[Resolvido!]Meu pc não acessa determinado servidor, ..

[JackDenio 0]

Todavia igual ..

 

Removal tool loaded into memory

Gromozon rootkit component not detected - searching for other components

Scanning: C:\WINDOWS

Scanning: C:\Arquivos de programas\Arquivos comuns

 

 

Trojan.Gromozon does not exist - your system is clean.

[DigRam 144]

Bom Dia! RomanMG

 

<!> Continuando a pesquisa ao DNSChanger...

------------------------

<@> Desabilite o Spybot. ( TeaTimer )

<@> Configure o Windows,à mostrar arquivos ocultos!

<@> Desabilite a Restauração do Sistema!

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\Temp\kdycn.ren

Registry::

[-HKEY_ALL_USERS\Software\DirectVideo]

[-HKEY_CLASSES_ROOT\DirectVideo]

[-HKEY_CLASSES_ROOT\DirectVideo\CLSID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EZVideo]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EZVideo\CLSID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EZVideo]

[-HKEY_CURRENT_USER\Software\EZVideo]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectVideo]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System" =""

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AFA72D52-9DB8-41E5-A40E-077CA7F760CD}]

Folder::

C:\Documents and Settings\Roman\Start Menu\Programs\EZVideo

C:\Arquivos de Programas\EZVideo

C:\Arquivos de Programas\DirectVideo

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Reinicie o computador!

------------------------

<!> Vá em Iniciar --> Pesquisar

<!> Na caixa: Todo ou parte do nome do arquivo

<!> Digite: rasphone.pbk

<!> Inicie a pesquisa e,caso não encontre o arquivo,acesse a pesquisa avançada!

<!> Marque,principalmente: Pesquisar arquivos e pastas ocultas

<!> Encontrando rasphone.pbk,procure abri-lo com o Bloco de Notas.

<!> Remova,caso encontre,as seguintes linhas:

 

IpDnsAddress = 85.255.116.68

IpDns2Address = 85.255.112.141

IpNameAssign = 2

 

<!> Procure salvar as modificações,ao fechar o Bloco de Notas.

 

<!> Maiores detalhes: < Trojan.Flush.K >

 

<!> Terminando,poste os relatórios: C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[JackDenio 0]

E aê Dig, foi mal a demora, ...

 

Comofix:

 

ComboFix 08-07-31.06 - Dênio 2008-08-10 15:08:07.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.396 [GMT -3:00]Executando de: C:\Documents and Settings\Dênio\Desktop\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-07-10 to 2008-08-10 ))))))))))))))))))))))))))))))))

.

 

2008-08-05 16:03 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-08-05 16:03 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-30 19:03 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-07-30 19:03 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-07-30 19:03 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-07-30 19:03 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-07-30 19:03 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe

2008-07-30 19:03 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe

2008-07-30 19:03 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-07-30 19:03 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-07-30 19:03 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-07-25 10:15 . 2008-08-10 15:14 154,308,640 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-07-25 10:15 . 2008-08-10 02:46 1,748,252 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-07-24 10:56 . 2008-03-05 11:41 148,496 --a------ C:\WINDOWS\system32\drivers\61918670.sys

2008-07-22 15:58 . 2008-07-22 15:58 <DIR> d-------- C:\Documents and Settings\Dênio\Dados de aplicativos\Malwarebytes

2008-07-22 15:58 . 2008-07-22 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-07-22 15:58 . 2008-07-22 15:58 <DIR> d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-07-22 15:58 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-07-22 15:58 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-07-21 16:16 . 2008-07-21 16:16 737,628 --a------ C:\WINDOWS\xobglu32.dll

2008-07-21 16:16 . 2008-07-21 16:16 63,488 --a------ C:\WINDOWS\xobglu16.dll

2008-07-20 15:29 . 2008-07-20 15:29 <DIR> d-------- C:\Arquivos de programas\Avira

2008-07-20 14:02 . 2008-07-20 14:02 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-07-20 14:02 . 2008-07-20 14:02 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-07-20 14:02 . 2008-07-20 14:02 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-07-20 14:02 . 2008-07-20 14:02 <DIR> d-------- C:\Documents and Settings\DÛnio\Configuraþ§es locais

2008-07-20 14:02 . 2008-07-20 14:02 <DIR> d-------- C:\Documents and Settings\DÛnio

2008-07-20 14:02 . 2008-07-20 14:02 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

2008-07-19 03:32 . 2008-07-19 03:32 <DIR> d-------- C:\Arquivos de programas\Desliga Aí!

2008-07-16 15:37 . 2008-07-16 15:37 <DIR> d-------- C:\Arquivos de programas\XP Codec Pack

2008-07-16 15:37 . 2008-06-30 11:47 421,888 --a------ C:\WINDOWS\system32\ac3filter.acm

2008-07-12 10:12 . 2008-07-12 10:12 <DIR> d-------- C:\Documents and Settings\Dênio\Dados de aplicativos\Sytexis Software

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-10 18:04 --------- d-----w C:\Documents and Settings\Dênio\Dados de aplicativos\MegauploadToolbar

2008-08-10 13:48 36,938 ----a-w C:\Arquivos de programas\megacubo_log.log

2008-08-10 00:45 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-08-09 11:09 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-08 14:42 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-05 17:34 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-08-04 14:58 --------- d-----w C:\Arquivos de programas\Windows Media Bonus Pack for Windows XP

2008-07-31 15:31 3,312 ----a-w C:\WINDOWS\system32\tmp.reg

2008-07-20 18:29 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-07-20 17:36 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-07-16 18:26 --------- d-----w C:\Arquivos de programas\Soulseek

2008-07-14 16:06 --------- d-----w C:\Arquivos de programas\Google

2008-07-12 14:34 --------- d-----w C:\Arquivos de programas\Java

2008-07-05 10:14 456,192 ----a-w C:\WINDOWS\system32\libmplayer.dll

2008-07-05 10:14 3,591,168 ----a-w C:\WINDOWS\system32\libavcodec.dll

2008-07-05 10:13 708,096 ----a-w C:\WINDOWS\system32\ff_x264.dll

2008-07-03 00:47 --------- d-----w C:\Arquivos de programas\Megacubo

2008-06-22 16:34 177,664 ----a-w C:\WINDOWS\system32\ff_theora.dll

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-16 16:53 --------- d-----w C:\Arquivos de programas\NitroPC(2)

2008-06-13 10:39 23,552 ----a-w C:\WINDOWS\system32\ff_wmv9.dll

2008-06-12 17:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-06-12 16:25 962,560 ----a-w C:\WINDOWS\system32\VSFilter.dll

2008-02-19 19:48 320 ----a-w C:\Documents and Settings\Dênio\Dados de aplicativos\wklnhst.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

"StartCCC"="C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-10-09 19:22 190024]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35 202024]

"WMPNSCFG"="C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:32 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 01:10 851968]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 03:10 1392640]

"Dell QuickSet"="C:\Arquivos de programas\Dell\QuickSet\quickset.exe" [2007-05-14 14:23 1191936]

"PDVDDXSrv"="C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23 118784]

"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 07:03 17920]

"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2005-02-28 17:53 53248]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

"SecurDisc"="C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe" [2007-09-20 09:36 2044712]

"InCD"="C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe" [2007-09-20 09:35 1077032]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"SigmatelSysTrayApp"="stsystra.exe" [2007-04-23 21:01 303104 C:\WINDOWS\stsystra.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=

"C:\\Arquivos de programas\\SopCast\\SopCast.exe"=

"C:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"C:\\Arquivos de programas\\SopCast\\sopvod.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\Soulseek\\slsk.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"C:\\Arquivos de programas\\Megacubo\\megasrv.exe"=

 

R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2007-05-23 14:07]

R1 is-UVJKNdrv;is-UVJKNdrv;C:\WINDOWS\system32\drivers\61918670.sys [2008-03-05 11:41]

R2 wampapache;wampapache;c:\wamp\apache2\bin\httpd.exe [2007-01-10 00:17]

R2 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 13:14]

S2 is-UVJKN;is-UVJKN;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-UVJKN\is-UVJKN.exe []

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Dênio\Dados de aplicativos\Mozilla\Firefox\Profiles\rf5s58ii.default\

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-10 15:13:43

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-08-10 15:16:40

ComboFix-quarantined-files.txt 2008-08-10 18:15:35

 

Pre-Run: 16 pasta(s) 43,294,527,488 bytes disponíveis

Post-Run: 19 pasta(s) 43,734,638,592 bytes disponíveis

 

147 --- E O F --- 2008-08-06 03:52:17

 

 

 

HJT:

 

Logfile of HijackThis v1.99.1

Scan saved at 15:42:30, on 10/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

c:\wamp\apache2\bin\httpd.exe

c:\wamp\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\svchost.exe

C:\wamp\apache2\bin\httpd.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\Dell\BAE\BAE.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.hostrevenda.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA72D52-9DB8-41E5-A40E-077CA7F760CD}: NameServer = 85.255.116.68 85.255.112.141

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: is-UVJKN - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-UVJKN\is-UVJKN.exe" -r (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[DigRam 144]

Boa Noite! RomanMG

 

<!> Este relatório,do ComboFix,após a execução do script,não é o log correto.

<!> Poderia repetir,o procedimento de script,e postar o relatório? ( ComboFix.txt )

 

Abraços!

[JackDenio 0]

Pra aonde vai log correto? Porque esse eu peguei em C:\ComboFix.txt

[DigRam 144]

Pra aonde vai log correto? Porque esse eu peguei em C:\ComboFix.txt

Opa! RomanMG

Bom Dia!

 

ComboFix 08-08-09.02 - xxxx 2008-08-09 20:34:32.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.229 [GMT -3:00]

Executando de: C:\Documents and Settings\xxxx\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\xxxx\Desktop\CFScript.txt

<!> Vai para o mesmo diretório e possui,para cabeçalho,este corpo.

----------------------

<!> Configure o navegador para que busque,automáticamente,o endereço dos Servidores DNS da sua conecção local.

<!> Vá em: Painel de Controle --> Conecções de Rede --> Conecção Local.

<!> Clique em Propriedades!

<!> Dois cliques em: < Protocol TCP/IP >

<!> Selecionar: Obter o endereço dos Servidores DNS Automaticamente --> Ok.

<!> Reinicie o computador!

<!> Não sendo possível a configuração automática,entre em contato com o suporte,para que lhe forneçam o DNS ( Primário e Secundário ),da sua área.

<!> Na posse dos DNS,proceda à configuração manual!

-----------------------

<@> Faça o download do a-squared Free 3.5

 

Link Opcional: < >

 

<@> Abra o programa e clique em: Atualizar agora >> Aguarde!

<@> Terminando,clique em: Analisar agora.

<@> Faça esta análise,em Modo de Segurança!

<@> Escolha a opção: A fundo

<@> Clique em Analisar!

<@> Terminando,envie os ítens encontrados para a quarentena. << Importante!

<@> Aonde,daí,serão excluídos ou restaurados.

<@> Salve o relatório,desta verificação,e poste na sua resposta.

----------------------

<@> Faça o download do AutoRuns.

<@> Salve-o no Disco Local-C e descompacte-o aí mesmo,em uma pasta própria. ( C:\Autoruns.exe )

<@> Dê um duplo clique em Autoruns.exe Aguarde!

<@> No menu,Options, marque: Verify Code Signatures e Hide signed Microsoft Entries.

<@> Clique em File --> Refresh.

<@> Aguarde!E,ao terminar,clique em File >> Save as..

<@> Copie o relatório ( .txt ),para o Bloco de Notas,e cole na sua resposta.

 

Abraços!

[JackDenio 0]

E aê Dig, velho ontem eu formatei meu computador, muito obrigado pela ajuda aê, mais eu não pude evitar, nada encontrava esse trojan e meu pc estava com desempenho muito abaixo do real que ele me oferece, pra ser sincero, se eu soubesse que ele ia melhorar tanto eu ja tinha formatado, so que como eu depende dele pra trabalhar fiquei meio indeciso...uma vez mais obrigado pela ajuda velho!!!

--------------------

Opa! RomanMG

Bom Dia!

 

<!> Como além do Trojan.DNSChanger,voçê tinha outros problemas,a formatação foi a melhor solução.

 

Abraços!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.