[Resolvido!] seg o log do hijack

[HTR 0]

Galera...eu estou com esse malware, não sei oque ele faz, mas o fato dele estar na minha maquina me encomoda...

espero que possam me ajudar, vi um topico parecido...mais resolvi postar o meu proprio para verificar se ah mais algum problema...

 

seg o log do hijack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:28:58, on 20/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LogonStudio] "C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B780AFBB-D844-4C7E-8263-1E8F0D867FAA}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 4746 bytes

[DigRam 144]

Boa Noite! HTR

 

<@> Faça o download do ComboFix.

<@> Baixe-o para o Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e Firewall.

<@> Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!

<@> Digite a opção para continuar e < Enter >

<@> Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

<@> Para parar ou sair do ComboFix,tecle "N".

-------------------------------------

<@> Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[HTR 0]

ComboFix 08-07-20.5 - HTR 2008-07-21 4:14:26.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.636 [GMT -3:00]

Executando de: C:\Documents and Settings\HTR\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

C:\Documents and Settings\All Users\Documentos\Stardock\WindowBlinds\FROIS-01\_desktop.ini

C:\WINDOWS\system32\28463

C:\WINDOWS\system32\28463\AKV.exe

C:\WINDOWS\system32\28463\LFXH.001

C:\WINDOWS\system32\28463\LFXH.002

C:\WINDOWS\system32\28463\LFXH.005

C:\WINDOWS\system32\28463\LFXH.006

C:\WINDOWS\system32\28463\LFXH.007

C:\WINDOWS\system32\28463\LFXH.009

C:\WINDOWS\system32\28463\LFXH.exe

C:\WINDOWS\system32\ckvo0.dll

D:\Autorun.inf

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-21 to 2008-07-21 ))))))))))))))))))))))))))))))))

.

 

2008-07-21 01:11 . 2008-07-21 01:11 <DIR> d-------- C:\Arquivos de programas\Total Video Converter

2008-07-21 00:46 . 2005-02-01 13:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp

2008-07-20 18:28 . 2008-07-20 18:28 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-07-20 18:23 . 2008-07-20 18:23 <DIR> d-------- C:\Hijack

2008-07-20 17:42 . 2008-07-21 04:09 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-07-20 17:39 . 2008-07-20 17:39 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Ahead

2008-07-20 17:38 . 2008-07-20 17:38 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\CyberLink

2008-07-20 17:38 . 2008-07-20 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-07-20 17:38 . 2008-07-20 17:38 <DIR> d-------- C:\Arquivos de programas\Nero

2008-07-20 17:38 . 2008-07-20 17:39 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-07-20 17:37 . 2008-07-20 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-07-20 17:35 . 2008-07-20 17:36 <DIR> d-------- C:\Arquivos de programas\CyberLink

2008-07-20 17:35 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-07-20 15:20 . 2008-07-20 15:20 0 --a------ C:\WINDOWS\WB.ini

2008-07-20 15:13 . 2008-07-20 15:13 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2008-07-20 04:12 . 2008-07-21 01:03 <DIR> d-------- C:\downloads

2008-07-20 04:12 . 2008-07-21 04:16 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Orbit

2008-07-20 04:12 . 2008-07-20 04:12 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\GrabPro

2008-07-20 04:12 . 2008-07-20 18:26 <DIR> d-------- C:\Arquivos de programas\Orbitdownloader

2008-07-20 03:40 . 2008-07-20 03:40 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Media Player Classic

2008-07-20 03:32 . 2007-09-04 13:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-07-20 03:22 . 2008-07-04 03:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm

2008-07-20 03:22 . 2008-01-10 09:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-07-20 03:22 . 2004-01-25 13:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-07-20 03:22 . 2008-01-10 09:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-07-20 03:22 . 2007-09-20 21:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-07-20 03:22 . 2007-10-03 12:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-07-20 03:20 . 2008-05-22 19:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-07-20 03:19 . 2008-05-30 20:22 683,520 --a------ C:\WINDOWS\system32\divx.dll

2008-07-20 03:19 . 2008-05-22 19:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-07-20 03:14 . 2008-06-12 15:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-07-20 03:14 . 2007-07-10 13:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-07-20 03:13 . 2003-03-19 00:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-07-20 03:13 . 2004-01-11 19:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-07-20 03:12 . 2008-07-20 03:22 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-07-18 13:25 . 2008-07-21 04:16 24 --a------ C:\WINDOWS\LogonStudio.ini

2008-07-18 13:23 . 2008-07-18 13:23 <DIR> d-------- C:\Arquivos de programas\WinCustomize

2008-07-18 13:23 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-07-18 13:23 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll

2008-07-18 00:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-07-18 00:07 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-07-18 00:07 . 2008-07-18 00:07 120,251 -r-hs---- C:\ivcvknr.bat

2008-07-18 00:07 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-07-17 20:48 . 2008-07-17 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA

2008-07-17 03:11 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-17 03:11 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-17 03:04 . 2008-07-20 15:49 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Tibia

2008-07-17 03:04 . 2008-07-17 03:04 <DIR> d-------- C:\Arquivos de programas\Tibia

2008-07-17 03:00 . 2008-07-19 18:45 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-07-17 02:48 . 2008-07-17 02:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-07-17 02:48 . 2008-07-17 02:48 <DIR> d-------- C:\Documents and Settings\HTR\Contacts

2008-07-17 02:29 . 2008-07-17 02:31 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-07-17 02:29 . 2008-07-17 02:48 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-07-17 02:29 . 2008-07-17 02:37 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-07-17 02:23 . 2008-07-17 02:23 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-17 02:16 . 2008-07-17 02:16 <DIR> d---s---- C:\Documents and Settings\HTR\UserData

2008-07-17 01:54 . 2008-07-20 15:15 <DIR> d-------- C:\Arquivos de programas\Stardock

2008-07-17 01:54 . 2008-07-18 14:41 162,432 --a------ C:\WINDOWS\system32\drivers\vidstub.sys

2008-07-17 01:30 . 2008-07-17 01:30 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-07-17 01:30 . 2008-07-17 01:30 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-07-17 01:30 . 2008-07-17 01:30 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-07-17 01:27 . 2008-07-21 00:46 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp

2008-07-17 01:26 . 2008-07-17 01:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Stardock

2008-07-17 01:26 . 2008-07-21 00:46 <DIR> d-------- C:\Arquivos de programas\AlienGUIse

2008-07-17 01:26 . 2008-07-17 01:26 115,233 -r-hs---- C:\p83gjy.exe

2008-07-17 01:26 . 2008-07-20 17:42 77,312 --------- C:\WINDOWS\system32\ckvo1.dll

2008-07-17 01:26 . 2008-04-26 16:14 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2008-07-17 01:25 . 2008-07-16 13:09 117,001 -r-hs---- C:\33gmhso.bat

2008-07-17 01:22 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-07-17 01:09 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll

2008-07-17 01:03 . 2008-07-17 01:03 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-07-17 01:03 . 2008-07-19 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-07-17 01:02 . 2008-07-17 01:02 <DIR> dr-h----- C:\MSOCache

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-20 20:36 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-20 20:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-18 16:25 6,581,248 ----a-w C:\WINDOWS\system32\logonuiX.exe

2008-07-17 03:37 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-07-17 03:37 --------- d-----w C:\Arquivos de programas\Realtek

2008-07-17 03:26 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-07-17 03:25 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-07-17 03:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 07:02 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BootSkin Startup Jobs"="C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-03-24 13:37 262144]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 04:35 7630848]

"LogonStudio"="C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"SecurDisc"="C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 12:23 1620480]

"InCD"="C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-02-12 12:19 1050112]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\HTR\Menu Iniciar\Programas\Inicializar\

Alienware Dock.lnk - C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-07-21 00:44:51 2074360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-07-20 04:12:06 1690824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2008-07-20 15:18 229376 C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^HTR^Menu Iniciar^Programas^Inicializar^WinFlip.exe]

path=C:\Documents and Settings\HTR\Menu Iniciar\Programas\Inicializar\WinFlip.exe

backup=C:\WINDOWS\pss\WinFlip.exeStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-08-16 04:35 7630848 C:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2006-08-16 04:35 86016 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 07:43 69632 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-08-16 04:35 1617920 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2006-12-19 00:12 16062464 C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8991152-5687-11dd-acee-001bb98adc89}]

\Shell\AutoRun\command - ybj8df.exe

\Shell\explore\Command - ybj8df.exe

\Shell\open\Command - ybj8df.exe

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe

HKLM-Run-LFXH Agent - C:\WINDOWS\system32\28463\LFXH.exe

MSConfigStartUp-kamsoft - C:\WINDOWS\system32\ckvo.exe

MSConfigStartUp-LFXH Agent - C:\WINDOWS\system32\28463\LFXH.exe

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.br/

O8 -: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 -: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 -: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 -: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-21 04:16:33

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\wdfmgr.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-07-21 4:17:29 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-21 07:17:27

 

Pre-Run: 7 pasta(s) 24,170,246,144 bytes disponíveis

Post-Run: 10 pasta(s) 24,483,135,488 bytes dispon¡veis

 

213 --- E O F --- 2008-07-19 22:04:38

 

_______________________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:18:44, on 21/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LogonStudio] "C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Alienware Dock.lnk = C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B780AFBB-D844-4C7E-8263-1E8F0D867FAA}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 5156 bytes

[DigRam 144]

Bom Dia! HTR

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

<!> Para a segurança do PC,vamos providenciar a instalação do Console de Recuperação.

---------------------------------------------

<!> Vá ao site da Microsoft: < Link >

 

<!> Selecione o download,que seja adequado,ao seu Sistema Operacional!

 

 

<!> Faça o download,do arquivo,e salve-o no seu desktop.

<!> Feche todos os programas,que estejam abertos!

<!> Feche,também,seus programas de proteção! ( Antivírus,Antispywares e Firewall )

<!> Arraste o setup,baixado do site da Microsoft,para o interior do ComboFix.exe

<!> Veja,abaixo,a demonstração!

 

 

<!> Siga as mensagens que aparecem na tela,para iniciar o ComboFix.

<!> Aceite o contrato da Microsoft,para instalar o "Console de Recuperação da Microsoft".

<!> Na próxima mensagem,clique em "Yes",para realizar um scan com o ComboFix.

 

 

<!> Terminando,poste os relatórios:

 

<!> C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[HTR 0]

Bom Dia DigRam!

 

ComboFix 08-07-20.5 - HTR 2008-07-21 9:57:05.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.668 [GMT -3:00]

Executando de: C:\Documents and Settings\HTR\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\HTR\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-06-21 to 2008-07-21 ))))))))))))))))))))))))))))))))

.

 

2008-07-21 04:17 . 2008-07-21 04:17 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-07-21 04:17 . 2008-07-21 04:17 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-07-21 04:17 . 2008-07-21 04:17 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-07-21 04:17 . 2008-07-21 04:17 <DIR> d-------- C:\Documents and Settings\HTR\Configuraþ§es locais

2008-07-21 01:11 . 2008-07-21 01:11 <DIR> d-------- C:\Arquivos de programas\Total Video Converter

2008-07-21 00:46 . 2005-02-01 13:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp

2008-07-20 18:28 . 2008-07-20 18:28 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-07-20 18:23 . 2008-07-20 18:23 <DIR> d-------- C:\Hijack

2008-07-20 17:42 . 2008-07-21 04:09 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-07-20 17:39 . 2008-07-20 17:39 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Ahead

2008-07-20 17:38 . 2008-07-20 17:38 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\CyberLink

2008-07-20 17:38 . 2008-07-20 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-07-20 17:38 . 2008-07-20 17:38 <DIR> d-------- C:\Arquivos de programas\Nero

2008-07-20 17:38 . 2008-07-20 17:39 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-07-20 17:37 . 2008-07-20 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-07-20 17:35 . 2008-07-20 17:36 <DIR> d-------- C:\Arquivos de programas\CyberLink

2008-07-20 17:35 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-07-20 15:20 . 2008-07-20 15:20 0 --a------ C:\WINDOWS\WB.ini

2008-07-20 15:13 . 2008-07-20 15:13 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2008-07-20 04:12 . 2008-07-21 01:03 <DIR> d-------- C:\downloads

2008-07-20 04:12 . 2008-07-21 09:50 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Orbit

2008-07-20 04:12 . 2008-07-20 04:12 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\GrabPro

2008-07-20 04:12 . 2008-07-20 18:26 <DIR> d-------- C:\Arquivos de programas\Orbitdownloader

2008-07-20 03:40 . 2008-07-20 03:40 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Media Player Classic

2008-07-20 03:32 . 2007-09-04 13:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-07-20 03:22 . 2008-07-04 03:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm

2008-07-20 03:22 . 2008-01-10 09:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-07-20 03:22 . 2004-01-25 13:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-07-20 03:22 . 2008-01-10 09:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-07-20 03:22 . 2007-09-20 21:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-07-20 03:22 . 2007-10-03 12:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-07-20 03:20 . 2008-05-22 19:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-07-20 03:19 . 2008-05-30 20:22 683,520 --a------ C:\WINDOWS\system32\divx.dll

2008-07-20 03:19 . 2008-05-22 19:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-07-20 03:14 . 2008-06-12 15:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-07-20 03:14 . 2007-07-10 13:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-07-20 03:13 . 2003-03-19 00:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-07-20 03:13 . 2004-01-11 19:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-07-20 03:12 . 2008-07-20 03:22 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-07-18 13:25 . 2008-07-21 09:49 24 --a------ C:\WINDOWS\LogonStudio.ini

2008-07-18 13:23 . 2008-07-18 13:23 <DIR> d-------- C:\Arquivos de programas\WinCustomize

2008-07-18 13:23 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-07-18 13:23 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll

2008-07-18 00:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-07-18 00:07 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-07-18 00:07 . 2008-07-18 00:07 120,251 -r-hs---- C:\ivcvknr.bat

2008-07-18 00:07 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-07-17 20:48 . 2008-07-17 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA

2008-07-17 03:11 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-17 03:11 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-17 03:04 . 2008-07-20 15:49 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Tibia

2008-07-17 03:04 . 2008-07-17 03:04 <DIR> d-------- C:\Arquivos de programas\Tibia

2008-07-17 03:00 . 2008-07-19 18:45 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-07-17 02:48 . 2008-07-17 02:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-07-17 02:48 . 2008-07-17 02:48 <DIR> d-------- C:\Documents and Settings\HTR\Contacts

2008-07-17 02:29 . 2008-07-17 02:31 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-07-17 02:29 . 2008-07-17 02:48 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-07-17 02:29 . 2008-07-17 02:37 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-07-17 02:23 . 2008-07-17 02:23 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-17 02:16 . 2008-07-17 02:16 <DIR> d---s---- C:\Documents and Settings\HTR\UserData

2008-07-17 01:54 . 2008-07-20 15:15 <DIR> d-------- C:\Arquivos de programas\Stardock

2008-07-17 01:54 . 2008-07-18 14:41 162,432 --a------ C:\WINDOWS\system32\drivers\vidstub.sys

2008-07-17 01:30 . 2008-07-17 01:30 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-07-17 01:30 . 2008-07-17 01:30 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-07-17 01:30 . 2008-07-17 01:30 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-07-17 01:27 . 2008-07-21 00:46 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp

2008-07-17 01:26 . 2008-07-17 01:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Stardock

2008-07-17 01:26 . 2008-07-21 00:46 <DIR> d-------- C:\Arquivos de programas\AlienGUIse

2008-07-17 01:26 . 2008-07-17 01:26 115,233 -r-hs---- C:\p83gjy.exe

2008-07-17 01:26 . 2008-07-20 17:42 77,312 --------- C:\WINDOWS\system32\ckvo1.dll

2008-07-17 01:26 . 2008-04-26 16:14 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2008-07-17 01:25 . 2008-07-16 13:09 117,001 -r-hs---- C:\33gmhso.bat

2008-07-17 01:22 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-07-17 01:09 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll

2008-07-17 01:03 . 2008-07-17 01:03 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-07-17 01:03 . 2008-07-19 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-07-17 01:02 . 2008-07-17 01:02 <DIR> dr-h----- C:\MSOCache

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-20 20:36 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-20 20:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-18 16:25 6,581,248 ----a-w C:\WINDOWS\system32\logonuiX.exe

2008-07-17 03:37 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-07-17 03:37 --------- d-----w C:\Arquivos de programas\Realtek

2008-07-17 03:26 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-07-17 03:25 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-07-17 03:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 07:02 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BootSkin Startup Jobs"="C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-03-24 13:37 262144]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 04:35 7630848]

"LogonStudio"="C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"SecurDisc"="C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 12:23 1620480]

"InCD"="C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-02-12 12:19 1050112]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\HTR\Menu Iniciar\Programas\Inicializar\

Alienware Dock.lnk - C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-07-21 00:44:51 2074360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-07-20 04:12:06 1690824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2008-07-20 15:18 229376 C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^HTR^Menu Iniciar^Programas^Inicializar^WinFlip.exe]

path=C:\Documents and Settings\HTR\Menu Iniciar\Programas\Inicializar\WinFlip.exe

backup=C:\WINDOWS\pss\WinFlip.exeStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-08-16 04:35 7630848 C:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2006-08-16 04:35 86016 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 07:43 69632 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-08-16 04:35 1617920 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2006-12-19 00:12 16062464 C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8991152-5687-11dd-acee-001bb98adc89}]

\Shell\AutoRun\command - ybj8df.exe

\Shell\explore\Command - ybj8df.exe

\Shell\open\Command - ybj8df.exe

 

*Newly Created Service* - CATCHME

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.br/

O8 -: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 -: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 -: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 -: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O17 -: HKLM\CCS\Interface\{B780AFBB-D844-4C7E-8263-1E8F0D867FAA}: NameServer = 200.204.0.10 200.204.0.138

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-21 09:57:47

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-21 9:58:11

ComboFix-quarantined-files.txt 2008-07-21 12:58:09

ComboFix2.txt 2008-07-21 07:17:30

 

Pre-Run: 7 pasta(s) 24,460,689,408 bytes disponíveis

Post-Run: 10 pasta(s) 24,429,998,080 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

195 --- E O F --- 2008-07-19 22:04:38

 

_____________________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:00:11, on 21/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LogonStudio] "C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Alienware Dock.lnk = C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B780AFBB-D844-4C7E-8263-1E8F0D867FAA}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 5068 bytes

 

____________________________________

 

Gostaria de agradecer pela atenção, eh a minha primeira vez aki no forum e estou vendo que o trabalho de vocês é muito eficiente, as respostas estão sendo muito mais rapidas doque estou acustumado... bom vlw aew ... :grin:

[DigRam 144]

Boa Tarde! HTR

 

Segure a tecla shift,e em seguida,insira sua(s) unidade(s) removíveis,na entrada USB.

Não pode ocorrer autoinicialização,durante este procedimento,para evitar a reinfecção do PC.

Recomendo a formatação do pendrive,se for este o causador da infecção do PC.

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\system32\ckvo1.dll

C:\ivcvknr.bat

C:\p83gjy.exe

C:\33gmhso.bat

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8991152-5687-11dd-acee-001bb98adc89}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Reinicie o computador!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[HTR 0]

Opa...desculpa a demora...

 

ComboFix 08-07-20.5 - HTR 2008-07-23 4:21:25.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.616 [GMT -3:00]

Executando de: C:\Documents and Settings\HTR\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\HTR\Desktop\CFScript.txt

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\28463

C:\WINDOWS\system32\28463\AKV.exe

C:\WINDOWS\system32\28463\LFXH.001

C:\WINDOWS\system32\28463\LFXH.002

C:\WINDOWS\system32\28463\LFXH.005

C:\WINDOWS\system32\28463\LFXH.006

C:\WINDOWS\system32\28463\LFXH.007

C:\WINDOWS\system32\28463\LFXH.009

C:\WINDOWS\system32\28463\LFXH.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))))

.

 

2008-07-23 03:45 . 2008-07-23 03:45 <DIR> d-------- C:\Arquivos de programas\vso

2008-07-23 03:21 . 2008-07-23 04:23 <DIR> d-------- C:\Arquivos de programas\The FilmMachine

2008-07-23 03:21 . 2008-07-23 03:21 <DIR> d-------- C:\Arquivos de programas\Real Alternative

2008-07-23 03:21 . 2008-07-23 03:21 <DIR> d-------- C:\Arquivos de programas\AviSynth 2.5

2008-07-23 03:21 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-07-23 00:51 . 2008-07-23 00:51 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter

2008-07-22 14:03 . 2008-07-23 03:54 <DIR> d-------- C:\Arquivos de programas\Steam

2008-07-21 04:17 . 2008-07-21 04:17 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-07-21 04:17 . 2008-07-21 04:17 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-07-21 04:17 . 2008-07-21 04:17 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-07-21 04:17 . 2008-07-21 04:17 <DIR> d-------- C:\Documents and Settings\HTR\Configurações locais

2008-07-21 01:11 . 2008-07-21 01:11 <DIR> d-------- C:\Arquivos de programas\Total Video Converter

2008-07-21 00:46 . 2005-02-01 13:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp

2008-07-20 18:28 . 2008-07-20 18:28 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-07-20 18:23 . 2008-07-20 18:23 <DIR> d-------- C:\Hijack

2008-07-20 17:42 . 2008-07-23 03:35 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-07-20 17:39 . 2008-07-20 17:39 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Ahead

2008-07-20 17:38 . 2008-07-20 17:38 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\CyberLink

2008-07-20 17:38 . 2008-07-20 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-07-20 17:38 . 2008-07-20 17:38 <DIR> d-------- C:\Arquivos de programas\Nero

2008-07-20 17:38 . 2008-07-20 17:39 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-07-20 17:37 . 2008-07-20 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-07-20 17:35 . 2008-07-20 17:36 <DIR> d-------- C:\Arquivos de programas\CyberLink

2008-07-20 17:35 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-07-20 15:20 . 2008-07-20 15:20 0 --a------ C:\WINDOWS\WB.ini

2008-07-20 15:13 . 2008-07-20 15:13 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2008-07-20 04:12 . 2008-07-22 21:59 <DIR> d-------- C:\downloads

2008-07-20 04:12 . 2008-07-23 00:21 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Orbit

2008-07-20 04:12 . 2008-07-20 04:12 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\GrabPro

2008-07-20 04:12 . 2008-07-22 13:44 <DIR> d-------- C:\Arquivos de programas\Orbitdownloader

2008-07-20 03:40 . 2008-07-20 03:40 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Media Player Classic

2008-07-20 03:32 . 2007-09-04 13:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-07-20 03:22 . 2008-07-04 03:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm

2008-07-20 03:22 . 2008-01-10 09:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-07-20 03:22 . 2004-01-25 13:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-07-20 03:22 . 2008-01-10 09:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-07-20 03:22 . 2007-09-20 21:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-07-20 03:22 . 2007-10-03 12:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-07-20 03:20 . 2008-05-22 19:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-07-20 03:19 . 2008-05-30 20:22 683,520 --a------ C:\WINDOWS\system32\divx.dll

2008-07-20 03:19 . 2008-05-22 19:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-07-20 03:14 . 2007-06-03 14:31 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-07-20 03:14 . 2006-12-10 23:32 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-07-20 03:13 . 2003-03-19 00:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-07-20 03:13 . 2004-01-11 19:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-07-20 03:12 . 2008-07-20 03:22 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-07-18 13:25 . 2008-07-23 00:21 24 --a------ C:\WINDOWS\LogonStudio.ini

2008-07-18 13:23 . 2008-07-18 13:23 <DIR> d-------- C:\Arquivos de programas\WinCustomize

2008-07-18 13:23 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-07-18 13:23 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll

2008-07-18 00:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-07-18 00:07 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-07-18 00:07 . 2008-07-18 00:07 120,251 -r-hs---- C:\ivcvknr.bat

2008-07-18 00:07 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-07-17 20:48 . 2008-07-17 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA

2008-07-17 03:11 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-17 03:11 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-17 03:04 . 2008-07-20 15:49 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Tibia

2008-07-17 03:04 . 2008-07-17 03:04 <DIR> d-------- C:\Arquivos de programas\Tibia

2008-07-17 03:00 . 2008-07-19 18:45 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-07-17 02:48 . 2008-07-17 02:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-07-17 02:48 . 2008-07-23 02:51 <DIR> d-------- C:\Documents and Settings\HTR\Contacts

2008-07-17 02:29 . 2008-07-17 02:31 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-07-17 02:29 . 2008-07-17 02:48 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-07-17 02:29 . 2008-07-17 02:37 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-07-17 02:23 . 2008-07-17 02:23 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-17 02:16 . 2008-07-17 02:16 <DIR> d---s---- C:\Documents and Settings\HTR\UserData

2008-07-17 01:54 . 2008-07-20 15:15 <DIR> d-------- C:\Arquivos de programas\Stardock

2008-07-17 01:54 . 2008-07-21 10:14 162,432 --a------ C:\WINDOWS\system32\drivers\vidstub.sys

2008-07-17 01:30 . 2008-07-17 01:30 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-07-17 01:30 . 2008-07-17 01:30 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-07-17 01:30 . 2008-07-17 01:30 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-07-17 01:27 . 2008-07-21 00:46 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp

2008-07-17 01:26 . 2008-07-17 01:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Stardock

2008-07-17 01:26 . 2008-07-21 00:46 <DIR> d-------- C:\Arquivos de programas\AlienGUIse

2008-07-17 01:26 . 2008-07-17 01:26 115,233 -r-hs---- C:\p83gjy.exe

2008-07-17 01:26 . 2008-07-20 17:42 77,312 --------- C:\WINDOWS\system32\ckvo1.dll

2008-07-17 01:26 . 2008-04-26 16:14 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2008-07-17 01:25 . 2008-07-16 13:09 117,001 -r-hs---- C:\33gmhso.bat

2008-07-17 01:22 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-07-17 01:09 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll

2008-07-17 01:03 . 2008-07-17 01:03 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-07-17 01:03 . 2008-07-19 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-07-17 01:02 . 2008-07-17 01:02 <DIR> dr-h----- C:\MSOCache

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-20 20:36 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-20 20:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-18 16:25 6,581,248 ----a-w C:\WINDOWS\system32\logonuiX.exe

2008-07-17 03:37 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-07-17 03:37 --------- d-----w C:\Arquivos de programas\Realtek

2008-07-17 03:26 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-07-17 03:25 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-07-17 03:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-21_ 4.17.13.51 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-12-31 02:16:36 313,344 ----a-w C:\WINDOWS\system32\avisynth.dll

+ 2004-05-26 12:37:34 719,872 ----a-w C:\WINDOWS\system32\devil.dll

- 2004-08-11 04:45:04 229,376 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll

+ 2007-10-20 09:01:32 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll

- 2004-08-11 04:45:06 2,362,104 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll

+ 2006-12-07 06:40:49 2,362,184 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll

- 2008-07-07 03:00:00 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll

+ 2007-12-21 06:00:00 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll

- 2008-07-07 03:00:00 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll

+ 2007-12-21 06:00:00 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll

- 2008-07-07 03:00:00 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll

+ 2007-12-21 06:00:00 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll

- 2008-07-07 03:00:00 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll

+ 2007-12-21 06:00:00 185,688 ----a-w C:\WINDOWS\system32\rmoc3260.dll

- 2004-08-11 04:45:04 229,376 ----a-w C:\WINDOWS\system32\wmasf.dll

+ 2007-10-20 09:01:32 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

- 2004-08-11 04:45:06 2,362,104 ----a-w C:\WINDOWS\system32\wmvcore.dll

+ 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"Steam"="C:\Arquivos de programas\Steam\Steam.exe" [2008-07-22 14:13 1271032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BootSkin Startup Jobs"="C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-03-24 13:37 262144]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 04:35 7630848]

"LogonStudio"="C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"SecurDisc"="C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 12:23 1620480]

"InCD"="C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-02-12 12:19 1050112]

"LFXH Agent"="C:\WINDOWS\system32\28463\LFXH.exe" [bU]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\HTR\Menu Iniciar\Programas\Inicializar\

Alienware Dock.lnk - C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-07-21 00:44:51 2074360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-07-20 04:12:06 1690824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2008-07-20 15:18 229376 C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^HTR^Menu Iniciar^Programas^Inicializar^WinFlip.exe]

path=C:\Documents and Settings\HTR\Menu Iniciar\Programas\Inicializar\WinFlip.exe

backup=C:\WINDOWS\pss\WinFlip.exeStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-08-16 04:35 7630848 C:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2006-08-16 04:35 86016 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-08-16 04:35 1617920 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2006-12-19 00:12 16062464 C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\Steam\\SteamApps\\xtm_004\\counter-strike source\\hl2.exe"=

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-23 04:23:34

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-07-23 4:25:10 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-23 07:25:08

ComboFix2.txt 2008-07-21 12:58:12

ComboFix3.txt 2008-07-21 07:17:30

 

Pre-Run: 8 pasta(s) 19,545,264,128 bytes disponíveis

Post-Run: 11 pasta(s) 19,579,658,240 bytes dispon¡veis

 

224 --- E O F --- 2008-07-22 16:35:40

 

_____________________________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:26:12, on 23/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LogonStudio] "C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [LFXH Agent] C:\WINDOWS\system32\28463\LFXH.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Alienware Dock.lnk = C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B780AFBB-D844-4C7E-8263-1E8F0D867FAA}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 5364 bytes

[DigRam 144]

Bom Dia! HTR

 

<@> Baixe: < Flash Disinfector >

<@> Salve-o,diretamente,no Disco Local-C.

<@> Conecte,na entrada USB,suas unidades removíveis!

<@> Dê um duplo clique em: Flash_Disinfector.exe

<@> Espere a conclusão!

----------------------

<@> Voçê está sem antivírus!

 

<!> Baixe: < http://antivir-personal-edition.pt.malavida.com/mvdwn/pt/350 >

 

<@> Instale o programa >> Atualize-o! >> Execute-o! >> Poste,à seguir,o relatório!

----------------------

<@> À seguir,faça outro scan com o ComboFix.exe,e poste: C:\ComboFix.txt

 

Abraços!

[HTR 0]

ComboFix 08-07-20.5 - HTR 2008-07-23 13:46:15.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.638 [GMT -3:00]

Executando de: C:\Documents and Settings\HTR\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\28463

C:\WINDOWS\system32\28463\AKV.exe

C:\WINDOWS\system32\28463\Jul_23_2008__04_45_32.jpg

C:\WINDOWS\system32\28463\Jul_23_2008__04_55_32.jpg

C:\WINDOWS\system32\28463\Jul_23_2008__13_18_43.jpg

C:\WINDOWS\system32\28463\Jul_23_2008__13_28_43.jpg

C:\WINDOWS\system32\28463\LFXH.001

C:\WINDOWS\system32\28463\LFXH.002

C:\WINDOWS\system32\28463\LFXH.002.tmp

C:\WINDOWS\system32\28463\LFXH.005

C:\WINDOWS\system32\28463\LFXH.005.tmp

C:\WINDOWS\system32\28463\LFXH.006

C:\WINDOWS\system32\28463\LFXH.007

C:\WINDOWS\system32\28463\LFXH.009

C:\WINDOWS\system32\28463\LFXH.009.tmp

C:\WINDOWS\system32\28463\LFXH.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))))

.

 

2008-07-23 13:38 . 2008-07-23 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-07-23 13:38 . 2008-07-23 13:38 <DIR> d-------- C:\Arquivos de programas\Avira

2008-07-23 13:06 . 2008-06-12 15:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-07-23 13:06 . 2007-07-10 13:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-07-23 13:04 . 2008-07-23 13:04 103,992 --a------ C:\Flash_Disinfector.exe

2008-07-23 04:45 . 2008-07-23 04:45 <DIR> d-------- C:\Arquivos de programas\Tibia8.10

2008-07-23 04:32 . 2008-07-23 04:32 <DIR> d-------- C:\Arquivos de programas\Remere's Map Editor

2008-07-23 03:45 . 2008-07-23 03:45 <DIR> d-------- C:\Arquivos de programas\vso

2008-07-23 03:21 . 2008-07-23 04:23 <DIR> d-------- C:\Arquivos de programas\The FilmMachine

2008-07-23 03:21 . 2008-07-23 03:21 <DIR> d-------- C:\Arquivos de programas\Real Alternative

2008-07-23 03:21 . 2008-07-23 03:21 <DIR> d-------- C:\Arquivos de programas\AviSynth 2.5

2008-07-23 00:51 . 2008-07-23 00:51 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter

2008-07-22 14:03 . 2008-07-23 13:48 <DIR> d-------- C:\Arquivos de programas\Steam

2008-07-21 04:17 . 2008-07-23 04:25 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-07-21 04:17 . 2008-07-23 04:25 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-07-21 04:17 . 2008-07-23 04:25 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-07-21 04:17 . 2008-07-23 04:25 <DIR> d-------- C:\Documents and Settings\HTR\Configurações locais

2008-07-21 01:11 . 2008-07-21 01:11 <DIR> d-------- C:\Arquivos de programas\Total Video Converter

2008-07-21 00:46 . 2005-02-01 13:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp

2008-07-20 18:28 . 2008-07-20 18:28 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-07-20 18:23 . 2008-07-20 18:23 <DIR> d-------- C:\Hijack

2008-07-20 17:42 . 2008-07-23 13:07 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-07-20 17:39 . 2008-07-20 17:39 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Ahead

2008-07-20 17:38 . 2008-07-20 17:38 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\CyberLink

2008-07-20 17:38 . 2008-07-20 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-07-20 17:38 . 2008-07-20 17:38 <DIR> d-------- C:\Arquivos de programas\Nero

2008-07-20 17:38 . 2008-07-20 17:39 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-07-20 17:37 . 2008-07-20 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-07-20 17:35 . 2008-07-20 17:36 <DIR> d-------- C:\Arquivos de programas\CyberLink

2008-07-20 17:35 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-07-20 15:20 . 2008-07-20 15:20 0 --a------ C:\WINDOWS\WB.ini

2008-07-20 15:13 . 2008-07-20 15:13 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2008-07-20 04:12 . 2008-07-22 21:59 <DIR> d-------- C:\downloads

2008-07-20 04:12 . 2008-07-23 13:48 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Orbit

2008-07-20 04:12 . 2008-07-20 04:12 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\GrabPro

2008-07-20 04:12 . 2008-07-22 13:44 <DIR> d-------- C:\Arquivos de programas\Orbitdownloader

2008-07-20 03:40 . 2008-07-20 03:40 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Media Player Classic

2008-07-20 03:32 . 2007-09-04 13:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-07-20 03:22 . 2008-07-04 03:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm

2008-07-20 03:22 . 2008-01-10 09:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-07-20 03:22 . 2004-01-25 13:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-07-20 03:22 . 2008-01-10 09:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-07-20 03:22 . 2007-09-20 21:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-07-20 03:22 . 2007-10-03 12:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-07-20 03:20 . 2008-05-22 19:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-07-20 03:19 . 2008-05-30 20:22 683,520 --a------ C:\WINDOWS\system32\divx.dll

2008-07-20 03:19 . 2008-05-22 19:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-07-20 03:13 . 2003-03-19 00:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-07-20 03:13 . 2004-01-11 19:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-07-20 03:12 . 2008-07-23 13:06 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-07-18 13:25 . 2008-07-23 13:48 24 --a------ C:\WINDOWS\LogonStudio.ini

2008-07-18 13:23 . 2008-07-18 13:23 <DIR> d-------- C:\Arquivos de programas\WinCustomize

2008-07-18 13:23 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-07-18 13:23 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll

2008-07-18 00:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-07-18 00:07 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-07-18 00:07 . 2008-07-18 00:07 120,251 -r-hs---- C:\ivcvknr.bat

2008-07-18 00:07 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-07-17 20:48 . 2008-07-17 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA

2008-07-17 03:11 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-17 03:11 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-17 03:04 . 2008-07-20 15:49 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Tibia

2008-07-17 03:04 . 2008-07-17 03:04 <DIR> d-------- C:\Arquivos de programas\Tibia

2008-07-17 03:00 . 2008-07-19 18:45 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-07-17 02:48 . 2008-07-17 02:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-07-17 02:48 . 2008-07-23 02:51 <DIR> d-------- C:\Documents and Settings\HTR\Contacts

2008-07-17 02:29 . 2008-07-17 02:31 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-07-17 02:29 . 2008-07-17 02:48 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-07-17 02:29 . 2008-07-17 02:37 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-07-17 02:23 . 2008-07-17 02:23 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-17 02:16 . 2008-07-17 02:16 <DIR> d---s---- C:\Documents and Settings\HTR\UserData

2008-07-17 01:54 . 2008-07-20 15:15 <DIR> d-------- C:\Arquivos de programas\Stardock

2008-07-17 01:54 . 2008-07-21 10:14 162,432 --a------ C:\WINDOWS\system32\drivers\vidstub.sys

2008-07-17 01:30 . 2008-07-17 01:30 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-07-17 01:30 . 2008-07-17 01:30 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-07-17 01:30 . 2008-07-17 01:30 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-07-17 01:27 . 2008-07-21 00:46 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp

2008-07-17 01:26 . 2008-07-17 01:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Stardock

2008-07-17 01:26 . 2008-07-21 00:46 <DIR> d-------- C:\Arquivos de programas\AlienGUIse

2008-07-17 01:26 . 2008-07-17 01:26 115,233 -r-hs---- C:\p83gjy.exe

2008-07-17 01:26 . 2008-07-20 17:42 77,312 --------- C:\WINDOWS\system32\ckvo1.dll

2008-07-17 01:26 . 2008-04-26 16:14 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2008-07-17 01:25 . 2008-07-16 13:09 117,001 -r-hs---- C:\33gmhso.bat

2008-07-17 01:22 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-07-17 01:09 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll

2008-07-17 01:03 . 2008-07-17 01:03 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-07-17 01:03 . 2008-07-19 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-07-17 01:02 . 2008-07-17 01:02 <DIR> dr-h----- C:\MSOCache

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-20 20:36 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-20 20:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-18 16:25 6,581,248 ----a-w C:\WINDOWS\system32\logonuiX.exe

2008-07-17 03:37 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-07-17 03:37 --------- d-----w C:\Arquivos de programas\Realtek

2008-07-17 03:26 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-07-17 03:25 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-07-17 03:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-21_ 4.17.13.51 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-23 07:32:31 16,958 ----a-r C:\WINDOWS\Installer\{26D5FCD4-F10A-4DFC-BE75-BAADBA349A1B}\_21F3885A18D238E15AAE81.exe

+ 2008-07-23 07:32:31 10,134 ----a-r C:\WINDOWS\Installer\{26D5FCD4-F10A-4DFC-BE75-BAADBA349A1B}\_5CF1B4D8BBE351A0AF5756.exe

+ 2008-07-23 07:32:31 16,958 ----a-r C:\WINDOWS\Installer\{26D5FCD4-F10A-4DFC-BE75-BAADBA349A1B}\_6FEFF9B68218417F98F549.exe

+ 2008-07-23 07:32:31 16,958 ----a-r C:\WINDOWS\Installer\{26D5FCD4-F10A-4DFC-BE75-BAADBA349A1B}\_9EFE9DD647EB19379EBA8E.exe

+ 2008-07-23 07:32:31 16,958 ----a-r C:\WINDOWS\Installer\{26D5FCD4-F10A-4DFC-BE75-BAADBA349A1B}\_DEBA1F3AA4AE73AA7434FF.exe

+ 2006-12-31 02:16:36 313,344 ----a-w C:\WINDOWS\system32\avisynth.dll

+ 2004-05-26 12:37:34 719,872 ----a-w C:\WINDOWS\system32\devil.dll

- 2004-08-11 04:45:04 229,376 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll

+ 2007-10-20 09:01:32 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll

- 2004-08-11 04:45:06 2,362,104 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll

+ 2006-12-07 06:40:49 2,362,184 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll

+ 2008-05-09 16:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys

+ 2008-01-21 21:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys

+ 2008-06-27 18:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys

+ 2007-03-01 13:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys

- 2008-07-07 03:00:00 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll

+ 2007-12-21 06:00:00 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll

- 2008-07-07 03:00:00 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll

+ 2007-12-21 06:00:00 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll

- 2008-07-07 03:00:00 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll

+ 2007-12-21 06:00:00 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll

- 2008-07-07 03:00:00 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll

+ 2007-12-21 06:00:00 185,688 ----a-w C:\WINDOWS\system32\rmoc3260.dll

- 2004-08-11 04:45:04 229,376 ----a-w C:\WINDOWS\system32\wmasf.dll

+ 2007-10-20 09:01:32 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

- 2004-08-11 04:45:06 2,362,104 ----a-w C:\WINDOWS\system32\wmvcore.dll

+ 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll

+ 2007-11-06 23:23:58 224,768 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll

+ 2007-11-07 04:19:34 568,832 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll

+ 2007-11-07 04:19:34 655,872 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"Steam"="C:\Arquivos de programas\Steam\Steam.exe" [2008-07-22 14:13 1271032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BootSkin Startup Jobs"="C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-03-24 13:37 262144]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 04:35 7630848]

"LogonStudio"="C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"SecurDisc"="C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 12:23 1620480]

"InCD"="C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-02-12 12:19 1050112]

"LFXH Agent"="C:\WINDOWS\system32\28463\LFXH.exe" [bU]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\HTR\Menu Iniciar\Programas\Inicializar\

Alienware Dock.lnk - C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-07-21 00:44:51 2074360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-07-20 04:12:06 1690824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2008-07-20 15:18 229376 C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^HTR^Menu Iniciar^Programas^Inicializar^WinFlip.exe]

path=C:\Documents and Settings\HTR\Menu Iniciar\Programas\Inicializar\WinFlip.exe

backup=C:\WINDOWS\pss\WinFlip.exeStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-08-16 04:35 7630848 C:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2006-08-16 04:35 86016 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-08-16 04:35 1617920 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2006-12-19 00:12 16062464 C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\Steam\\SteamApps\\xtm_004\\counter-strike source\\hl2.exe"=

 

 

*Newly Created Service* - SSMDRV

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.dufpy.com

O8 -: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 -: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 -: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 -: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-23 13:48:32

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-07-23 13:49:57 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-23 16:49:54

ComboFix2.txt 2008-07-23 07:25:11

ComboFix3.txt 2008-07-21 12:58:12

ComboFix4.txt 2008-07-21 07:17:30

 

Pre-Run: 8 pasta(s) 19,244,834,816 bytes disponíveis

Post-Run: 12 pasta(s) 19,241,484,288 bytes dispon¡veis

 

261 --- E O F --- 2008-07-22 16:35:40

[DigRam 144]

Boa Tarde! HTR

 

<@> Selecione e copie,todo o conteúdo que está na área do Código,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\system32\ckvo1.dll

C:\ivcvknr.bat

C:\p83gjy.exe

C:\33gmhso.bat

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LFXH Agent"=-

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Reinicie o computador!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HJT,atualizado.

<@> Ps: Voçê baixou o Avira? Se o fez,rode-o e poste o relatório.

<@> Se for muito grande,divida-o em 2 Posts.

 

Abraços!

[HTR 0]

ComboFix 08-07-20.5 - HTR 2008-07-24 3:45:25.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.526 [GMT -3:00]

Executando de: C:\Documents and Settings\HTR\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\HTR\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE ::

C:\33gmhso.bat

C:\ivcvknr.bat

C:\p83gjy.exe

C:\WINDOWS\system32\ckvo1.dll

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\33gmhso.bat

C:\Documents and Settings\HTR\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\ivcvknr.bat

C:\p83gjy.exe

C:\WINDOWS\system32\ckvo1.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-24 to 2008-07-24 ))))))))))))))))))))))))))))))))

.

 

2008-07-24 02:57 . 2008-07-24 02:58 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-07-23 13:38 . 2008-07-23 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-07-23 13:38 . 2008-07-23 13:38 <DIR> d-------- C:\Arquivos de programas\Avira

2008-07-23 13:06 . 2008-06-12 15:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-07-23 13:06 . 2007-07-10 13:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-07-23 13:04 . 2008-07-23 13:04 103,992 --a------ C:\Flash_Disinfector.exe

2008-07-23 04:45 . 2008-07-23 04:45 <DIR> d-------- C:\Arquivos de programas\Tibia8.10

2008-07-23 04:32 . 2008-07-23 04:32 <DIR> d-------- C:\Arquivos de programas\Remere's Map Editor

2008-07-23 03:45 . 2008-07-23 03:45 <DIR> d-------- C:\Arquivos de programas\vso

2008-07-23 03:21 . 2008-07-23 04:23 <DIR> d-------- C:\Arquivos de programas\The FilmMachine

2008-07-23 03:21 . 2008-07-23 03:21 <DIR> d-------- C:\Arquivos de programas\Real Alternative

2008-07-23 03:21 . 2008-07-23 03:21 <DIR> d-------- C:\Arquivos de programas\AviSynth 2.5

2008-07-23 00:51 . 2008-07-23 00:51 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter

2008-07-22 14:03 . 2008-07-24 03:22 <DIR> d-------- C:\Arquivos de programas\Steam

2008-07-21 04:17 . 2008-07-23 13:49 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-07-21 04:17 . 2008-07-23 13:49 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-07-21 04:17 . 2008-07-23 13:49 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-07-21 04:17 . 2008-07-23 13:49 <DIR> d-------- C:\Documents and Settings\HTR\Configuraþ§es locais

2008-07-21 01:11 . 2008-07-21 01:11 <DIR> d-------- C:\Arquivos de programas\Total Video Converter

2008-07-21 00:46 . 2005-02-01 13:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp

2008-07-20 18:28 . 2008-07-20 18:28 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-07-20 18:23 . 2008-07-20 18:23 <DIR> d-------- C:\Hijack

2008-07-20 17:42 . 2008-07-24 02:10 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-07-20 17:39 . 2008-07-24 01:44 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Ahead

2008-07-20 17:38 . 2008-07-20 17:38 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\CyberLink

2008-07-20 17:38 . 2008-07-20 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-07-20 17:38 . 2008-07-20 17:38 <DIR> d-------- C:\Arquivos de programas\Nero

2008-07-20 17:38 . 2008-07-20 17:39 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-07-20 17:37 . 2008-07-20 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-07-20 17:35 . 2008-07-20 17:36 <DIR> d-------- C:\Arquivos de programas\CyberLink

2008-07-20 17:35 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-07-20 15:20 . 2008-07-20 15:20 0 --a------ C:\WINDOWS\WB.ini

2008-07-20 15:13 . 2008-07-20 15:13 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2008-07-20 04:12 . 2008-07-22 21:59 <DIR> d-------- C:\downloads

2008-07-20 04:12 . 2008-07-23 14:57 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Orbit

2008-07-20 04:12 . 2008-07-20 04:12 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\GrabPro

2008-07-20 04:12 . 2008-07-22 13:44 <DIR> d-------- C:\Arquivos de programas\Orbitdownloader

2008-07-20 03:40 . 2008-07-20 03:40 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Media Player Classic

2008-07-20 03:32 . 2007-09-04 13:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-07-20 03:22 . 2008-07-04 03:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm

2008-07-20 03:22 . 2008-01-10 09:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-07-20 03:22 . 2004-01-25 13:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-07-20 03:22 . 2008-01-10 09:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-07-20 03:22 . 2007-09-20 21:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-07-20 03:22 . 2007-10-03 12:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-07-20 03:20 . 2008-05-22 19:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-07-20 03:19 . 2008-05-30 20:22 683,520 --a------ C:\WINDOWS\system32\divx.dll

2008-07-20 03:19 . 2008-05-22 19:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-07-20 03:13 . 2003-03-19 00:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-07-20 03:13 . 2004-01-11 19:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-07-20 03:12 . 2008-07-23 13:06 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-07-18 13:25 . 2008-07-23 23:14 24 --a------ C:\WINDOWS\LogonStudio.ini

2008-07-18 13:23 . 2008-07-18 13:23 <DIR> d-------- C:\Arquivos de programas\WinCustomize

2008-07-18 13:23 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-07-18 13:23 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll

2008-07-18 00:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-07-18 00:07 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-07-18 00:07 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-07-17 20:48 . 2008-07-17 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA

2008-07-17 03:11 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-17 03:11 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-17 03:04 . 2008-07-20 15:49 <DIR> d-------- C:\Documents and Settings\HTR\Dados de aplicativos\Tibia

2008-07-17 03:04 . 2008-07-17 03:04 <DIR> d-------- C:\Arquivos de programas\Tibia

2008-07-17 03:00 . 2008-07-19 18:45 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-07-17 02:48 . 2008-07-17 02:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-07-17 02:48 . 2008-07-23 02:51 <DIR> d-------- C:\Documents and Settings\HTR\Contacts

2008-07-17 02:29 . 2008-07-17 02:31 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-07-17 02:29 . 2008-07-17 02:48 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-07-17 02:29 . 2008-07-17 02:37 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-07-17 02:23 . 2008-07-17 02:23 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-17 02:16 . 2008-07-17 02:16 <DIR> d---s---- C:\Documents and Settings\HTR\UserData

2008-07-17 01:54 . 2008-07-20 15:15 <DIR> d-------- C:\Arquivos de programas\Stardock

2008-07-17 01:54 . 2008-07-21 10:14 162,432 --a------ C:\WINDOWS\system32\drivers\vidstub.sys

2008-07-17 01:30 . 2008-07-17 01:30 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-07-17 01:30 . 2008-07-17 01:30 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-07-17 01:30 . 2008-07-17 01:30 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-07-17 01:27 . 2008-07-21 00:46 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp

2008-07-17 01:26 . 2008-07-17 01:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Stardock

2008-07-17 01:26 . 2008-07-21 00:46 <DIR> d-------- C:\Arquivos de programas\AlienGUIse

2008-07-17 01:26 . 2008-04-26 16:14 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2008-07-17 01:22 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-07-17 01:09 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll

2008-07-17 01:03 . 2008-07-17 01:03 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-07-17 01:03 . 2008-07-19 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-07-17 01:02 . 2008-07-17 01:02 <DIR> dr-h----- C:\MSOCache

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-20 20:36 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-20 20:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-18 16:25 6,581,248 ----a-w C:\WINDOWS\system32\logonuiX.exe

2008-07-17 03:37 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-07-17 03:37 --------- d-----w C:\Arquivos de programas\Realtek

2008-07-17 03:26 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-07-17 03:25 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-07-17 03:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

.

 

((((((((((((((((((((((((((((( snapshot_2008-07-23_13.49.37.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-24 05:58:13 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1046-7B44-A81200000003}\SC_Reader.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"Steam"="C:\Arquivos de programas\Steam\Steam.exe" [2008-07-22 14:13 1271032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BootSkin Startup Jobs"="C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-03-24 13:37 262144]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 04:35 7630848]

"LogonStudio"="C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"SecurDisc"="C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 12:23 1620480]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\HTR\Menu Iniciar\Programas\Inicializar\

Alienware Dock.lnk - C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-07-21 00:44:51 2074360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2008-07-20 15:18 229376 C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^HTR^Menu Iniciar^Programas^Inicializar^WinFlip.exe]

path=C:\Documents and Settings\HTR\Menu Iniciar\Programas\Inicializar\WinFlip.exe

backup=C:\WINDOWS\pss\WinFlip.exeStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--a------ 2007-02-12 12:19 1050112 C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LFXH Agent]

C:\WINDOWS\system32\28463\LFXH.exe [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-08-16 04:35 7630848 C:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2006-08-16 04:35 86016 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-08-16 04:35 1617920 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2006-12-19 00:12 16062464 C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\Steam\\SteamApps\\xtm_004\\counter-strike source\\hl2.exe"=

 

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-24 03:46:26

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-24 3:46:53

ComboFix-quarantined-files.txt 2008-07-24 06:46:51

ComboFix2.txt 2008-07-23 16:49:58

ComboFix3.txt 2008-07-23 07:25:11

ComboFix4.txt 2008-07-21 12:58:12

ComboFix5.txt 2008-07-24 06:45:11

 

Pre-Run: 8 pasta(s) 18,839,183,360 bytes disponíveis

Post-Run: 11 pasta(s) 18,829,361,152 bytes disponíveis

 

205 --- E O F --- 2008-07-22 16:35:40

 

_______________________

 

Opa...eu instalei sim o avira..porem naum tive tempo de fazer o relatorio com ele...posto amanha ok...

 

vlw

 

abraços

[DigRam 144]

Bom Dia! HTR

 

Opa...eu instalei sim o avira..porem naum tive tempo de fazer o relatorio com ele...posto amanha ok...

<!> Ok!

-----------------------

<@> No Executar,digite: ComboFix.exe /u --> Clique: OK

<@> Na solicitação,escolha o dois. ( 2 ) >> Aguarde a desinstalação!

-----------------------

<@> Poste: Relatório do Avira + HJT,atualizado.

 

Abraços!

[HTR 0]

Avira AntiVir Personal

Report file date: sexta-feira, 25 de julho de 2008 23:13

 

Scanning for 1510258 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: HTR

Computer name: GLAUCO

 

Version information:

BUILD.DAT : 8.1.0.326 16933 Bytes 11/7/2008 12:57:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/6/2008 13:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/5/2008 12:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/6/2008 17:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/5/2008 12:58:52

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/7/2007 15:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/6/2008 18:54:15

ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 25/7/2008 02:04:43

ANTIVIR3.VDF : 7.0.5.175 2048 Bytes 25/7/2008 02:04:46

Engineversion : 8.1.1.12

AEVDF.DLL : 8.1.0.5 102772 Bytes 9/7/2008 13:46:50

AESCRIPT.DLL : 8.1.0.59 307579 Bytes 23/7/2008 16:43:02

AESCN.DLL : 8.1.0.23 119156 Bytes 23/7/2008 16:42:56

AERDL.DLL : 8.1.0.20 418165 Bytes 9/7/2008 13:46:50

AEPACK.DLL : 8.1.2.1 364917 Bytes 23/7/2008 16:42:54

AEOFFICE.DLL : 8.1.0.21 192891 Bytes 23/7/2008 16:42:47

AEHEUR.DLL : 8.1.0.44 1343863 Bytes 24/7/2008 23:22:10

AEHELP.DLL : 8.1.0.15 115063 Bytes 9/7/2008 13:46:50

AEGEN.DLL : 8.1.0.31 311669 Bytes 24/7/2008 23:21:45

AEEMU.DLL : 8.1.0.6 430451 Bytes 9/7/2008 13:46:50

AECORE.DLL : 8.1.1.7 172406 Bytes 24/7/2008 23:21:24

AEBB.DLL : 8.1.0.1 53617 Bytes 24/4/2008 13:50:42

AVWINLL.DLL : 1.0.0.12 15105 Bytes 9/7/2008 13:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/5/2008 14:28:01

AVREP.DLL : 8.0.0.2 98561 Bytes 26/7/2008 02:04:48

AVREG.DLL : 8.0.0.1 33537 Bytes 9/5/2008 16:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/2/2008 13:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/6/2008 17:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/1/2008 22:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/6/2008 17:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/1/2008 17:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/6/2008 18:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/6/2008 18:34:37

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: c:\arquivos de programas\avira\antivir personaledition classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:, E:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: sexta-feira, 25 de julho de 2008 23:13

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'usnsvc.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned

Scan process 'RichVideo.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'mdm.exe' - '1' Module(s) have been scanned

Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'NBHGui.exe' - '1' Module(s) have been scanned

Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

29 processes with 29 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '46' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Arquivos de programas\Adobe\Adobe Help Viewer\1.0\ahv.exe

[DETECTION] Contains code of the W32/Parite Windows virus

[NOTE] The file was moved to '490088b4.qua'!

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

[DETECTION] Contains code of the W32/Parite Windows virus

[NOTE] The file was moved to '48fc88b1.qua'!

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

[DETECTION] Contains code of the W32/Parite Windows virus

[NOTE] The file was moved to '48fc88b3.qua'!

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

[DETECTION] Contains code of the W32/Parite Windows virus

[NOTE] The file was moved to '48f988b8.qua'!

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeUpdateCheck.exe

[DETECTION] Contains code of the W32/Parite Windows virus

[NOTE] The file was moved to '48f988ba.qua'!

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\PDFPrevHndlrShim.exe

[DETECTION] Contains code of the W32/Parite Windows virus

[NOTE] The file was moved to '48d0889c.qua'!

C:\QooBox\Quarantine\C\33gmhso.bat.vir

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\ivcvknr.bat.vir

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\p83gjy.exe.vir

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\ckvo0.dll.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\ckvo1.dll.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\28463\AKV.exe.vir

[DETECTION] Is the TR/Spy.Ardamax.A.1 Trojan

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\28463\LFXH.007.vir

[DETECTION] Is the TR/Keylog.Ardamax.NAF Trojan

[NOTE] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\28463\LFXH.exe.vir

[DETECTION] Is the TR/Spy.Ardamax.J Trojan

[NOTE] The file was deleted!

Begin scan in 'D:\'

Begin scan in 'E:\'

Search path E:\ could not be opened!

System error [21]: O dispositivo não está pronto.

 

 

End of the scan: sexta-feira, 25 de julho de 2008 23:24

Used time: 11:14 Minute(s)

 

The scan has been done completely.

 

2223 Scanning directories

106027 Files were scanned

14 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

8 files were deleted

0 files were repaired

6 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

106012 Files not concerned

1489 Archives were scanned

1 Warnings

14 Notes

 

_______________________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:42:04, on 25/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LogonStudio] "C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Alienware Dock.lnk = C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B780AFBB-D844-4C7E-8263-1E8F0D867FAA}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 5927 bytes

 

 

___________

 

taew...

 

Abraços

[DigRam 144]

Bom Dia! HTR

 

<!> Limpe a quarentena do Avira.

--------------------------

<!> Se a remoção do ComboFix,pelo Executar,não funcionar!

<!> DELETE: C:\QooBox <-- A pasta!

--------------------------

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

<!> O log está limpo! :thumbsup:

<!> Bom trabalho!

 

Abraços!

[HTR 0]

Opa...meu pc ta limpo mais eu esqueci de agradecer..

 

valeu aii..

 

mto obrigado msm...

 

me ajudo mto..

 

forum aki mto bom tbm... :clap:

 

vlwss

 

Abraçoss :thumbsup:

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.