Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Kronnus

[Resolvido!]  Analisem meu log !

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Silas Martins    0

Silas Martins
Postado

Reinicie em modo de segurança (na inicialização quando der o beep segure f8 até que apareça a tela para seleciona modo de segurança)

Feito isso Sigas as instruções abaixo:

Selecione e copie o texto abaixo, Abra o Bloco de notas e copie a entrada abaixo citada:

File::

C:\WINDOWS\system32\ssblkf.exe

C:\WINDOWS\system32\sblkf.exe

 

Salve então, na área de trabalho, com o nome de CFScript.txt

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

CFScript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Poste-o juntamente com o novo log do hijackthis

 

Aguardo retorno

Compartilhar este post

Link para o post
Compartilhar em outros sites

Kronnus    0

Kronnus
Postado

Logfile of HijackThis v1.99.1

Scan saved at 09:41:30, on 6/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\ARQUIV~1\Crawler\Toolbar\CToolbar.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Jogos\CONFIG~1\Temp\Rar$EX00.922\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Agente do Blok Free] C:\Arquivos de programas\Blok Free 2\agente.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - Startup: ADSL.lnk = ?

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205871666781

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)

 

 

 

ComboFix 08-08-04.09 - Jogos 2008-08-06 9:28:50.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.791 [GMT -3:00]

Executando de: C:\Documents and Settings\Jogos\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Jogos\Desktop\CFScript.txt

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

C:\WINDOWS\system32\sblkf.exe

C:\WINDOWS\system32\ssblkf.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\sblkf.exe

C:\WINDOWS\system32\ssblkf.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ssblkfn

-------\Service_ssblkfn

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-07-06 to 2008-08-06 ))))))))))))))))))))))))))))))))

.

 

2009-03-22 21:15 . 2009-03-22 21:15 258,352 --------- C:\WINDOWS\system32\unicows.dll

2008-08-03 11:52 . 2008-08-03 11:52 <DIR> d-------- C:\Documents and Settings\Jogos\LocalLow

2008-08-03 11:52 . 2008-08-03 11:52 <DIR> d-------- C:\Documents and Settings\Jogos\Dados de aplicativos\TVU Networks

2008-08-03 11:52 . 2008-08-03 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TVU Networks

2008-08-03 11:52 . 2008-08-04 10:15 <DIR> d-------- C:\Arquivos de programas\TVUPlayer

2008-08-03 11:34 . 2008-08-04 10:15 <DIR> d-------- C:\Arquivos de programas\Skat

2008-08-03 11:34 . 2007-06-04 19:58 115,016 --a------ C:\WINDOWS\system32\msinet.ocx

2008-08-03 10:36 . 2008-08-03 10:36 <DIR> d-------- C:\Arquivos de programas\Blok Free 2

2008-08-03 04:21 . 2008-08-03 10:36 <DIR> d-------- C:\~BCWipe.stu

2008-08-01 13:32 . 2008-04-13 19:20 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-08-01 13:32 . 2008-04-13 11:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-08-01 13:32 . 2008-04-13 11:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-08-01 13:32 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-07-30 11:32 . 2008-07-30 11:32 <DIR> d-------- C:\Documents and Settings\Jogos\Dados de aplicativos\Cimaware

2008-07-30 11:32 . 2008-07-30 12:11 <DIR> d-------- C:\Arquivos de programas\Cimaware

2008-07-30 11:13 . 2008-08-01 10:29 1,905 --a------ C:\WINDOWS\diagwrn.xml

2008-07-30 11:13 . 2008-08-01 10:29 1,905 --a------ C:\WINDOWS\diagerr.xml

2008-07-30 11:10 . 2008-07-30 11:10 <DIR> d-------- C:\Arquivos de programas\Toshiba

2008-07-29 13:46 . 2008-07-29 13:46 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll

2008-07-29 13:44 . 2008-07-29 13:45 <DIR> d-------- C:\WINDOWS\ERUNT

2008-07-29 13:41 . 2008-08-05 14:04 <DIR> d-------- C:\SDFix

2008-07-29 13:37 . 2008-07-29 13:40 1,460,442 --a------ C:\SDFix.exe

2008-07-26 11:47 . 2008-07-26 11:47 <DIR> d-------- C:\tecno retro

2008-07-23 10:33 . 2008-07-23 10:42 <DIR> d-------- C:\MSNFix

2008-07-22 10:00 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-07-22 09:54 . 2008-07-22 09:54 <DIR> d-------- C:\Arquivos de programas\Panda Security

2008-07-21 11:30 . 2008-07-31 14:28 <DIR> d-------- C:\LinhaDefensiva

2008-07-19 10:08 . 2008-07-24 12:24 <DIR> d-------- C:\!KillBox

2008-07-18 10:58 . 2008-07-22 11:35 <DIR> d-------- C:\Documents and Settings\Jogos\Dados de aplicativos\Spyware Terminator

2008-07-18 10:58 . 2008-07-22 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-07-18 10:58 . 2008-07-21 10:07 <DIR> d-------- C:\Arquivos de programas\Spyware Terminator

2008-07-18 10:58 . 2008-07-18 10:58 <DIR> d-------- C:\Arquivos de programas\Crawler

2008-07-18 10:58 . 2008-07-18 10:58 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2008-07-17 11:33 . 2008-07-30 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-07-17 11:33 . 2008-07-17 11:33 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-07-17 10:13 . 2008-07-17 10:13 <DIR> d-------- C:\Arquivos de programas\Avira

2008-07-16 12:13 . 2008-07-16 12:13 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritos

2008-07-16 12:09 . 2008-07-16 12:09 <DIR> d-------- C:\Arquivos de programas\Sygate

2008-07-16 12:09 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll

2008-07-16 12:09 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys

2008-07-16 12:09 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys

2008-07-16 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys

2008-07-16 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys

2008-07-16 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys

2008-07-16 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys

2008-07-16 11:53 . 2008-07-16 11:53 <DIR> d-------- C:\Arquivos de programas\AxBx

2008-07-15 11:11 . 2008-07-15 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-07-15 11:11 . 2008-07-15 11:11 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2008-07-09 11:39 . 2008-05-09 07:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll

2008-07-09 11:39 . 2008-05-09 07:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll

2008-07-09 11:39 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-07-09 11:39 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-07-09 11:39 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-07-09 11:39 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-07-09 11:39 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

2008-07-08 11:21 . 2008-07-08 11:26 23,983 --a------ C:\Nvu.htm

2008-07-06 20:31 . 2008-08-06 09:18 <DIR> d--h----- C:\Documents and Settings\LocalService\Help

2008-07-06 15:38 . 2008-08-03 04:03 <DIR> d--h----- C:\Documents and Settings\Jogos\Help

2008-07-06 15:38 . 2008-07-07 10:02 <DIR> d--h----- C:\Documents and Settings\All Users\Help

2008-07-06 15:38 . 2008-04-13 10:40 527,360 --a------ C:\WINDOWS\system32\abkf.dat

2008-07-06 15:38 . 2008-03-13 09:19 407,552 --a------ C:\WINDOWS\system32\sbkf.dat

2008-07-06 12:03 . 2008-08-04 10:15 6,656 --ahs---- C:\WINDOWS\Thumbs.db

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-04 13:59 2,516 --sha-w C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-08-04 13:15 6,144 --sha-w C:\Arquivos de programas\Thumbs.db

2008-08-04 13:12 --------- d-----w C:\Arquivos de programas\DreMule

2008-07-23 17:22 --------- d-----w C:\Arquivos de programas\GbPluggin

2008-07-22 14:38 --------- d-----w C:\Arquivos de programas\ESET

2008-07-17 14:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-07-17 13:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-07-16 14:43 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-16 14:33 --------- d-----w C:\Arquivos de programas\a-squared Free

2008-07-15 15:20 --------- d-----w C:\Arquivos de programas\Wise Registry Cleaner 3

2008-07-14 14:57 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-07-11 14:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Corel

2008-07-06 15:03 --------- d-----w C:\Arquivos de programas\Xvid

2008-07-06 15:03 --------- d-----w C:\Arquivos de programas\QuickTime

2008-07-06 15:03 --------- d-----w C:\Arquivos de programas\D-Link

2008-07-05 20:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-07-05 20:47 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-07-05 20:32 --------- d-----w C:\Arquivos de programas\Ahead

2008-07-05 20:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-07-01 16:46 --------- d-----w C:\Arquivos de programas\CPUFSB

2008-06-29 15:34 48,814 ----a-w C:\WINDOWS\BS_DEF.sys

2008-06-28 13:08 --------- d-----w C:\Arquivos de programas\Livid CellDEMO

2008-06-27 12:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Agnitum Shared

2008-06-26 13:13 --------- d-----w C:\Arquivos de programas\Marcos Velasco Security

2008-06-26 13:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-06-22 01:54 --------- d-----w C:\Arquivos de programas\DsNET Corp

2008-06-20 14:15 --------- d-----w C:\Documents and Settings\Jogos\Dados de aplicativos\Auslogics

2008-06-20 14:15 --------- d-----w C:\Arquivos de programas\Auslogics

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-19 12:48 --------- d-----w C:\Arquivos de programas\Microsoft Silverlight

2008-06-16 01:04 --------- d-----w C:\Documents and Settings\Jogos\Dados de aplicativos\DNA

2008-06-14 17:34 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 13:22 --------- d-----w C:\Arquivos de programas\Motorola Phone Tools

2008-06-10 13:22 --------- d-----w C:\Arquivos de programas\GTA Underground

2008-06-10 13:22 --------- d-----w C:\Arquivos de programas\eMule

2008-06-10 13:22 --------- d-----w C:\Arquivos de programas\DVD Photo Slideshow Professional

2008-05-31 13:30 88 --sh--r C:\Documents and Settings\All Users\Dados de aplicativos\CFC6F53F6A.sys

2008-04-03 14:24 87,608 ------w C:\Documents and Settings\Jogos\Dados de aplicativos\ezpinst.exe

2008-04-03 14:24 47,360 ------w C:\Documents and Settings\Jogos\Dados de aplicativos\pcouffin.sys

2008-03-30 17:56 25,600 ------w C:\Documents and Settings\Jogos\usbsermptxp.sys

2008-03-30 17:56 22,768 ------w C:\Documents and Settings\Jogos\usbsermpt.sys

2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll

2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-23_14.24.32.56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 23:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE

+ 2008-07-28 03:36:28 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-07-29 17:01:47 9,928,704 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat

+ 2008-07-29 17:01:48 552,960 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-07-28 03:36:28 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-07-29 16:45:14 8,876,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat

+ 2008-07-29 16:45:14 552,960 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2005-07-11 21:58:00 3,712 -c--a-w C:\WINDOWS\system32\DRVSTORE\toshidpt_26E3BE5992EC9A00CFDEA8BE0C424743F133FEC7\Toshidpt.sys

+ 2006-10-10 22:33:00 41,600 -c--a-w C:\WINDOWS\system32\DRVSTORE\tosporte_E6A1E0CBCA680CD394A3D76A1621828745E553F2\tosporte.sys

+ 2007-02-22 22:56:24 113,920 -c--a-w C:\WINDOWS\system32\DRVSTORE\tosrfbd_9A2D66C05DEACA62E75995A5D4E151F7DF3C5147\tosrfbd.sys

+ 2006-11-20 20:55:16 36,480 -c--a-w C:\WINDOWS\system32\DRVSTORE\tosrfbnp_DF76E77A8AA901AD8E1F2B9E5767152317C7638A\tosrfbnp.sys

+ 2005-08-01 19:45:00 64,896 -c--a-w C:\WINDOWS\system32\DRVSTORE\tosrfcom_3923E629AD952A5AB1B43A91FA8A667C1E31464F\tosrfcom.sys

+ 2007-03-01 19:53:12 73,728 -c--a-w C:\WINDOWS\system32\DRVSTORE\tosrfhid_8E2C9EC4C955CC12F9D714FCD92486F0D4EAD5E7\Tosrfhid.sys

+ 2005-01-06 16:42:00 18,612 -c--a-w C:\WINDOWS\system32\DRVSTORE\tosrfnds_2BDC22AA8712C036D8C102AEC03CCEB1F2514A6D\tosrfnds.sys

+ 2007-01-22 13:43:26 53,376 -c--a-w C:\WINDOWS\system32\DRVSTORE\tosrfsnd_275F5E247AB2523784723BE47D17974A4617C4EA\TosRfSnd.sys

+ 2007-03-01 01:27:06 41,344 -c--a-w C:\WINDOWS\system32\DRVSTORE\tosrfusb_77556D0856542CD5CBF03D4066CD45B4B5072CE5\tosrfusb.sys

+ 2006-10-18 09:32:38 807,032 ----a-w C:\WINDOWS\system32\wmv9dmod.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:20 15360]

"WMPNSCFG"="C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:32 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 09:44 36864]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-13 23:51 352256]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-24 23:33 7323648]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-24 23:33 86016]

"SmcService"="C:\ARQUIV~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"SpywareTerminator"="C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" [2008-07-18 10:58 1809408]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-02-18 20:20 185896]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-05 10:30 98304]

"Agente do Blok Free"="C:\Arquivos de programas\Blok Free 2\agente.exe" [2008-04-13 10:40 527360]

"nwiz"="nwiz.exe" [2006-07-24 23:33 1519616 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 03:00 16050176 C:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:20 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisableLocalMachineRun"= 1 (0x1)

"DisableLocalMachineRunOnce"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

"vidc.yv12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^GammaTray.lnk]

backup=C:\WINDOWS\pss\GammaTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^InterVideo WinCinema Manager.lnk]

backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^NCProTray.lnk]

backup=C:\WINDOWS\pss\NCProTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^sound.exe]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Jogos^Menu Iniciar^Programas^Inicializar^Blaero Start Orb.lnk]

backup=C:\WINDOWS\pss\Blaero Start Orb.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Jogos^Menu Iniciar^Programas^Inicializar^Thoosje Sidebar.lnk]

backup=C:\WINDOWS\pss\Thoosje Sidebar.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Jogos^Menu Iniciar^Programas^Inicializar^WinFlip.lnk]

backup=C:\WINDOWS\pss\WinFlip.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iexplorers

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveIT Pro XT

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sound

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueTransparency

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--------- 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCWipeTM Startup]

--a------ 2008-02-08 04:35 545520 C:\Arquivos de programas\Jetico\BCWipe\BCWipeTM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2008-04-29 10:45 288576 C:\Arquivos de programas\DNA\btdna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]

--a------ 2003-12-01 11:44 507904 C:\Arquivos de programas\D-Link\DSL-210\CnxDslTb.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-13 19:21 1695232 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-05 10:30 98304 C:\Arquivos de programas\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]

--a------ 2008-04-17 14:51 1870592 C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-07-07 09:42 2156368 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-02-18 20:20 185896 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--------- 2006-11-02 23:32 204288 C:\Arquivos de programas\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r---c--- 2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Real\\RealPlayer\\realplay.exe"=

"C:\\Arquivos de programas\\DNA\\btdna.exe"=

"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\bmoworld\\BomberMan.exe"=

"C:\\WINDOWS\\system32\\mmc.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Arquivos de programas\\TVUPlayer\\TVUPlayer.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"25793:TCP"= 25793:TCP:DreamuleTCP

"4102:UDP"= 4102:UDP:DeamuleUDP

 

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-07-18 10:58]

R2 PSI_SVC_2;Protexis Licensing V2;c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]

S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-09-12 10:26]

S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-09-12 10:26]

S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-10-29 15:02]

S4 BCSWAP;BCSWAP;C:\WINDOWS\system32\drivers\BCSWAP.sys [2007-09-14 01:46]

.

Conte£do da pasta 'Tarefas Agendadas'

 

2008-06-20 C:\WINDOWS\Tasks\1-Click Maintenance.job

- C:\Arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe []

.

- - - - ORFAOS REMOVIDOS - - - -

 

HKLM-Run-sblkf - C:\WINDOWS\System32\sblkf.exe

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-06 09:33:16

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]

"ImagePath"=""

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

 

PROCESSOS: C:\WINDOWS\explorer.exe

-> ?:\WINDOWS\System32\CSCDLL.dll

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\Arquivos de programas\Sygate\SPF\Smc.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-08-06 9:34:34 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-06 12:34:30

ComboFix2.txt 2008-07-23 17:24:46

 

Pre-Run: 23 pasta(s) 49,582,419,968 bytes disponíveis

Post-Run: 25 pasta(s) 49,602,117,632 bytes dispon¡veis

 

306 --- E O F --- 2008-07-09 15:39:53

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito