Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Lia Sergia

[Resolvido!]  Micro Lento II (cont.)

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Lia Sergia    0

Lia Sergia
Postado

Como disse no outro tópico (http://forum.imasters.com.br/index.php?showtopic=297614), minha outra máquina foi infectada também.

 

O ComboFix removeu coisa pra caramba... :blink:

 

Aqui está o log:

 

 

ComboFix 08-07-31.06 - ddd 2008-08-07 8:29:47.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.300 [GMT -3:00]

Executando de: C:\Documents and Settings\ddd\Desktop\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\ddd\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll

C:\Documents and Settings\ddd\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-07 to 2008-08-07 ))))))))))))))))))))))))))))))))

.

 

2008-08-03 17:31 . 2008-08-03 17:31 <DIR> d-------- C:\Level Up! Games

2008-08-01 12:03 . 2008-08-01 12:03 244 --ah----- C:\sqmnoopt07.sqm

2008-08-01 12:03 . 2008-08-01 12:03 232 --ah----- C:\sqmdata07.sqm

2008-07-30 21:42 . 2008-07-30 21:42 <DIR> d-------- C:\HijackThis

2008-07-28 10:24 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl

2008-07-27 16:29 . 2008-07-27 16:29 <DIR> d-------- C:\Arquivos de programas\ArtMoney

2008-07-18 06:40 . 2008-07-18 06:40 268 --ah----- C:\sqmdata06.sqm

2008-07-18 06:40 . 2008-07-18 06:40 244 --ah----- C:\sqmnoopt06.sqm

2008-07-15 20:09 . 2008-07-25 16:26 <DIR> d-------- C:\Documents and Settings\ddd\Dados de aplicativos\skypePM

2008-07-15 20:09 . 2008-07-15 20:09 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-07-15 20:08 . 2008-07-25 16:38 <DIR> d-------- C:\Documents and Settings\ddd\Dados de aplicativos\Skype

2008-07-15 20:07 . 2008-07-15 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-07-15 20:07 . 2008-07-15 20:08 <DIR> d-------- C:\Arquivos de programas\Skype

2008-07-15 20:07 . 2008-07-15 20:07 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-07-14 23:52 . 2008-07-14 23:52 1,901 --a------ C:\WINDOWS\panose.bin

2008-07-11 09:28 . 2008-07-11 09:28 235 --a------ C:\WINDOWS\QTW.QTW

2008-07-08 20:20 . 2008-07-08 20:20 <DIR> d-------- C:\Arquivos de programas\HyCam2

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-07 11:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-07-29 02:27 --------- d-----w C:\Documents and Settings\ddd\Dados de aplicativos\uTorrent

2008-07-28 13:25 --------- d-----w C:\Arquivos de programas\Java

2008-07-28 13:18 --------- d-----w C:\Arquivos de programas\NCH Swift Sound

2008-07-25 00:04 --------- d-----w C:\Arquivos de programas\MuTotal

2008-07-04 23:43 --------- d-----w C:\Arquivos de programas\Montekuri

2008-07-03 23:38 0 ----a-w C:\Documents and Settings\ddd\jagex_runescape_preferences.dat

2008-06-23 17:51 --------- d-----w C:\Arquivos de programas\Marcos Velasco Security

2008-06-23 17:36 1,415,658 ----a-w C:\mvregclean55-br.zip

2008-06-23 17:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-05-25 18:15 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-01-23 01:02 119,551 ----a-w C:\Arquivos de programas\CHRONO.000

2008-01-23 01:01 8,192 ----a-w C:\Arquivos de programas\CHRONO.srm

2008-01-23 00:31 8,192 ----a-w C:\Arquivos de programas\F1EXHAUS.srm

2008-01-22 09:58 8,192 ----a-w C:\Arquivos de programas\FINALF.srm

2007-12-31 11:47 4,096 ----a-w C:\Arquivos de programas\Mega Man X 2 .srm

2007-12-07 14:42 4,096 ----a-w C:\Arquivos de programas\Mega Man X 3.srm

2007-12-03 00:22 123,219 ----a-w C:\Arquivos de programas\Mega Man X 3.000

2007-11-19 22:23 120,261 ----a-w C:\Arquivos de programas\GOOFTROP.000

2007-11-19 18:06 8,192 ----a-w C:\Arquivos de programas\SMETROID.srm

2007-11-18 09:39 87,941 ----a-w C:\Arquivos de programas\TOPGEAR2.000

2007-11-17 21:22 2,048 ----a-w C:\Arquivos de programas\FZERO.srm

2007-10-18 18:15 8,192 ----a-w C:\Arquivos de programas\FF.srm

2007-10-16 22:01 8,192 ----a-w C:\Arquivos de programas\FFMQ.srm

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

"ISUSPM Startup"="C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 05:03 221184]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2004-08-09 05:03 81920]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-05-25 15:14 1177368]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= "C:\ARQUIV~1\GBPLUGIN\gbieh.dll" [2008-04-15 09:37 378696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-04-15 09:37 378696 C:\ARQUIV~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 19:24 32768 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2006-12-15 03:23 75520 C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]

--a------ 2006-03-09 02:04 49152 C:\WINDOWS\system32\SiSPower.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2005-10-24 13:45 90112 C:\WINDOWS\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"E:\\Meus Documentos - Iolanda\\Emule\\emule.exe"=

"\\\\MICRO1\\DADOS (F)\\Dados\\Leno\\JOGOS\\Age 2\\age2_x1.exe"=

"\\\\MICRO1\\MDOC_-_CRIS\\Leno\\CS 1.6\\hltv.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"\\\\CRIS\\DADOS\\Leno\\JOGOS\\Age 2\\age2_x1.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Documents and Settings\\All Users\\Leno - videos\\Jogos\\The Duel\\theduel.exe"=

"C:\\Arquivos de programas\\SCOL\\scolsetup.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Web Server

 

S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-25 15:15]

S2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-05-25 15:14]

S2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-05-25 15:14]

S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-25 15:15]

S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]

S3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2004-08-04 01:04]

S3 XDva168;XDva168;C:\WINDOWS\system32\XDva168.sys []

S3 XDva186;XDva186;C:\WINDOWS\system32\XDva186.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{659fff5f-58d2-11dd-89d4-0050bfac87fc}]

\Shell\AutoRun\command - diskdrive.exe

\Shell\open\command - diskdrive.exe

 

*Newly Created Service* - CATCHME

.

- - - - ORFAOS REMOVIDOS - - - -

 

HKCU-Run-MSMSGS - C:\Arquivos de programas\Messenger\msmsgs.exe

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - (no file)

MSConfigStartUp-MSMSGS - C:\Arquivos de programas\Messenger\msmsgs.exe

 

 

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\ddd\Dados de aplicativos\Mozilla\Firefox\Profiles\dsklkpmk.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.uol.com.br/

FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_11\bin\NPJava11.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_11\bin\NPJava12.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_11\bin\NPJava13.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_11\bin\NPJava14.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_11\bin\NPJava32.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_11\bin\NPJPI150_11.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_11\bin\NPOJI610.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-07 08:32:55

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

**************************************************************************

.

Tempo para conclusão: 2008-08-07 8:37:28

ComboFix-quarantined-files.txt 2008-08-07 11:36:24

 

Pre-Run: 3,191,406,592 bytes disponíveis

Post-Run: 3,225,460,736 bytes disponíveis

 

165 --- E O F --- 2008-07-20 21:12:43

Compartilhar este post

Link para o post
Compartilhar em outros sites

Lia Sergia    0

Lia Sergia
Postado

Ah, sim... executei o ComboFix em modo seguro.

 

Aqui vai o do Hijack:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:49:17, on 7/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\CCleaner\ccleaner.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\ddd\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214241830609

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.atrativa.com.br/games/applets/g...mjolauncher.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_35.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4B57A3FB-E64D-445A-8FD4-373B2F444070}: NameServer = 200.165.132.154,200.165.132.148

O17 - HKLM\System\CCS\Services\Tcpip\..\{5811D2CD-D048-4C33-92D2-055DA2A79773}: NameServer = 200.165.132.154 200.165.132.148

O17 - HKLM\System\CCS\Services\Tcpip\..\{E6FB18CD-7021-4841-831A-CF5C505DA285}: NameServer = 200.222.0.34,200.223.0.84

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

 

--

End of file - 6967 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

Lia Sergia    0

Lia Sergia
Postado

Ah, sim. Reparei que esta máquina também estava sem o console de recuperação, e fiz o mesmo procedimento que indicaram pro outro. Baixei o SP2 e instalei em modo seguro, usando o ComboFix. Aqui o log:

 

 

ComboFix 08-07-31.06 - ddd 2008-08-07 9:16:36.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.296 [GMT -3:00]

Executando de: C:\Documents and Settings\ddd\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\ddd\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-07-07 to 2008-08-07 ))))))))))))))))))))))))))))))))

.

 

2008-08-03 17:31 . 2008-08-03 17:31 <DIR> d-------- C:\Level Up! Games

2008-08-01 12:03 . 2008-08-01 12:03 244 --ah----- C:\sqmnoopt07.sqm

2008-08-01 12:03 . 2008-08-01 12:03 232 --ah----- C:\sqmdata07.sqm

2008-07-30 21:42 . 2008-08-07 08:48 <DIR> d-------- C:\Hijack

2008-07-28 10:24 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl

2008-07-27 16:29 . 2008-07-27 16:29 <DIR> d-------- C:\Arquivos de programas\ArtMoney

2008-07-18 06:40 . 2008-07-18 06:40 268 --ah----- C:\sqmdata06.sqm

2008-07-18 06:40 . 2008-07-18 06:40 244 --ah----- C:\sqmnoopt06.sqm

2008-07-15 20:09 . 2008-07-25 16:26 <DIR> d-------- C:\Documents and Settings\ddd\Dados de aplicativos\skypePM

2008-07-15 20:09 . 2008-07-15 20:09 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-07-15 20:08 . 2008-07-25 16:38 <DIR> d-------- C:\Documents and Settings\ddd\Dados de aplicativos\Skype

2008-07-15 20:07 . 2008-07-15 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-07-15 20:07 . 2008-07-15 20:08 <DIR> d-------- C:\Arquivos de programas\Skype

2008-07-15 20:07 . 2008-07-15 20:07 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-07-14 23:52 . 2008-07-14 23:52 1,901 --a------ C:\WINDOWS\panose.bin

2008-07-11 09:28 . 2008-07-11 09:28 235 --a------ C:\WINDOWS\QTW.QTW

2008-07-08 20:20 . 2008-07-08 20:20 <DIR> d-------- C:\Arquivos de programas\HyCam2

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-07 12:10 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-07-29 02:27 --------- d-----w C:\Documents and Settings\ddd\Dados de aplicativos\uTorrent

2008-07-28 13:25 --------- d-----w C:\Arquivos de programas\Java

2008-07-28 13:18 --------- d-----w C:\Arquivos de programas\NCH Swift Sound

2008-07-25 00:04 --------- d-----w C:\Arquivos de programas\MuTotal

2008-07-04 23:43 --------- d-----w C:\Arquivos de programas\Montekuri

2008-07-03 23:38 0 ----a-w C:\Documents and Settings\ddd\jagex_runescape_preferences.dat

2008-06-23 17:51 --------- d-----w C:\Arquivos de programas\Marcos Velasco Security

2008-06-23 17:36 1,415,658 ----a-w C:\mvregclean55-br.zip

2008-06-23 17:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-05-25 18:15 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-01-23 01:02 119,551 ----a-w C:\Arquivos de programas\CHRONO.000

2008-01-23 01:01 8,192 ----a-w C:\Arquivos de programas\CHRONO.srm

2008-01-23 00:31 8,192 ----a-w C:\Arquivos de programas\F1EXHAUS.srm

2008-01-22 09:58 8,192 ----a-w C:\Arquivos de programas\FINALF.srm

2007-12-31 11:47 4,096 ----a-w C:\Arquivos de programas\Mega Man X 2 .srm

2007-12-07 14:42 4,096 ----a-w C:\Arquivos de programas\Mega Man X 3.srm

2007-12-03 00:22 123,219 ----a-w C:\Arquivos de programas\Mega Man X 3.000

2007-11-19 22:23 120,261 ----a-w C:\Arquivos de programas\GOOFTROP.000

2007-11-19 18:06 8,192 ----a-w C:\Arquivos de programas\SMETROID.srm

2007-11-18 09:39 87,941 ----a-w C:\Arquivos de programas\TOPGEAR2.000

2007-11-17 21:22 2,048 ----a-w C:\Arquivos de programas\FZERO.srm

2007-10-18 18:15 8,192 ----a-w C:\Arquivos de programas\FF.srm

2007-10-16 22:01 8,192 ----a-w C:\Arquivos de programas\FFMQ.srm

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

"ISUSPM Startup"="C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 05:03 221184]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2004-08-09 05:03 81920]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-05-25 15:14 1177368]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= "C:\ARQUIV~1\GBPLUGIN\gbieh.dll" [2008-04-15 09:37 378696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-04-15 09:37 378696 C:\ARQUIV~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 19:24 32768 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2006-12-15 03:23 75520 C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]

--a------ 2006-03-09 02:04 49152 C:\WINDOWS\system32\SiSPower.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2005-10-24 13:45 90112 C:\WINDOWS\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"E:\\Meus Documentos - Iolanda\\Emule\\emule.exe"=

"\\\\MICRO1\\DADOS (F)\\Dados\\Leno\\JOGOS\\Age 2\\age2_x1.exe"=

"\\\\MICRO1\\MDOC_-_CRIS\\Leno\\CS 1.6\\hltv.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"\\\\CRIS\\DADOS\\Leno\\JOGOS\\Age 2\\age2_x1.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Documents and Settings\\All Users\\Leno - videos\\Jogos\\The Duel\\theduel.exe"=

"C:\\Arquivos de programas\\SCOL\\scolsetup.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Web Server

 

S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-25 15:15]

S2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-05-25 15:14]

S2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-05-25 15:14]

S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-25 15:15]

S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]

S3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2004-08-04 01:04]

S3 XDva168;XDva168;C:\WINDOWS\system32\XDva168.sys []

S3 XDva186;XDva186;C:\WINDOWS\system32\XDva186.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{659fff5f-58d2-11dd-89d4-0050bfac87fc}]

\Shell\AutoRun\command - diskdrive.exe

\Shell\open\command - diskdrive.exe

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\ddd\Dados de aplicativos\Mozilla\Firefox\Profiles\dsklkpmk.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.uol.com.br/

FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_11\bin\NPJava11.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_11\bin\NPJava12.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_11\bin\NPJava13.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_11\bin\NPJava14.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_11\bin\NPJava32.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_11\bin\NPJPI150_11.dll

FF -: plugin - C:\Arquivos de programas\Java\jre1.5.0_11\bin\NPOJI610.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-07 09:19:00

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

**************************************************************************

.

Tempo para conclusão: 2008-08-07 9:24:13

ComboFix-quarantined-files.txt 2008-08-07 12:23:10

ComboFix2.txt 2008-08-07 11:37:29

 

Pre-Run: 3,206,193,152 bytes disponíveis

Post-Run: 3,178,192,896 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

163 --- E O F --- 2008-07-20 21:12:43

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Lia Sergia

 

O ComboFix removeu coisa pra caramba...

<!> Os ficheiros removidos,são legítimos!É mais um caso de falso positivo.

<!> Comunicarei o fato à RenatoMejias,para que envie à BleepingComputer,informações sobre o ocorrido.

<!> Se bem que,muitos desses ficheiros de proteção bancária,costumam causar slowness e travamentos.

<!> Devo esclarecer,que muitos problemas relacionados à lentidão,não são ocasionados por malwares.

------------------------

Ps: Recomendo que evite executar,voluntariamente,o ComboFix.

------------------------

<@> Vá a este Link,e baixe: < Malwarebytes >

 

< marcinsig.gif >

 

<@> Salve-o em Arquivos de Programa.

<@> Atualize o Malwarebytes!

<@> Escolha o escaneamento Completo! ( Full Scan )

<@> Desabilite programas de proteção,ao executar o malwarebytes.

 

<!> Para maiores detalhes,leia o Tutorial: < Link >

 

<@> Terminando,procure enviar os ficheiros detectados para a quarentena.

----------------------

<@> Poste,os relatórios:

 

<!> mbam.(..).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito