14:53 <DIR> d-------- D:\WINDOWS\system32\pt-br

2008-06-30 14:50 . 2008-06-30 14:50 <DIR> d--h----- D:\WINDOWS\$hf_mig$

2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Arquivos de programas\Avira

2008-06-26 13:10 . 2008-06-26 13:10 <DIR> d-------- D:\Arquivos de programas\ahead

2008-06-26 13:10 . 2008-06-26 13:10 831,488 --------- D:\WINDOWS\UNMRW.exe

2008-06-26 13:10 . 2008-06-26 13:10 155,648 --------- D:\WINDOWS\system32\NeroCheck.exe

2008-06-26 13:10 . 2008-06-26 13:10 70,532 --------- D:\WINDOWS\UNMRW.cfg

2008-06-26 13:10 . 2008-06-26 13:10 7,582 --------- D:\WINDOWS\system32\drivers\incdrm.sys

2008-06-26 09:57 . 2008-06-26 09:57 <DIR> d-------- D:\Arquivos de programas\Yahoo!

2008-06-26 08:26 . 2008-06-26 08:26 238,532 --a------ D:\WINDOWS\system32\sns.exe

2008-06-25 16:59 . 2008-06-25 16:59 371,158 --a------ D:\WINDOWS\system32\terum.exe

2008-06-25 16:59 . 2008-06-25 16:59 371,158 -rahs---- D:\WINDOWS\lsas.exe

2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\WebApps

2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Prism

2008-06-24 10:20 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll

2008-06-24 10:20 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll

2008-06-24 10:20 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui

2008-06-18 16:39 . 2008-06-18 16:39 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Flock

2008-06-18 16:39 . 2008-07-15 08:18 <DIR> d-------- D:\Arquivos de programas\Flock

2008-06-18 16:20 . 2008-06-26 14:40 305 --a------ D:\WINDOWS\wininit.ini

2008-06-17 16:40 . 2008-05-27 21:05 <DIR> d-------- D:\Arquivos de programas\True Transparency

2008-06-17 15:35 . 2008-06-17 15:35 <DIR> d-------- D:\Arquivos de programas\RK Launcher

2008-06-17 15:35 . 2008-06-17 15:36 <DIR> d-------- D:\Arquivos de programas\iShut

2008-06-17 15:35 . 2008-06-17 15:35 <DIR> d-------- D:\Arquivos de programas\Address Book

2008-06-17 14:42 . 2008-06-17 14:42 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-06-17 14:39 . 2008-06-17 14:39 <DIR> d-------- D:\Arquivos de programas\Messenger Plus! Live

2008-06-17 13:07 . 2008-06-17 13:07 240,726 --a------ D:\WINDOWS\system32\sms.exe

2008-06-17 13:07 . 2008-06-17 13:07 0 -rahs---- D:\kb

2008-06-17 10:45 . 2008-07-14 08:33 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-06-16 18:07 . 2008-06-16 18:07 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\GrabPro

2008-06-16 10:24 . 2008-06-16 10:24 <DIR> d-------- D:\Arquivos de programas\Shock Utility

2008-06-16 10:24 . 2008-06-16 10:24 65,536 --a------ D:\WINDOWS\IFinst27.MSNFix

2008-06-16 08:24 . 2008-06-16 08:24 <DIR> d-------- D:\Arquivos de programas\DAEMON Tools Lite

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-15 11:32 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Orbit

2008-07-14 21:01 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\uTorrent

2008-07-14 20:53 --------- d-----w D:\Arquivos de programas\Mozilla Thunderbird

2008-07-14 12:44 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\FileZilla

2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iTunes

2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iPod

2008-07-10 12:35 32,000 ----a-w D:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-09 21:14 --------- d-----w D:\Arquivos de programas\Google

2008-07-07 14:24 --------- d-----w D:\Arquivos de programas\Java

2008-06-26 19:27 --------- d-----w D:\Arquivos de programas\ESET

2008-06-25 12:53 --------- d-----w D:\Arquivos de programas\eMule

2008-06-18 19:15 --------- d-----w D:\Arquivos de programas\JC-Email Direct Express 4.2

2008-06-18 18:46 --------- d-----w D:\Arquivos de programas\Cheat Engine

2008-06-18 18:45 --------- d-----w D:\Arquivos de programas\Orbitdownloader

2008-06-16 18:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Apple Computer

2008-06-13 18:21 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys

2008-06-13 18:21 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\DAEMON Tools

2008-06-12 18:42 --------- d-----w D:\Arquivos de programas\Safari

2008-06-11 13:55 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Ahead

2008-06-10 11:34 --------- d-----w D:\Arquivos de programas\QuickTime

2008-06-09 17:08 --------- d-----w D:\Arquivos de programas\Magic Swf2Avi 2008

2008-06-03 19:30 --------- d-----w D:\Arquivos de programas\Last.fm

2008-06-02 14:06 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Last.fm

2008-05-27 16:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\iSproggler

2008-05-27 13:58 --------- d-----w D:\Arquivos de programas\AviSynth 2.5

2008-05-27 13:04 --------- d-----w D:\Arquivos de programas\Bonjour

2008-05-27 12:50 --------- d-----w D:\Arquivos de programas\iPod(2)

2008-05-26 14:33 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\LimeWire

2008-05-26 14:14 --------- d-----w D:\Arquivos de programas\Red Kawa

2008-05-26 13:44 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Any Video Converter

2008-05-26 12:31 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-05-26 12:30 --------- d-----w D:\Arquivos de programas\Arquivos comuns\Apple

2008-05-26 12:26 --------- d-----w D:\Arquivos de programas\eRightSoft

2004-02-12 20:25 65,536 ----a-w D:\Arquivos de programas\internet explorer\plugins\CSSEdit.dll

.

 

------- Sigcheck -------

 

2007-06-26 08:02 359040 27a5959c94ee173a063ca06bd14f021a D:\WINDOWS\system32\drivers\tcpip.sys

 

2007-04-26 17:10 1778688 8a9fbd4c096cb4467df00687703bd086 D:\WINDOWS\explorer.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

"msnmsgr"="D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"DAEMON Tools Lite"="D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856]

"SpybotSD TeaTimer"="D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"swg"="D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 10:45 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Vistadrv"="D:\WINDOWS\HDbar\vsdrv.exe" [2006-07-30 02:37 121089]

"UnlockerAssistant"="D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872]

"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2007-04-20 02:57 142104]

"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2007-04-20 02:57 162584]

"Persistence"="D:\WINDOWS\system32\igfxpers.exe" [2007-04-20 02:57 138008]

"Adobe Reader Speed Launcher"="D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"G4Listener"="C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" [2008-01-11 12:00 93184]

"QuickTime Task"="D:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-27 10:50 413696]

"avgnt"="D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"TopDesk"="D:\Arquivos de programas\TopDesk\topdesk.exe" [2006-02-05 17:00 195584]

"SunJavaUpdateSched"="D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"AppleSyncNotifier"="D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"iTunesHelper"="D:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 D:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"lsas"="D:\WINDOWS\lsas.exe" [2008-06-25 16:59 371158]

 

D:\WINDOWS\system32\config\systemprofile\Menu Iniciar\Programas\Inicializar\

ObjectDock.lnk - D:\Arquivos de programas\OBjectDock\ObjectDock.exe [2008-03-12 13:57:04 1826885]

UberIcon.lnk - D:\Arquivos de programas\UberIcon\UberIcon Manager.exe [2008-03-12 13:54:21 188416]

VisualTaskTips.lnk - D:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe [2008-03-12 13:54:22 36864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="%windir%\\Resources\\Logon\\Newlogo.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.CSCD"= camcodec.dll

"vidc.ffds"= D:\ARQUIV~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nsd22.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uap14.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff74.sys]

@="Driver"

 

[HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^UberIcon.lnk]

path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\UberIcon.lnk

backup=D:\WINDOWS\pss\UberIcon.lnkStartup

 

[HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^VisualTaskTips.lnk]

path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\VisualTaskTips.lnk

backup=D:\WINDOWS\pss\VisualTaskTips.lnkStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"D:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"D:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"D:\\WINDOWS\\system32\\LMabcoms.exe"=

"D:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"D:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"D:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Santander\\Gerenciador de Arquivos\\Bin\\Listener.exe"=

"D:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=

"D:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe"=

"D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=

"D:\\Arquivos de programas\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8322:TCP"= 8322:TCP:BitComet 8322 TCP

"8322:UDP"= 8322:UDP:BitComet 8322 UDP

 

S0 Nsd22;Nsd22;D:\WINDOWS\system32\Drivers\Nsd22.sys []

S0 Uap14;Uap14;D:\WINDOWS\system32\Drivers\Uap14.sys []

S0 Winff74;Winff74;D:\WINDOWS\system32\Drivers\Winff74.sys []

S2 gupdate1c8c104853bc198;Google Update Service (gupdate1c8c104853bc198);D:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2008-07-09 09:22]

S3 FXDrv32;FXDrv32;E:\FXDrv32.sys []

S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 08:59]

S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []

S3 XDva120;XDva120;D:\WINDOWS\system32\XDva120.sys []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{901264ee-20dd-11dd-b705-001c25463545}]

\Shell\AutoRun\command - NTsys.exe

\Shell\explore\Command - NTsys.exe

\Shell\open\Command - NTsys.exe

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-04-16 16:14:59 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- D:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2008-07-15 11:14:03 D:\WINDOWS\Tasks\GoogleUpdateTask.job"

- D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-15 08:35:10

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-15 8:36:18

ComboFix-quarantined-files.txt 2008-07-15 11:35:45

ComboFix2.txt 2008-07-14 18:42:57

ComboFix3.txt 2008-06-24 13:38:58

 

Pre-Run: 166,018,048,000 bytes disponíveis

Post-Run: 166,066,368,512 bytes disponíveis

 

WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

221

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do SDFix:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

 

Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix)

 

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

 

1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat

2. Tecle Y para que a ferramenta inicie o processo de remoção

3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente

4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.

5. Uma janela com o relatório do SDFix irá aparecer.

6. Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt.

 

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

SDFix: Version 1.205

Run by UserName on ter 15/07/2008 at 17:44

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: D:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

D:\WINDOWS\lsas.exe - Deleted

D:\WINDOWS\system32\sms.exe - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-15 17:50:49

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="D:\Arquivos de programas\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:a7,2b,5d,89,75,a7,18,1a,6e,3d,40,62,19,be,76,9b,9a,c5,47,10,2b,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,65,17,2e,86,93,93,c7,42,e5,e5,c7,58,23,32,da,d4,1b,..

"khjeh"=hex:b2,8a,0e,27,4e,e1,e5,6a,33,f9,44,e4,de,6a,d6,d1,82,3e,a7,36,e5,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:9a,1b,2c,60,60,82,2d,d8,34,4c,9a,39,0d,d6,18,56,2b,f2,a5,d1,cf,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="D:\Arquivos de programas\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:a7,2b,5d,89,75,a7,18,1a,6e,3d,40,62,19,be,76,9b,9a,c5,47,10,2b,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,65,17,2e,86,93,93,c7,42,e5,e5,c7,58,23,32,da,d4,1b,..

"khjeh"=hex:b2,8a,0e,27,4e,e1,e5,6a,33,f9,44,e4,de,6a,d6,d1,82,3e,a7,36,e5,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:9a,1b,2c,60,60,82,2d,d8,34,4c,9a,39,0d,d6,18,56,2b,f2,a5,d1,cf,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"="D:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"

"D:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"="D:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"

"D:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"="D:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"

"D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"D:\\WINDOWS\\system32\\LMabcoms.exe"="D:\\WINDOWS\\system32\\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP"

"D:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="D:\\Arquivos de programas\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

"D:\\Arquivos de programas\\LimeWire\\LimeWire.exe"="D:\\Arquivos de programas\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"D:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"="D:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\\Santander\\Gerenciador de Arquivos\\Bin\\Listener.exe"="C:\\Santander\\Gerenciador de Arquivos\\Bin\\Listener.exe:*:Enabled:Listener"

"D:\\Arquivos de programas\\eMule\\emule.exe"="D:\\Arquivos de programas\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"="C:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"

"D:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe"="D:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"

"D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"="C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"

"D:\\Arquivos de programas\\iTunes\\iTunes.exe"="D:\\Arquivos de programas\\iTunes\\iTunes.exe:*:Enabled:iTunes"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

File Backups: - D:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Mon 28 Jan 2008 1,404,240 A.SHR --- "D:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe"

Mon 28 Jan 2008 5,146,448 A.SHR --- "D:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe"

Mon 28 Jan 2008 2,097,488 A.SHR --- "D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"

Sun 23 Mar 2008 72,704 ..SHR --- "D:\Arquivos de programas\eRightSoft\SUPER\Setup.exe"

Thu 26 Apr 2007 338 A..HR --- "D:\WINDOWS\Resources\Logon\NewLogo.reg"

Tue 8 Apr 2008 1,123,880 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\44e979936d19a4e833746e7d6f8e194d\BIT44DE.tmp"

Tue 6 May 2008 8,300 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4CB.tmp"

Tue 6 May 2008 3,048 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4CC.tmp"

Tue 6 May 2008 5,583 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4CD.tmp"

Tue 6 May 2008 12,679 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4CE.tmp"

Tue 6 May 2008 6,909 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4CF.tmp"

Tue 6 May 2008 3,852 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4D0.tmp"

Tue 6 May 2008 2,747 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4D1.tmp"

Tue 6 May 2008 3,840 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4D2.tmp"

Mon 5 May 2008 11,163 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4D3.tmp"

Tue 6 May 2008 35 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\www.deviantart.com~\BIT4D4.tmp"

Tue 6 May 2008 35 A..H. --- "D:\Documents and Settings\UserName\Configura‡äes locais\Dados de aplicativos\Google\Google Desktop\d7916072bc96\Slideshow\yexords.deviantart.com~gallery\BIT4C8.tmp"

 

Finished!

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:54:38, on 15/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\wscntfy.exe

D:\WINDOWS\system32\notepad.exe

D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

D:\WINDOWS\system32\igfxtray.exe

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\WINDOWS\RTHDCPL.EXE

D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

D:\Arquivos de programas\TopDesk\topdesk.exe

D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe

D:\Arquivos de programas\iTunes\iTunesHelper.exe

D:\WINDOWS\system32\ctfmon.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

D:\Arquivos de programas\iPod\bin\iPodService.exe

D:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)

O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe

O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [TopDesk] D:\Arquivos de programas\TopDesk\topdesk.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &List Stylesheets - D:\WINDOWS\Web\CSS_Stylesheets.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html

O9 - Extra 'Tools' menuitem: &List Stylesheets - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

 

--

End of file - 9988 bytes

 

 

Ae o avira não acho mais nada qnd ligei o pc

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe a demora. ;)

 

Acesse o scan online da Kaspersky

Só funciona com o Internet Explorer!

 

Clique no botão kasperdx9.jpg

 

Clique em I Accept. Vai aparecer na barra de informações que o site está pedindo para instalar o controle ActiveX. Confirme.

 

Aguarde a instalação e a atualização (demora um pouco), então clique em Scan Settings.

 

Em Scan Settings, deixe as opções abaixo marcadas:

 

Scan using the following Anti-Virus database:

 

Extended (if available otherwise Standard)

 

Scan Options:

 

Scan Archives

Scan Mail Bases

 

e clique em OK.

 

Na próxima página, clique em My Computer para inicie o scan. O scan é demorado, tenha paciência.

 

Ao final do scan, clique em Save as text para salvar o log.

 

Poste o log do Kaspersky mais um do Hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe a demora tbm :rolleyes:

 

Log do HiJackTHis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:36:40, on 23/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

D:\WINDOWS\system32\igfxtray.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\RTHDCPL.EXE

C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

D:\Arquivos de programas\iTunes\iTunesHelper.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Arquivos de programas\iPod\bin\iPodService.exe

D:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

D:\Arquivos de programas\Google\Google Talk\googletalk.exe

D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

D:\Arquivos de programas\iTunes\iTunes.exe

D:\Arquivos de programas\Last.fm\LastFM.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\distnoted.exe

D:\Arquivos de programas\Safari\Safari.exe

D:\Arquivos de programas\Mozilla Thunderbird\thunderbird.exe

D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe

D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe

D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\SyncServer.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: CIEStub Class - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - D:\WINDOWS\system32\amcis2.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe

O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [RK Launcher] "D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &List Stylesheets - D:\WINDOWS\Web\CSS_Stylesheets.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html

O9 - Extra 'Tools' menuitem: &List Stylesheets - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

 

--

End of file - 11115 bytes

 

 

Kaspersky

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Wednesday, July 23, 2008

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Wednesday, July 23, 2008 09:32:37

Records in database: 996706

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

F:\

 

Scan statistics:

Files scanned: 138809

Threat name: 4

Infected objects: 18

Suspicious objects: 0

Duration of the scan: 02:50:41

 

 

File name / Threat name / Threats count

D:\Arquivos de programas\Aureate\Group Mail\ajj.exe Infected: not-a-virus:AdWare.Win32.Aureate.d 1

D:\Documents and Settings\Default User\7zS887.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

D:\Documents and Settings\UserName\7zS887.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

D:\Downloads\Utils\Instalers\agmfree.exe Infected: not-a-virus:AdWare.Win32.Aureate.d 2

D:\Downloads\Utils\Instalers\agmfree.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 5

D:\Incomplete\T-5745425-digging for fire pixies.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

D:\WINDOWS\system32\adimage.dll Infected: not-a-virus:AdWare.Win32.Aureate.a 1

D:\WINDOWS\system32\ajj.exe Infected: not-a-virus:AdWare.Win32.Aureate.d 1

D:\WINDOWS\system32\Amcis2.dll Infected: not-a-virus:AdWare.Win32.Aureate.a 1

D:\WINDOWS\system32\config\systemprofile\7zS887.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

D:\WINDOWS\system32\htmdeng.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 1

D:\WINDOWS\system32\IPCClient.dll Infected: not-a-virus:AdWare.Win32.Aureate.a 1

D:\WINDOWS\system32\msipcsv.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 1

 

The selected area was scanned.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

D:\Documents and Settings\Default User\7zS887.tmp\cmdow.exe

D:\Documents and Settings\UserName\7zS887.tmp\cmdow.exe

D:\Downloads\Utils\Instalers\agmfree.exe

D:\Downloads\Utils\Instalers\agmfree.exe

D:\Incomplete\T-5745425-digging for fire pixies.mp3

D:\WINDOWS\system32\adimage.dll

D:\WINDOWS\system32\ajj.exe

D:\WINDOWS\system32\Amcis2.dll

D:\WINDOWS\system32\config\systemprofile\7zS887.tmp\cmdow.exe

D:\WINDOWS\system32\htmdeng.exe

D:\WINDOWS\system32\IPCClient.dll

D:\WINDOWS\system32\msipcsv.exe

 

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{901264ee-20dd-11dd-b705-001c25463545}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"lsas"=-

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

645i642ef2.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

 

Faça também um novo scan com o kaspersky

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-07-13.14 - UserName 2008-07-24 10:05:27.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1576 [GMT -3:00]

Executando de: D:\Documents and Settings\UserName\Desktop\Security\ComboFix.exe

Command switches used :: D:\Documents and Settings\UserName\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE ::

D:\Documents and Settings\Default User\7zS887.tmp\cmdow.exe

D:\Documents and Settings\UserName\7zS887.tmp\cmdow.exe

D:\Downloads\Utils\Instalers\agmfree.exe

D:\Incomplete\T-5745425-digging for fire pixies.mp3

D:\WINDOWS\system32\adimage.dll

D:\WINDOWS\system32\ajj.exe

D:\WINDOWS\system32\Amcis2.dll

D:\WINDOWS\system32\config\systemprofile\7zS887.tmp\cmdow.exe

D:\WINDOWS\system32\htmdeng.exe

D:\WINDOWS\system32\IPCClient.dll

D:\WINDOWS\system32\msipcsv.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

D:\Documents and Settings\Default User\7zS887.tmp\cmdow.exe

D:\Documents and Settings\UserName\7zS887.tmp\cmdow.exe

D:\Downloads\Utils\Instalers\agmfree.exe

D:\Incomplete\T-5745425-digging for fire pixies.mp3

D:\WINDOWS\system32\adimage.dll

D:\WINDOWS\system32\ajj.exe

D:\WINDOWS\system32\Amcis2.dll

D:\WINDOWS\system32\config\systemprofile\7zS887.tmp\cmdow.exe

D:\WINDOWS\system32\htmdeng.exe

D:\WINDOWS\system32\IPCClient.dll

D:\WINDOWS\system32\msipcsv.exe

 

----- BITS: Possible infected sites -----

 

hxxp://cr

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-24 to 2008-07-24 ))))))))))))))))))))))))))))))))

.

 

2008-07-22 15:28 . 2008-07-22 15:53 21,840 --a----t- D:\WINDOWS\system32\SIntfNT.dll

2008-07-22 15:28 . 2008-07-22 15:53 17,212 --a----t- D:\WINDOWS\system32\SIntf32.dll

2008-07-22 15:28 . 2008-07-22 15:53 12,067 --a----t- D:\WINDOWS\system32\SIntf16.dll

2008-07-22 15:27 . 2008-07-22 15:27 94,208 --a------ D:\WINDOWS\DIIUnin.exe

2008-07-22 15:27 . 2008-07-22 15:31 38,731 --a------ D:\WINDOWS\DIIUnin.dat

2008-07-22 15:27 . 2008-07-22 15:27 2,829 --a------ D:\WINDOWS\DIIUnin.pif

2008-07-22 15:26 . 2008-07-22 15:32 <DIR> d-------- D:\Arquivos de programas\Diablo II

2008-07-22 10:03 . 2008-07-22 16:44 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\DiskAid

2008-07-22 10:03 . 2008-07-22 10:03 <DIR> d-------- D:\Arquivos de programas\DigiDNA

2008-07-21 08:18 . 2008-07-21 08:18 <DIR> d-------- D:\Arquivos de programas\blinkx Brasil

2008-07-15 17:41 . 2008-07-15 17:41 <DIR> d-------- D:\WINDOWS\ERUNT

2008-07-15 17:30 . 2008-07-15 17:52 <DIR> d-------- D:\SDFix

2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\UserName\Configuraþ§es locais

2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\LocalService\Configuraþ§es locais

2008-07-14 08:21 . 2008-07-14 13:19 192,512 --a------ D:\WINDOWS\system32\cbOCR.dll

2008-07-11 11:40 . 2008-07-11 11:39 46,320 --a------ D:\WINDOWS\php.ini

2008-07-11 11:37 . 2008-05-02 18:07 4,874,301 --a------ D:\WINDOWS\system32\php5ts.dll

2008-07-11 11:37 . 2008-05-02 18:07 2,076,672 --a------ D:\WINDOWS\system32\libmysql.dll

2008-07-09 11:49 . 2008-07-09 11:49 <DIR> d--h----- D:\WINDOWS\amcdl

2008-07-08 16:04 . 2008-07-08 16:04 <DIR> d-------- D:\Arquivos de programas\MySQL

2008-07-08 15:55 . 2008-07-08 15:55 <DIR> d-------- D:\Arquivos de programas\Apache Software Foundation

2008-07-08 09:32 . 2008-07-08 09:32 <DIR> d-------- D:\Arquivos de programas\FileZilla FTP Client

2008-07-07 11:24 . 2008-06-10 02:32 73,728 --a------ D:\WINDOWS\system32\javacpl.cpl

2008-07-07 11:22 . 2008-07-07 11:22 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\Java

2008-07-03 09:23 . 2008-07-03 09:24 <DIR> d-------- D:\Arquivos de programas\Microsoft Works

2008-07-03 09:16 . 2008-07-03 09:16 <DIR> dr-h----- D:\MSOCache

2008-06-30 16:18 . 2008-07-08 15:30 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-30 14:53 . 2008-06-30 14:53 <DIR> d-------- D:\WINDOWS\system32\pt-br

2008-06-30 14:50 . 2008-06-30 14:50 <DIR> d--h----- D:\WINDOWS\$hf_mig$

2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Arquivos de programas\Avira

2008-06-26 13:10 . 2008-06-26 13:10 <DIR> d-------- D:\Arquivos de programas\ahead

2008-06-26 13:10 . 2008-06-26 13:10 831,488 --------- D:\WINDOWS\UNMRW.exe

2008-06-26 13:10 . 2008-06-26 13:10 155,648 --------- D:\WINDOWS\system32\NeroCheck.exe

2008-06-26 13:10 . 2008-06-26 13:10 70,532 --------- D:\WINDOWS\UNMRW.cfg

2008-06-26 13:10 . 2008-06-26 13:10 7,582 --------- D:\WINDOWS\system32\drivers\incdrm.sys

2008-06-26 09:57 . 2008-06-26 09:57 <DIR> d-------- D:\Arquivos de programas\Yahoo!

2008-06-26 08:26 . 2008-06-26 08:26 238,532 --a------ D:\WINDOWS\system32\sns.exe

2008-06-25 16:59 . 2008-06-25 16:59 371,158 --a------ D:\WINDOWS\system32\terum.exe

2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\WebApps

2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Prism

2008-06-24 10:20 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll

2008-06-24 10:20 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll

2008-06-24 10:20 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-24 13:04 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Orbit

2008-07-24 13:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\uTorrent

2008-07-24 11:44 --------- d-----w D:\Arquivos de programas\Mozilla Thunderbird

2008-07-24 11:34 --------- d-----w D:\Arquivos de programas\Flock

2008-07-23 13:21 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-07-23 11:22 --------- d-----w D:\Arquivos de programas\Orbitdownloader

2008-07-21 13:35 --------- d-----w D:\Arquivos de programas\Java

2008-07-18 21:01 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-07-18 20:07 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\FileZilla

2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iTunes

2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iPod

2008-07-10 12:35 32,000 ----a-w D:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-09 21:14 --------- d-----w D:\Arquivos de programas\Google

2008-06-26 19:27 --------- d-----w D:\Arquivos de programas\ESET

2008-06-25 12:53 --------- d-----w D:\Arquivos de programas\eMule

2008-06-18 19:39 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Flock

2008-06-18 19:15 --------- d-----w D:\Arquivos de programas\JC-Email Direct Express 4.2

2008-06-18 18:46 --------- d-----w D:\Arquivos de programas\Cheat Engine

2008-06-17 18:36 --------- d-----w D:\Arquivos de programas\iShut

2008-06-17 18:35 --------- d-----w D:\Arquivos de programas\RK Launcher

2008-06-17 18:35 --------- d-----w D:\Arquivos de programas\Address Book

2008-06-17 17:42 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-06-17 17:39 --------- d-----w D:\Arquivos de programas\Messenger Plus! Live

2008-06-16 21:07 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\GrabPro

2008-06-16 18:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Apple Computer

2008-06-16 13:24 --------- d-----w D:\Arquivos de programas\Shock Utility

2008-06-16 11:24 --------- d-----w D:\Arquivos de programas\DAEMON Tools Lite

2008-06-13 18:21 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys

2008-06-13 18:21 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\DAEMON Tools

2008-06-12 18:42 --------- d-----w D:\Arquivos de programas\Safari

2008-06-11 13:55 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Ahead

2008-06-10 11:34 --------- d-----w D:\Arquivos de programas\QuickTime

2008-06-09 17:08 --------- d-----w D:\Arquivos de programas\Magic Swf2Avi 2008

2008-06-03 19:30 --------- d-----w D:\Arquivos de programas\Last.fm

2008-06-02 14:06 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Last.fm

2008-05-28 00:05 --------- d-----w D:\Arquivos de programas\True Transparency

2008-05-27 16:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\iSproggler

2008-05-27 13:58 --------- d-----w D:\Arquivos de programas\AviSynth 2.5

2008-05-27 13:04 --------- d-----w D:\Arquivos de programas\Bonjour

2008-05-27 12:50 --------- d-----w D:\Arquivos de programas\iPod(2)

2008-05-26 14:33 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\LimeWire

2008-05-26 14:14 --------- d-----w D:\Arquivos de programas\Red Kawa

2008-05-26 13:44 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Any Video Converter

2008-05-26 12:31 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-05-26 12:30 --------- d-----w D:\Arquivos de programas\Arquivos comuns\Apple

2008-05-26 12:26 --------- d-----w D:\Arquivos de programas\eRightSoft

2004-02-12 20:25 65,536 ----a-w D:\Arquivos de programas\internet explorer\plugins\CSSEdit.dll

.

 

------- Sigcheck -------

 

2007-06-26 08:02 359040 27a5959c94ee173a063ca06bd14f021a D:\WINDOWS\system32\drivers\tcpip.sys

 

2007-04-26 17:10 1778688 8a9fbd4c096cb4467df00687703bd086 D:\WINDOWS\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-07-14_15.42.22.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-15 02:41:59 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-07-15 20:41:23 6,623,232 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat

+ 2008-07-15 20:41:23 286,720 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-07-15 02:41:59 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-07-15 20:41:21 6,623,232 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat

+ 2008-07-15 20:41:21 286,720 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

- 2008-03-04 16:28:53 79,424 ----a-w D:\WINDOWS\system32\drivers\avipbb.sys

+ 2008-07-18 11:25:44 75,072 ----a-w D:\WINDOWS\system32\drivers\avipbb.sys

- 2008-03-25 04:28:39 135,168 ----a-w D:\WINDOWS\system32\java.exe

+ 2008-06-10 04:21:01 135,168 ----a-w D:\WINDOWS\system32\java.exe

- 2008-03-25 04:28:43 135,168 ----a-w D:\WINDOWS\system32\javaw.exe

+ 2008-06-10 04:21:04 135,168 ----a-w D:\WINDOWS\system32\javaw.exe

- 2008-03-25 05:37:01 139,264 ----a-w D:\WINDOWS\system32\javaws.exe

+ 2008-06-10 05:32:34 139,264 ----a-w D:\WINDOWS\system32\javaws.exe

- 2008-03-24 23:21:00 218,496 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-03-25 03:21:20 218,496 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2008-06-26 12:57:38 74,137 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-07-21 11:18:28 74,137 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-07-18 18:59:42 70,264 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

"msnmsgr"="D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"DAEMON Tools Lite"="D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856]

"SpybotSD TeaTimer"="D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"swg"="D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 10:45 68856]

"RK Launcher"="D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe" [2007-03-16 17:05 708608]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Vistadrv"="D:\WINDOWS\HDbar\vsdrv.exe" [2006-07-30 02:37 121089]

"UnlockerAssistant"="D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872]

"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2007-04-20 02:57 142104]

"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2007-04-20 02:57 162584]

"Persistence"="D:\WINDOWS\system32\igfxpers.exe" [2007-04-20 02:57 138008]

"Adobe Reader Speed Launcher"="D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"G4Listener"="C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" [2008-01-11 12:00 93184]

"QuickTime Task"="D:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-27 10:50 413696]

"avgnt"="D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 08:25 266497]

"SunJavaUpdateSched"="D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"AppleSyncNotifier"="D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"iTunesHelper"="D:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 D:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360]

 

D:\WINDOWS\system32\config\systemprofile\Menu Iniciar\Programas\Inicializar\

ObjectDock.lnk - D:\Arquivos de programas\OBjectDock\ObjectDock.exe [2008-03-12 13:57:04 1826885]

UberIcon.lnk - D:\Arquivos de programas\UberIcon\UberIcon Manager.exe [2008-03-12 13:54:21 188416]

VisualTaskTips.lnk - D:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe [2008-03-12 13:54:22 36864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="%windir%\\Resources\\Logon\\Newlogo.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.CSCD"= camcodec.dll

"vidc.ffds"= D:\ARQUIV~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nsd22.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uap14.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff74.sys]

@="Driver"

 

[HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^UberIcon.lnk]

path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\UberIcon.lnk

backup=D:\WINDOWS\pss\UberIcon.lnkStartup

 

[HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^VisualTaskTips.lnk]

path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\VisualTaskTips.lnk

backup=D:\WINDOWS\pss\VisualTaskTips.lnkStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"D:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"D:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"D:\\WINDOWS\\system32\\LMabcoms.exe"=

"D:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"D:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"D:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Santander\\Gerenciador de Arquivos\\Bin\\Listener.exe"=

"D:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=

"D:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe"=

"D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=

"D:\\Arquivos de programas\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8322:TCP"= 8322:TCP:BitComet 8322 TCP

"8322:UDP"= 8322:UDP:BitComet 8322 UDP

 

S0 Nsd22;Nsd22;D:\WINDOWS\system32\Drivers\Nsd22.sys []

S0 Uap14;Uap14;D:\WINDOWS\system32\Drivers\Uap14.sys []

S0 Winff74;Winff74;D:\WINDOWS\system32\Drivers\Winff74.sys []

S2 gupdate1c8c104853bc198;Google Update Service (gupdate1c8c104853bc198);D:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2008-07-09 09:22]

S3 FXDrv32;FXDrv32;E:\FXDrv32.sys []

S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 08:59]

S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []

S3 XDva120;XDva120;D:\WINDOWS\system32\XDva120.sys []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-04-16 16:14:59 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- D:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2008-07-24 11:22:09 D:\WINDOWS\Tasks\GoogleUpdateTask.job"

- D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-24 10:07:25

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-24 10:09:24

ComboFix-quarantined-files.txt 2008-07-24 13:08:55

ComboFix2.txt 2008-07-15 11:36:19

ComboFix3.txt 2008-07-14 18:42:57

ComboFix4.txt 2008-06-24 13:38:58

 

Pre-Run: 157,779,755,008 bytes disponíveis

Post-Run: 157,832,237,056 bytes disponíveis

 

268

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Wednesday, July 23, 2008

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Wednesday, July 23, 2008 09:32:37

Records in database: 996706

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

F:\

 

Scan statistics:

Files scanned: 138809

Threat name: 4

Infected objects: 18

Suspicious objects: 0

Duration of the scan: 02:50:41

 

 

File name / Threat name / Threats count

D:\Arquivos de programas\Aureate\Group Mail\ajj.exe Infected: not-a-virus:AdWare.Win32.Aureate.d 1

D:\Documents and Settings\Default User\7zS887.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

D:\Documents and Settings\UserName\7zS887.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

D:\Downloads\Utils\Instalers\agmfree.exe Infected: not-a-virus:AdWare.Win32.Aureate.d 2

D:\Downloads\Utils\Instalers\agmfree.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 5

D:\Incomplete\T-5745425-digging for fire pixies.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

D:\WINDOWS\system32\adimage.dll Infected: not-a-virus:AdWare.Win32.Aureate.a 1

D:\WINDOWS\system32\ajj.exe Infected: not-a-virus:AdWare.Win32.Aureate.d 1

D:\WINDOWS\system32\Amcis2.dll Infected: not-a-virus:AdWare.Win32.Aureate.a 1

D:\WINDOWS\system32\config\systemprofile\7zS887.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

D:\WINDOWS\system32\htmdeng.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 1

D:\WINDOWS\system32\IPCClient.dll Infected: not-a-virus:AdWare.Win32.Aureate.a 1

D:\WINDOWS\system32\msipcsv.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 1

 

The selected area was scanned.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:10:57, on 24/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\WINDOWS\system32\igfxtray.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\WINDOWS\system32\igfxpers.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\WINDOWS\RTHDCPL.EXE

D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

D:\Arquivos de programas\iTunes\iTunesHelper.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Arquivos de programas\iPod\bin\iPodService.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

D:\WINDOWS\system32\notepad.exe

D:\WINDOWS\explorer.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - (no file)

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe

O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [RK Launcher] "D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &List Stylesheets - D:\WINDOWS\Web\CSS_Stylesheets.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html

O9 - Extra 'Tools' menuitem: &List Stylesheets - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

 

--

End of file - 10002 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o donwload do Kill Box

 

- Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em abaixo na caixa cinza, selecionando-a e clicando com o botão direito do mouse -> copiar...

 

D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

 

No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no killboxdl5tf5.png. ... e responda Não à pergunta.

 

Reinicie o mirco em modo seguro.

 

Rode o hijackthis, e clique em Do a System Scan Only e marque as entradas abaixo na caixa cinza

 

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

 

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

 

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

 

O8 - Extra context menu item: &List Stylesheets - D:\WINDOWS\Web\CSS_Stylesheets.html

 

O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - D:\WINDOWS\Web\CSS_Stylesheets.html

 

O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

 

Ao final da seleção, clique em Fix Checked...

 

@- Reinicie em modo normal.

 

@- Copie o(s) log(s) do Hijack (atualizado) e cole-o(s) na sequência.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:54:48, on 25/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

D:\WINDOWS\system32\igfxtray.exe

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\RTHDCPL.EXE

D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

D:\Arquivos de programas\iTunes\iTunesHelper.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe

D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Arquivos de programas\Orbitdownloader\orbitnet.exe

D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

D:\Arquivos de programas\iPod\bin\iPodService.exe

D:\WINDOWS\system32\dwwin.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\dumprep.exe

D:\WINDOWS\system32\dwwin.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: CIEStub Class - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - D:\WINDOWS\system32\amcis.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe

O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [RK Launcher] "D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - AppInit_DLLs: D:\ARQUIV~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gerenciador do Google Desktop 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Unknown owner - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

 

--

End of file - 9966 bytes

 

Cara uma perguntinha, o Listener que você mando eu apaga agora pouco, não faz parte do Gerenciador do Satander??

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa!,

 

Faça o download do Spyware Terminator

2.3.0.481

 

O Spyware Terminator é uma das ferramentas mais famosas para combater os temidos spywares. Este tipo de praga é responsável por instalar propagandas, mudar configurações do computador e até mesmo roubar informações do usuário sem o consentimento dele. Além disso, são pragas bem comuns na Internet e muito fáceis de serem adquiridas, principalmente em computadores que não possuem uma camada proteção eficiente contra elas, como o Spyware Terminator.

 

Esta ferramenta tem um alto potencial de combate a esse tipo de pragas, sendo considerado um dos melhores aplicativos para esse fim. Além do poderio de detecção, oferece proteção em tempo real, também conhecida como proteção residente, para prevenir o computador de novas contaminações ao longo de seu uso, o ponto forte do aplicativo.

 

Faça um scan em seu micro com a ferramenta depois poste um novo log do hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:00:06, on 28/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

D:\WINDOWS\system32\igfxtray.exe

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\RTHDCPL.EXE

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

D:\Arquivos de programas\iTunes\iTunesHelper.exe

D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

D:\Arquivos de programas\Orbitdownloader\orbitnet.exe

D:\Arquivos de programas\iPod\bin\iPodService.exe

D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe

D:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

D:\Arquivos de programas\Palringo\palringo.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe

O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [RK Launcher] "D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - AppInit_DLLs: D:\ARQUIV~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gerenciador do Google Desktop 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Unknown owner - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

 

--

End of file - 10119 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Yeshu'a,

 

Reinicie o mirco em modo seguro.

 

Rode o hijackthis, e clique em Do a System Scan Only e marque a entrada abaixo na caixa cinza

 

O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Unknown owner - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe (file missing)

 

Ao final da seleção, clique em Fix Checked...

 

@- Reinicie em modo normal.

 

@- Copie o(s) log(s) do Hijack (atualizado) e cole-o(s) na sequência.

 

Feito isso, faça o download do combofix novamente.

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-07-28.6 - UserName 2008-07-29 12:15:19.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1579 [GMT -3:00]

Executando de: D:\Documents and Settings\UserName\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

 

----- BITS: Sites possivelmente infetados -----

 

http://yexords.deviantart.com

http://s.deviantart.com

http://pixel.quantserve.com

http://www.deviantart.com

http://tn1-1.pv.deviantart.com

http://tn1-2.pv.deviantart.com

http://st.deviantart.com

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-28 to 2008-07-29 ))))))))))))))))))))))))))))))))

.

 

2008-07-29 12:07 . 2008-07-29 12:07 22,207,742 --a------ D:\Santander.rar

2008-07-28 09:52 . 2008-07-28 09:57 <DIR> d-------- D:\Arquivos de programas\Palringo

2008-07-28 09:25 . 2008-07-29 08:15 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Spyware Terminator

2008-07-28 09:25 . 2008-07-29 08:57 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-07-28 09:25 . 2008-07-29 08:57 <DIR> d-------- D:\Arquivos de programas\Spyware Terminator

2008-07-28 09:25 . 2008-07-28 09:25 141,312 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2008-07-25 16:25 . 2008-07-25 16:25 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\fretsonfire

2008-07-25 16:25 . 2008-07-25 16:30 <DIR> d-------- D:\Arquivos de programas\Frets on Fire

2008-07-25 15:16 . 2008-07-25 15:16 <DIR> d-------- D:\Arquivos de programas\FileZilla FTP Client

2008-07-25 11:02 . 1999-11-04 13:11 111,896 --a------ D:\WINDOWS\system32\Cspop32.ocx

2008-07-25 11:02 . 1999-12-11 17:02 110,592 --a------ D:\WINDOWS\system32\adimage.dll

2008-07-25 11:02 . 1999-11-22 14:31 65,536 --a------ D:\WINDOWS\system32\anadsc.ocx

2008-07-25 11:02 . 2000-01-04 14:18 57,344 --a------ D:\WINDOWS\system32\tfde.dll

2008-07-25 11:02 . 1999-11-29 13:15 53,248 --a------ D:\WINDOWS\system32\htmdeng.exe

2008-07-25 11:02 . 1999-11-23 09:21 36,864 --a------ D:\WINDOWS\system32\IPCClient.dll

2008-07-25 11:02 . 1998-12-02 10:12 20,480 --a------ D:\WINDOWS\system32\ajj.exe

2008-07-25 10:50 . 2008-07-25 10:50 912 --a------ D:\WINDOWS\megaemail.ini

2008-07-25 09:38 . 2008-07-25 09:39 <DIR> d-------- D:\!KillBox

2008-07-25 09:10 . 2008-07-25 09:10 27,136 --a------ D:\WINDOWS\~GLH0000.TMP

2008-07-24 17:25 . 2008-07-24 17:25 55 -ra------ D:\WINDOWS\amunres.lsl

2008-07-24 17:20 . 2008-07-24 17:20 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\EmailSender

2008-07-24 16:41 . 2008-07-24 17:25 <DIR> d-------- D:\Arquivos de programas\Carteiro

2008-07-24 16:41 . 2001-07-01 17:30 112,640 --a------ D:\WINDOWS\lsb_un20.exe

2008-07-24 16:12 . 2008-07-24 17:05 <DIR> d--h----- D:\WINDOWS\amc

2008-07-24 16:12 . 2008-07-24 17:05 103 --a------ D:\WINDOWS\Group Mail

2008-07-24 16:10 . 1999-10-22 11:30 448,248 --a------ D:\WINDOWS\system32\sstbars2.ocx

2008-07-24 16:10 . 1999-09-02 10:18 290,816 --a------ D:\WINDOWS\system32\sstabs2.ocx

2008-07-24 16:10 . 1999-06-04 12:20 102,272 --a------ D:\WINDOWS\system32\pop40.ocx

2008-07-24 16:10 . 1999-04-01 14:52 45,056 --a------ D:\WINDOWS\system32\amcis.dll

2008-07-24 16:00 . 1995-05-22 08:00 640,512 --------- D:\WINDOWS\system32\Oc30.dll

2008-07-24 16:00 . 1998-07-14 14:54 362,552 --------- D:\WINDOWS\system32\sstbars.ocx

2008-07-24 16:00 . 1999-01-29 15:25 332,800 --------- D:\WINDOWS\system32\AdvertX.ocx

2008-07-24 16:00 . 1997-02-24 17:04 264,288 --a------ D:\WINDOWS\system32\American.vtd

2008-07-24 16:00 . 1999-05-07 00:00 209,408 --------- D:\WINDOWS\system32\Tabctl32.ocx

2008-07-24 16:00 . 1995-10-11 01:00 133,904 --------- D:\WINDOWS\system32\Mfcans32.dll

2008-07-24 16:00 . 1999-06-08 13:50 97,280 --a------ D:\WINDOWS\system32\Vspell32.ocx

2008-07-24 16:00 . 1997-02-24 17:44 70,656 --a------ D:\WINDOWS\system32\Vspell32.dll

2008-07-24 16:00 . 1998-07-15 00:03 54,784 --a------ D:\WINDOWS\system32\Netcod33.ocx

2008-07-24 16:00 . 1997-02-24 17:04 15,819 --a------ D:\WINDOWS\system32\Vspeller.hlp

2008-07-22 15:28 . 2008-07-22 15:53 21,840 --a----t- D:\WINDOWS\system32\SIntfNT.dll

2008-07-22 15:28 . 2008-07-22 15:53 17,212 --a----t- D:\WINDOWS\system32\SIntf32.dll

2008-07-22 15:28 . 2008-07-22 15:53 12,067 --a----t- D:\WINDOWS\system32\SIntf16.dll

2008-07-22 15:26 . 2008-07-28 09:56 <DIR> d-------- D:\Arquivos de programas\Diablo II

2008-07-22 10:03 . 2008-07-28 15:50 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\DiskAid

2008-07-22 10:03 . 2008-07-22 10:03 <DIR> d-------- D:\Arquivos de programas\DigiDNA

2008-07-15 17:41 . 2008-07-15 17:41 <DIR> d-------- D:\WINDOWS\ERUNT

2008-07-15 17:30 . 2008-07-15 17:52 <DIR> d-------- D:\SDFix

2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\UserName\Configurações locais

2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\NetworkService\Configurações locais

2008-07-14 15:42 . 2008-07-14 15:42 <DIR> d-------- D:\Documents and Settings\LocalService\Configurações locais

2008-07-14 08:21 . 2008-07-14 13:19 192,512 --a------ D:\WINDOWS\system32\cbOCR.dll

2008-07-11 11:40 . 2008-07-11 11:39 46,320 --a------ D:\WINDOWS\php.ini

2008-07-11 11:37 . 2008-05-02 18:07 4,874,301 --a------ D:\WINDOWS\system32\php5ts.dll

2008-07-11 11:37 . 2008-05-02 18:07 2,076,672 --a------ D:\WINDOWS\system32\libmysql.dll

2008-07-09 11:49 . 2008-07-09 11:49 <DIR> d--h----- D:\WINDOWS\amcdl

2008-07-08 16:04 . 2008-07-08 16:04 <DIR> d-------- D:\Arquivos de programas\MySQL

2008-07-08 15:55 . 2008-07-08 15:55 <DIR> d-------- D:\Arquivos de programas\Apache Software Foundation

2008-07-07 11:24 . 2008-06-10 02:32 73,728 --a------ D:\WINDOWS\system32\javacpl.cpl

2008-07-07 11:22 . 2008-07-07 11:22 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\Java

2008-07-03 09:23 . 2008-07-03 09:24 <DIR> d-------- D:\Arquivos de programas\Microsoft Works

2008-07-03 09:16 . 2008-07-03 09:16 <DIR> dr-h----- D:\MSOCache

2008-06-30 16:18 . 2008-07-08 15:30 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-30 14:53 . 2008-06-30 14:53 <DIR> d-------- D:\WINDOWS\system32\pt-br

2008-06-30 14:50 . 2008-06-30 14:50 <DIR> d--h----- D:\WINDOWS\$hf_mig$

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-29 15:14 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Orbit

2008-07-29 14:45 --------- d-----w D:\Arquivos de programas\Orbitdownloader

2008-07-29 12:56 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-07-29 12:45 --------- d-----w D:\Arquivos de programas\Flock

2008-07-29 12:16 --------- d-----w D:\Arquivos de programas\Mozilla Thunderbird

2008-07-28 22:26 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\uTorrent

2008-07-28 20:41 --------- d--h--w D:\Arquivos de programas\InstallShield Installation Information

2008-07-28 12:56 --------- d-----w D:\Arquivos de programas\Aureate

2008-07-28 11:50 --------- d-----w D:\Arquivos de programas\Yahoo!

2008-07-25 19:23 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\FileZilla

2008-07-25 16:21 --------- d-----w D:\Arquivos de programas\eMule

2008-07-24 17:56 --------- d-----w D:\Arquivos de programas\Google

2008-07-21 13:35 --------- d-----w D:\Arquivos de programas\Java

2008-07-18 21:01 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iTunes

2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iPod

2008-07-10 12:35 32,000 ----a-w D:\WINDOWS\system32\drivers\usbaapl.sys

2008-06-26 19:27 --------- d-----w D:\Arquivos de programas\ESET

2008-06-26 18:48 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-06-26 18:48 --------- d-----w D:\Arquivos de programas\Avira

2008-06-26 16:10 831,488 ------w D:\WINDOWS\UNMRW.exe

2008-06-26 16:10 7,582 ------w D:\WINDOWS\system32\drivers\incdrm.sys

2008-06-26 16:10 155,648 ------w D:\WINDOWS\system32\NeroCheck.exe

2008-06-26 16:10 --------- d-----w D:\Arquivos de programas\ahead

2008-06-26 11:26 238,532 ----a-w D:\WINDOWS\system32\sns.exe

2008-06-25 19:59 371,158 ----a-w D:\WINDOWS\system32\terum.exe

2008-06-24 18:35 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\WebApps

2008-06-24 18:35 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Prism

2008-06-18 19:39 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Flock

2008-06-18 19:15 --------- d-----w D:\Arquivos de programas\JC-Email Direct Express 4.2

2008-06-18 18:46 --------- d-----w D:\Arquivos de programas\Cheat Engine

2008-06-17 18:36 --------- d-----w D:\Arquivos de programas\iShut

2008-06-17 18:35 --------- d-----w D:\Arquivos de programas\RK Launcher

2008-06-17 18:35 --------- d-----w D:\Arquivos de programas\Address Book

2008-06-17 17:42 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-06-17 17:39 --------- d-----w D:\Arquivos de programas\Messenger Plus! Live

2008-06-16 21:07 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\GrabPro

2008-06-16 18:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Apple Computer

2008-06-16 13:24 --------- d-----w D:\Arquivos de programas\Shock Utility

2008-06-16 11:24 --------- d-----w D:\Arquivos de programas\DAEMON Tools Lite

2008-06-13 18:21 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys

2008-06-13 18:21 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\DAEMON Tools

2008-06-12 18:42 --------- d-----w D:\Arquivos de programas\Safari

2008-06-11 13:55 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Ahead

2008-06-10 11:34 --------- d-----w D:\Arquivos de programas\QuickTime

2008-06-09 17:08 --------- d-----w D:\Arquivos de programas\Magic Swf2Avi 2008

2008-06-03 19:30 --------- d-----w D:\Arquivos de programas\Last.fm

2008-06-02 14:06 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Last.fm

2008-05-28 00:05 --------- d-----w D:\Arquivos de programas\True Transparency

2004-02-12 20:25 65,536 ----a-w D:\Arquivos de programas\internet explorer\plugins\CSSEdit.dll

.

 

------- Sigcheck -------

 

2007-06-26 08:02 359040 27a5959c94ee173a063ca06bd14f021a D:\WINDOWS\system32\drivers\tcpip.sys

 

2007-04-26 17:10 1778688 8a9fbd4c096cb4467df00687703bd086 D:\WINDOWS\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-07-14_15.42.22.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-15 02:41:59 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-07-15 20:41:23 6,623,232 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat

+ 2008-07-15 20:41:23 286,720 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-07-15 02:41:59 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-07-15 20:41:21 6,623,232 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat

+ 2008-07-15 20:41:21 286,720 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

- 2008-03-04 16:28:53 79,424 ----a-w D:\WINDOWS\system32\drivers\avipbb.sys

+ 2008-07-18 11:25:44 75,072 ----a-w D:\WINDOWS\system32\drivers\avipbb.sys

- 2008-03-25 04:28:39 135,168 ----a-w D:\WINDOWS\system32\java.exe

+ 2008-06-10 04:21:01 135,168 ----a-w D:\WINDOWS\system32\java.exe

- 2008-03-25 04:28:43 135,168 ----a-w D:\WINDOWS\system32\javaw.exe

+ 2008-06-10 04:21:04 135,168 ----a-w D:\WINDOWS\system32\javaw.exe

- 2008-03-25 05:37:01 139,264 ----a-w D:\WINDOWS\system32\javaws.exe

+ 2008-06-10 05:32:34 139,264 ----a-w D:\WINDOWS\system32\javaws.exe

- 2008-03-24 23:21:00 218,496 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-03-25 03:21:20 218,496 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2008-06-26 12:57:38 74,137 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-07-21 11:18:28 74,137 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-07-18 18:59:42 70,264 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

- 2008-03-10 16:38:40 297,984 ----a-w D:\WINDOWS\system32\midas.dll

+ 2005-01-02 15:16:18 297,984 ----a-w D:\WINDOWS\system32\midas.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

"msnmsgr"="D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"DAEMON Tools Lite"="D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856]

"SpybotSD TeaTimer"="D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"swg"="D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 10:45 68856]

"RK Launcher"="D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe" [2007-03-16 17:05 708608]

"Palringo"="D:\Arquivos de programas\Palringo\palringo.exe" [2008-04-29 06:48 360448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Vistadrv"="D:\WINDOWS\HDbar\vsdrv.exe" [2006-07-30 02:37 121089]

"UnlockerAssistant"="D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872]

"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2007-04-20 02:57 142104]

"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2007-04-20 02:57 162584]

"Persistence"="D:\WINDOWS\system32\igfxpers.exe" [2007-04-20 02:57 138008]

"Adobe Reader Speed Launcher"="D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"QuickTime Task"="D:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-27 10:50 413696]

"avgnt"="D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 08:25 266497]

"SunJavaUpdateSched"="D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"AppleSyncNotifier"="D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"iTunesHelper"="D:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

"Google Desktop Search"="D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-24 14:56 29744]

"G4Listener"="C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" [2008-01-11 12:00 93184]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 D:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360]

 

D:\WINDOWS\system32\config\systemprofile\Menu Iniciar\Programas\Inicializar\

ObjectDock.lnk - D:\Arquivos de programas\OBjectDock\ObjectDock.exe [2008-03-12 13:57:04 1826885]

UberIcon.lnk - D:\Arquivos de programas\UberIcon\UberIcon Manager.exe [2008-03-12 13:54:21 188416]

VisualTaskTips.lnk - D:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe [2008-03-12 13:54:22 36864]

 

D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\

Yahoo! Widgets.lnk - D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 19:34:48 3746856]

 

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Orbit.lnk - D:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-03-12 15:03:55 1703112]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="%windir%\\Resources\\Logon\\Newlogo.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.CSCD"= camcodec.dll

"vidc.ffds"= D:\ARQUIV~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nsd22.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uap14.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff74.sys]

@="Driver"

 

[HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^UberIcon.lnk]

path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\UberIcon.lnk

backup=D:\WINDOWS\pss\UberIcon.lnkStartup

 

[HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^VisualTaskTips.lnk]

path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\VisualTaskTips.lnk

backup=D:\WINDOWS\pss\VisualTaskTips.lnkStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"D:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"D:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"D:\\WINDOWS\\system32\\LMabcoms.exe"=

"D:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"D:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"D:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Santander\\Gerenciador de Arquivos\\Bin\\Listener.exe"=

"D:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=

"D:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe"=

"D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=

"D:\\Arquivos de programas\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8322:TCP"= 8322:TCP:BitComet 8322 TCP

"8322:UDP"= 8322:UDP:BitComet 8322 UDP

 

S0 Nsd22;Nsd22;D:\WINDOWS\system32\Drivers\Nsd22.sys []

S0 Uap14;Uap14;D:\WINDOWS\system32\Drivers\Uap14.sys []

S0 Winff74;Winff74;D:\WINDOWS\system32\Drivers\Winff74.sys []

S2 gupdate1c8c104853bc198;Google Update Service (gupdate1c8c104853bc198);D:\Arquivos de programas\Google\Update\GoogleUpdate.exe []

S3 FXDrv32;FXDrv32;E:\FXDrv32.sys []

S3 GoogleDesktopManager-051608-133132;Gerenciador do Google Desktop 5.7.805.16405;D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-24 14:56]

S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 08:59]

S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []

S3 XDva120;XDva120;D:\WINDOWS\system32\XDva120.sys []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Conte£do da pasta 'Tarefas Agendadas'

 

2008-04-16 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- D:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

.

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.br/

R0 -: HKCU-Main,Search Page = hxxp://www.google.com

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s

R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie

O8 -: &Download by Orbit - D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 -: &Grab video by Orbit - D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 -: &List Stylesheets

O8 -: Do&wnload selected by Orbit - D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 -: Down&load all by Orbit - D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 -: E&xport to Microsoft Excel - D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 -: E&xportar para o Microsoft Excel - D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

 

O16 -: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} - hxxps://netbanking2.banespa.com.br/OCX/TG.cab

D:\WINDOWS\Downloaded Program Files\TG.ocx

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-29 12:19:51

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

D:\WINDOWS\system32\wscntfy.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\Arquivos de programas\iPod\bin\iPodService.exe

D:\Arquivos de programas\Orbitdownloader\orbitnet.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-07-29 12:26:48 - Maquina reiniciou [userName]

ComboFix-quarantined-files.txt 2008-07-29 15:25:52

ComboFix2.txt 2008-07-24 13:09:25

ComboFix3.txt 2008-07-15 11:36:19

ComboFix4.txt 2008-07-14 18:42:57

ComboFix5.txt 2008-07-29 15:12:28

 

Pre-Run: 18 pasta(s) 162,696,347,648 bytes disponíveis

Post-Run: 21 pasta(s) 162,939,854,848 bytes dispon¡veis

 

314

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:28:40, on 29/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

D:\WINDOWS\system32\igfxtray.exe

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\RTHDCPL.EXE

D:\WINDOWS\system32\igfxsrvc.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

D:\Arquivos de programas\iTunes\iTunesHelper.exe

D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe

D:\Arquivos de programas\Palringo\palringo.exe

D:\Arquivos de programas\iPod\bin\iPodService.exe

D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe

D:\Arquivos de programas\Orbitdownloader\orbitnet.exe

D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe

D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe

D:\WINDOWS\explorer.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe

O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [RK Launcher] "D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe"

O4 - HKCU\..\Run: [Palringo] "D:\Arquivos de programas\Palringo\palringo.exe" /hidden

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Yahoo! Widgets.lnk = D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O4 - Global Startup: RKLauncher.lnk = D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gerenciador do Google Desktop 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Unknown owner - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

 

--

End of file - 10548 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Vistadrv"=-

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

645i642ef2.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-07-28.6 - UserName 2008-07-30 11:22:59.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1557 [GMT -3:00]

Executando de: D:\Documents and Settings\UserName\Desktop\ComboFix.exe

Command switches used :: D:\Documents and Settings\UserName\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE ::

D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))

.

 

2008-07-30 11:07 . 1999-11-30 17:30 294,912 --a------ D:\WINDOWS\system32\msipcsv.exe

2008-07-30 11:07 . 1999-11-23 09:23 40,960 --a------ D:\WINDOWS\system32\Amcis2.dll

2008-07-29 12:07 . 2008-07-29 12:07 22,207,742 --a------ D:\Santander.rar

2008-07-28 09:52 . 2008-07-28 09:57 <DIR> d-------- D:\Arquivos de programas\Palringo

2008-07-28 09:25 . 2008-07-29 08:15 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Spyware Terminator

2008-07-28 09:25 . 2008-07-29 08:57 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-07-28 09:25 . 2008-07-29 08:57 <DIR> d-------- D:\Arquivos de programas\Spyware Terminator

2008-07-28 09:25 . 2008-07-28 09:25 141,312 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2008-07-25 16:25 . 2008-07-29 16:29 <DIR> d-------- D:\Arquivos de programas\Frets on Fire

2008-07-25 15:16 . 2008-07-25 15:16 <DIR> d-------- D:\Arquivos de programas\FileZilla FTP Client

2008-07-25 11:02 . 1999-11-04 13:11 111,896 --a------ D:\WINDOWS\system32\Cspop32.ocx

2008-07-25 11:02 . 1999-12-11 17:02 110,592 --a------ D:\WINDOWS\system32\adimage.dll

2008-07-25 11:02 . 1999-11-22 14:31 65,536 --a------ D:\WINDOWS\system32\anadsc.ocx

2008-07-25 11:02 . 2000-01-04 14:18 57,344 --a------ D:\WINDOWS\system32\tfde.dll

2008-07-25 11:02 . 1999-11-29 13:15 53,248 --a------ D:\WINDOWS\system32\htmdeng.exe

2008-07-25 11:02 . 1999-11-23 09:21 36,864 --a------ D:\WINDOWS\system32\IPCClient.dll

2008-07-25 11:02 . 1998-12-02 10:12 20,480 --a------ D:\WINDOWS\system32\ajj.exe

2008-07-25 10:50 . 2008-07-25 10:50 912 --a------ D:\WINDOWS\megaemail.ini

2008-07-25 09:38 . 2008-07-25 09:39 <DIR> d-------- D:\!KillBox

2008-07-25 09:10 . 2008-07-25 09:10 27,136 --a------ D:\WINDOWS\~GLH0000.TMP

2008-07-24 17:25 . 2008-07-24 17:25 55 -ra------ D:\WINDOWS\amunres.lsl

2008-07-24 17:20 . 2008-07-24 17:20 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\EmailSender

2008-07-24 16:41 . 2008-07-24 17:25 <DIR> d-------- D:\Arquivos de programas\Carteiro

2008-07-24 16:41 . 2001-07-01 17:30 112,640 --a------ D:\WINDOWS\lsb_un20.exe

2008-07-24 16:12 . 2008-07-24 17:05 <DIR> d--h----- D:\WINDOWS\amc

2008-07-24 16:12 . 2008-07-24 17:05 103 --a------ D:\WINDOWS\Group Mail

2008-07-24 16:10 . 1999-10-22 11:30 448,248 --a------ D:\WINDOWS\system32\sstbars2.ocx

2008-07-24 16:10 . 1999-09-02 10:18 290,816 --a------ D:\WINDOWS\system32\sstabs2.ocx

2008-07-24 16:10 . 1999-06-04 12:20 102,272 --a------ D:\WINDOWS\system32\pop40.ocx

2008-07-24 16:10 . 1999-04-01 14:52 45,056 --a------ D:\WINDOWS\system32\amcis.dll

2008-07-24 16:00 . 1995-05-22 08:00 640,512 --------- D:\WINDOWS\system32\Oc30.dll

2008-07-24 16:00 . 1998-07-14 14:54 362,552 --------- D:\WINDOWS\system32\sstbars.ocx

2008-07-24 16:00 . 1999-01-29 15:25 332,800 --------- D:\WINDOWS\system32\AdvertX.ocx

2008-07-24 16:00 . 1997-02-24 17:04 264,288 --a------ D:\WINDOWS\system32\American.vtd

2008-07-24 16:00 . 1999-05-07 00:00 209,408 --------- D:\WINDOWS\system32\Tabctl32.ocx

2008-07-24 16:00 . 1995-10-11 01:00 133,904 --------- D:\WINDOWS\system32\Mfcans32.dll

2008-07-24 16:00 . 1999-06-08 13:50 97,280 --a------ D:\WINDOWS\system32\Vspell32.ocx

2008-07-24 16:00 . 1997-02-24 17:44 70,656 --a------ D:\WINDOWS\system32\Vspell32.dll

2008-07-24 16:00 . 1998-07-15 00:03 54,784 --a------ D:\WINDOWS\system32\Netcod33.ocx

2008-07-24 16:00 . 1997-02-24 17:04 15,819 --a------ D:\WINDOWS\system32\Vspeller.hlp

2008-07-22 15:28 . 2008-07-22 15:53 21,840 --a----t- D:\WINDOWS\system32\SIntfNT.dll

2008-07-22 15:28 . 2008-07-22 15:53 17,212 --a----t- D:\WINDOWS\system32\SIntf32.dll

2008-07-22 15:28 . 2008-07-22 15:53 12,067 --a----t- D:\WINDOWS\system32\SIntf16.dll

2008-07-22 15:26 . 2008-07-28 09:56 <DIR> d-------- D:\Arquivos de programas\Diablo II

2008-07-22 10:03 . 2008-07-28 15:50 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\DiskAid

2008-07-22 10:03 . 2008-07-22 10:03 <DIR> d-------- D:\Arquivos de programas\DigiDNA

2008-07-15 17:41 . 2008-07-15 17:41 <DIR> d-------- D:\WINDOWS\ERUNT

2008-07-15 17:30 . 2008-07-15 17:52 <DIR> d-------- D:\SDFix

2008-07-14 15:42 . 2008-07-29 12:26 <DIR> d-------- D:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-07-14 15:42 . 2008-07-29 12:26 <DIR> d-------- D:\Documents and Settings\UserName\Configuraþ§es locais

2008-07-14 15:42 . 2008-07-29 12:26 <DIR> d-------- D:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-07-14 15:42 . 2008-07-29 12:26 <DIR> d-------- D:\Documents and Settings\LocalService\Configuraþ§es locais

2008-07-14 08:21 . 2008-07-14 13:19 192,512 --a------ D:\WINDOWS\system32\cbOCR.dll

2008-07-11 11:40 . 2008-07-11 11:39 46,320 --a------ D:\WINDOWS\php.ini

2008-07-11 11:37 . 2008-05-02 18:07 4,874,301 --a------ D:\WINDOWS\system32\php5ts.dll

2008-07-11 11:37 . 2008-05-02 18:07 2,076,672 --a------ D:\WINDOWS\system32\libmysql.dll

2008-07-09 11:49 . 2008-07-09 11:49 <DIR> d--h----- D:\WINDOWS\amcdl

2008-07-08 16:04 . 2008-07-08 16:04 <DIR> d-------- D:\Arquivos de programas\MySQL

2008-07-08 15:55 . 2008-07-08 15:55 <DIR> d-------- D:\Arquivos de programas\Apache Software Foundation

2008-07-07 11:24 . 2008-06-10 02:32 73,728 --a------ D:\WINDOWS\system32\javacpl.cpl

2008-07-07 11:22 . 2008-07-07 11:22 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\Java

2008-07-03 09:23 . 2008-07-03 09:24 <DIR> d-------- D:\Arquivos de programas\Microsoft Works

2008-07-03 09:16 . 2008-07-03 09:16 <DIR> dr-h----- D:\MSOCache

2008-06-30 16:18 . 2008-07-08 15:30 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-30 14:53 . 2008-06-30 14:53 <DIR> d-------- D:\WINDOWS\system32\pt-br

2008-06-30 14:50 . 2008-06-30 14:50 <DIR> d--h----- D:\WINDOWS\$hf_mig$

2008-06-26 16:41 . 1999-05-07 00:00 204,296 --------- D:\WINDOWS\system32\Richtx32.ocx

2008-06-26 16:41 . 2000-02-21 03:20 107,512 --------- D:\WINDOWS\system32\Csmtp32.ocx

2008-06-26 16:41 . 2000-02-21 03:20 99,800 --------- D:\WINDOWS\system32\Csmsg32.ocx

2008-06-26 16:41 . 1998-10-13 14:08 53,248 --a------ D:\WINDOWS\system32\TinyDB6.ocx

2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-06-26 15:48 . 2008-06-26 15:48 <DIR> d-------- D:\Arquivos de programas\Avira

2008-06-26 13:10 . 2008-06-26 13:10 <DIR> d-------- D:\Arquivos de programas\ahead

2008-06-26 13:10 . 2008-06-26 13:10 831,488 --------- D:\WINDOWS\UNMRW.exe

2008-06-26 13:10 . 2008-06-26 13:10 155,648 --------- D:\WINDOWS\system32\NeroCheck.exe

2008-06-26 13:10 . 2008-06-26 13:10 70,532 --------- D:\WINDOWS\UNMRW.cfg

2008-06-26 13:10 . 2008-06-26 13:10 7,582 --------- D:\WINDOWS\system32\drivers\incdrm.sys

2008-06-26 09:57 . 2008-07-28 08:50 <DIR> d-------- D:\Arquivos de programas\Yahoo!

2008-06-26 08:26 . 2008-06-26 08:26 238,532 --a------ D:\WINDOWS\system32\sns.exe

2008-06-25 16:59 . 2008-06-25 16:59 371,158 --a------ D:\WINDOWS\system32\terum.exe

2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\WebApps

2008-06-24 15:35 . 2008-06-24 15:35 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Prism

2008-06-24 10:20 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll

2008-06-24 10:20 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll

2008-06-24 10:20 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui

2008-06-18 16:39 . 2008-06-18 16:39 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Flock

2008-06-18 16:39 . 2008-07-30 09:55 <DIR> d-------- D:\Arquivos de programas\Flock

2008-06-18 16:20 . 2008-06-26 14:40 305 --a------ D:\WINDOWS\wininit.ini

2008-06-17 16:40 . 2008-05-27 21:05 <DIR> d-------- D:\Arquivos de programas\True Transparency

2008-06-17 15:35 . 2008-06-17 15:35 <DIR> d-------- D:\Arquivos de programas\RK Launcher

2008-06-17 15:35 . 2008-06-17 15:36 <DIR> d-------- D:\Arquivos de programas\iShut

2008-06-17 15:35 . 2008-06-17 15:35 <DIR> d-------- D:\Arquivos de programas\Address Book

2008-06-17 14:42 . 2008-06-17 14:42 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-06-17 14:39 . 2008-06-17 14:39 <DIR> d-------- D:\Arquivos de programas\Messenger Plus! Live

2008-06-17 13:07 . 2008-06-17 13:07 0 -rahs---- D:\kb

2008-06-17 10:45 . 2008-07-30 10:56 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-06-16 18:07 . 2008-06-16 18:07 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\GrabPro

2008-06-16 10:24 . 2008-06-16 10:24 <DIR> d-------- D:\Arquivos de programas\Shock Utility

2008-06-16 10:24 . 2008-06-16 10:24 65,536 --a------ D:\WINDOWS\IFinst27.MSNFix

2008-06-16 08:24 . 2008-06-16 08:24 <DIR> d-------- D:\Arquivos de programas\DAEMON Tools Lite

2008-06-13 16:10 . 2008-06-13 16:13 318 --a------ D:\WINDOWS\WPE PRO.INI

2008-06-13 15:23 . 2008-06-18 15:46 <DIR> d-------- D:\Arquivos de programas\Cheat Engine

2008-06-13 15:23 . 2005-09-04 00:48 1,970,176 --a------ D:\WINDOWS\system32\d3dx9.dll

2008-06-13 15:21 . 2008-06-13 15:21 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\DAEMON Tools

2008-06-13 15:21 . 2008-06-13 15:21 717,296 --a------ D:\WINDOWS\system32\drivers\sptd.sys

2008-06-12 15:59 . 2008-07-03 17:50 47,300 --ah----- D:\WINDOWS\system32\mlfcache.dat

2008-06-12 15:42 . 2008-06-12 15:42 <DIR> d-------- D:\Arquivos de programas\Safari

2008-06-11 10:55 . 2008-06-11 10:55 <DIR> d-------- D:\Documents and Settings\UserName\Dados de aplicativos\Ahead

2008-06-09 13:39 . 2008-06-09 14:08 <DIR> d-------- D:\Arquivos de programas\Magic Swf2Avi 2008

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-30 14:22 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\uTorrent

2008-07-30 14:22 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Orbit

2008-07-30 14:07 --------- d-----w D:\Arquivos de programas\Aureate

2008-07-29 14:45 --------- d-----w D:\Arquivos de programas\Orbitdownloader

2008-07-29 12:16 --------- d-----w D:\Arquivos de programas\Mozilla Thunderbird

2008-07-28 20:41 --------- d--h--w D:\Arquivos de programas\InstallShield Installation Information

2008-07-25 19:23 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\FileZilla

2008-07-25 16:21 --------- d-----w D:\Arquivos de programas\eMule

2008-07-24 17:56 --------- d-----w D:\Arquivos de programas\Google

2008-07-21 13:35 --------- d-----w D:\Arquivos de programas\Java

2008-07-18 21:01 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iTunes

2008-07-11 19:38 --------- d-----w D:\Arquivos de programas\iPod

2008-07-10 12:35 32,000 ----a-w D:\WINDOWS\system32\drivers\usbaapl.sys

2008-06-26 19:27 --------- d-----w D:\Arquivos de programas\ESET

2008-06-18 19:15 --------- d-----w D:\Arquivos de programas\JC-Email Direct Express 4.2

2008-06-16 18:03 --------- d-----w D:\Documents and Settings\UserName\Dados de aplicativos\Apple Computer

2008-06-10 11:34 --------- d-----w D:\Arquivos de programas\QuickTime

2008-06-03 19:30 --------- d-----w D:\Arquivos de programas\Last.fm

2008-06-02 14:06 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Last.fm

2004-02-12 20:25 65,536 ----a-w D:\Arquivos de programas\internet explorer\plugins\CSSEdit.dll

.

 

------- Sigcheck -------

 

2007-06-26 08:02 359040 27a5959c94ee173a063ca06bd14f021a D:\WINDOWS\system32\drivers\tcpip.sys

 

2007-04-26 17:10 1778688 8a9fbd4c096cb4467df00687703bd086 D:\WINDOWS\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-07-14_15.42.22.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-15 02:41:59 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-07-15 20:41:23 6,623,232 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat

+ 2008-07-15 20:41:23 286,720 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-07-15 02:41:59 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-07-15 20:41:21 6,623,232 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat

+ 2008-07-15 20:41:21 286,720 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

- 2008-03-04 16:28:53 79,424 ----a-w D:\WINDOWS\system32\drivers\avipbb.sys

+ 2008-07-18 11:25:44 75,072 ----a-w D:\WINDOWS\system32\drivers\avipbb.sys

- 2008-03-25 04:28:39 135,168 ----a-w D:\WINDOWS\system32\java.exe

+ 2008-06-10 04:21:01 135,168 ----a-w D:\WINDOWS\system32\java.exe

- 2008-03-25 04:28:43 135,168 ----a-w D:\WINDOWS\system32\javaw.exe

+ 2008-06-10 04:21:04 135,168 ----a-w D:\WINDOWS\system32\javaw.exe

- 2008-03-25 05:37:01 139,264 ----a-w D:\WINDOWS\system32\javaws.exe

+ 2008-06-10 05:32:34 139,264 ----a-w D:\WINDOWS\system32\javaws.exe

- 2008-03-24 23:21:00 218,496 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-03-25 03:21:20 218,496 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2008-06-26 12:57:38 74,137 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-07-21 11:18:28 74,137 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-07-18 18:59:42 70,264 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

- 2008-03-10 16:38:40 297,984 ----a-w D:\WINDOWS\system32\midas.dll

+ 2005-01-02 15:16:18 297,984 ----a-w D:\WINDOWS\system32\midas.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

"msnmsgr"="D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"DAEMON Tools Lite"="D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856]

"SpybotSD TeaTimer"="D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"swg"="D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 10:45 68856]

"RK Launcher"="D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe" [2007-03-16 17:05 708608]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UnlockerAssistant"="D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872]

"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2007-04-20 02:57 142104]

"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2007-04-20 02:57 162584]

"Persistence"="D:\WINDOWS\system32\igfxpers.exe" [2007-04-20 02:57 138008]

"Adobe Reader Speed Launcher"="D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"QuickTime Task"="D:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-27 10:50 413696]

"avgnt"="D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 08:25 266497]

"SunJavaUpdateSched"="D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"AppleSyncNotifier"="D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"iTunesHelper"="D:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

"Google Desktop Search"="D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-24 14:56 29744]

"G4Listener"="C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe" [2008-01-11 12:00 93184]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 D:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360]

 

D:\WINDOWS\system32\config\systemprofile\Menu Iniciar\Programas\Inicializar\

ObjectDock.lnk - D:\Arquivos de programas\OBjectDock\ObjectDock.exe [2008-03-12 13:57:04 1826885]

UberIcon.lnk - D:\Arquivos de programas\UberIcon\UberIcon Manager.exe [2008-03-12 13:54:21 188416]

VisualTaskTips.lnk - D:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe [2008-03-12 13:54:22 36864]

 

D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\

Yahoo! Widgets.lnk - D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 19:34:48 3746856]

 

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Orbit.lnk - D:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-03-12 15:03:55 1703112]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="%windir%\\Resources\\Logon\\Newlogo.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.CSCD"= camcodec.dll

"vidc.ffds"= D:\ARQUIV~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nsd22.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uap14.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff74.sys]

@="Driver"

 

[HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^UberIcon.lnk]

path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\UberIcon.lnk

backup=D:\WINDOWS\pss\UberIcon.lnkStartup

 

[HKLM\~\startupfolder\D:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^VisualTaskTips.lnk]

path=D:\Documents and Settings\UserName\Menu Iniciar\Programas\Inicializar\VisualTaskTips.lnk

backup=D:\WINDOWS\pss\VisualTaskTips.lnkStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"D:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"D:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"D:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"D:\\WINDOWS\\system32\\LMabcoms.exe"=

"D:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"D:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"D:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Santander\\Gerenciador de Arquivos\\Bin\\Listener.exe"=

"D:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=

"D:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe"=

"D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=

"D:\\Arquivos de programas\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8322:TCP"= 8322:TCP:BitComet 8322 TCP

"8322:UDP"= 8322:UDP:BitComet 8322 UDP

 

S0 Nsd22;Nsd22;D:\WINDOWS\system32\Drivers\Nsd22.sys []

S0 Uap14;Uap14;D:\WINDOWS\system32\Drivers\Uap14.sys []

S0 Winff74;Winff74;D:\WINDOWS\system32\Drivers\Winff74.sys []

S2 gupdate1c8c104853bc198;Google Update Service (gupdate1c8c104853bc198);D:\Arquivos de programas\Google\Update\GoogleUpdate.exe []

S3 FXDrv32;FXDrv32;E:\FXDrv32.sys []

S3 GoogleDesktopManager-051608-133132;Gerenciador do Google Desktop 5.7.805.16405;D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-24 14:56]

S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 08:59]

S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []

S3 XDva120;XDva120;D:\WINDOWS\system32\XDva120.sys []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-04-16 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- D:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-30 11:25:05

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-30 11:26:49

ComboFix-quarantined-files.txt 2008-07-30 14:26:26

ComboFix2.txt 2008-07-29 15:26:49

ComboFix3.txt 2008-07-24 13:09:25

ComboFix4.txt 2008-07-15 11:36:19

ComboFix5.txt 2008-07-30 14:22:09

 

Pre-Run: 18 pasta(s) 162,508,726,272 bytes disponíveis

Post-Run: 20 pasta(s) 162,500,984,832 bytes disponíveis

 

284

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:29:37, on 30/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

D:\WINDOWS\system32\igfxtray.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\RTHDCPL.EXE

D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

D:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Arquivos de programas\iPod\bin\iPodService.exe

D:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

D:\WINDOWS\explorer.exe

D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [unlockerAssistant] "D:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [G4Listener] "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe"

O4 - HKLM\..\Run: [Vistadrv] D:\WINDOWS\HDbar\vsdrv.exe

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [RK Launcher] "D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] D:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Yahoo! Widgets.lnk = D:\Arquivos de programas\Yahoo!\Widgets\YahooWidgets.exe

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O4 - Global Startup: RKLauncher.lnk = D:\Arquivos de programas\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - D:\Arquivos de programas\PicLensIE\PicLens.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} (CTGClienteCOM Object) - https://netbanking2.banespa.com.br/OCX/TG.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205493537265

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gerenciador do Google Desktop 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c8c104853bc198) (gupdate1c8c104853bc198) - Unknown owner - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - D:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: lmab_device - - D:\WINDOWS\system32\LMabcoms.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

 

--

End of file - 9871 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Yeshu'a

 

- Digite no Executar combofix /u e clique em Ok e aguarde a remoção do combofix.

 

Seu log estar limpo, para finalizar.

 

Visite o Windows Update e atualize o seu sistema, baixando o Service Pack 3

 

Ou, se preferir, baixe e instale o pacote completo (+- 300 Mb):

http://www.microsoft.com/downloads/details...splayLang=pt-br

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

• Abra o programa e clique em Executar Limpeza;

• Após isto, clique em Registro > Procurar erros > Corrigir Erros

 

- Desative e ative novamente a Restauração do Sistema

 

Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;

 

Faça também o donwload do • ATF-Cleaner

 

- Execute a Ferramenta ATF-Cleaner.exe. Marque a opção Select All e clique em Empty Selected. Aparecerá uma janela "Done Cleaning". Clique em OK e Exit.

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.