Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

fvo

[Resolvido!] Janelas cid:

Recommended Posts

Caros colegas...

 

Apos muita leituras não consegui me livrar desta praga conhecida como Cid: ou lop.com, por ultimo fiz a instalação do programa Combofix, rodei, parecia que havia resolvido mas voltou as janelas. abaixo segue o Log do combofix, favor me ajudar a limpar o pc...

 

ComboFix 08-08-11.01 - Usuario 2008-08-12 10:54:04.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1534 [GMT -3:00]

Executando de: D:\Temp\Programas diversos\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\_004335_.tmp.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-12 to 2008-08-12 ))))))))))))))))))))))))))))))))

.

 

2008-08-08 09:58 . 2008-08-08 09:58 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-08-08 09:55 . 2008-08-08 10:15 <DIR> d-------- C:\Recnet

2008-08-08 09:55 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

2008-08-08 09:55 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

2008-08-08 09:55 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

2008-08-08 09:55 . 2008-08-08 09:55 127 --a------ C:\WINDOWS\REC-NET.INI

2008-08-07 21:39 . 2008-08-07 21:39 <DIR> d-------- C:\Lei

2008-08-07 21:39 . 2008-07-10 03:17 284,032 --a------ C:\WINDOWS\system32\XceedZip.dll

2008-08-07 21:36 . 2008-07-10 03:17 327,168 --a------ C:\WINDOWS\IsUn0416.exe

2008-08-06 17:55 . 2008-08-06 17:55 <DIR> d-------- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-08-06 17:06 . 2008-08-06 17:06 2,428 --a------ C:\XMLCAND_VEREADOR13125PTSC81795.ZIP

2008-08-06 16:09 . 2008-08-06 16:09 <DIR> d-------- C:\Arquivos de programas\Justiça Eleitoral

2008-08-05 16:27 . 2005-09-22 15:01 379,904 --a------ C:\WINDOWS\system32\cnsselo.dll

2008-08-05 16:13 . 2008-08-05 16:52 <DIR> d-------- C:\Arquivos de programas\CAIXA

2008-08-05 16:13 . 2006-01-10 15:27 1,044,480 --a------ C:\WINDOWS\system32\ROBOEX32.DLL

2008-08-05 16:13 . 2000-04-03 23:00 130,560 --------- C:\WINDOWS\system32\ZipDll.dll

2008-08-05 16:13 . 2000-03-29 23:00 125,440 --------- C:\WINDOWS\system32\UnzDll.dll

2008-08-05 16:13 . 1999-01-27 19:01 48,640 --a------ C:\WINDOWS\system32\INETWH32.dll

2008-08-05 16:13 . 2005-08-25 14:36 28,672 --a------ C:\WINDOWS\system32\base64.dll

2008-08-05 10:49 . 2008-08-05 10:49 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-08-03 22:40 . 2008-08-03 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-08-03 22:40 . 2008-08-03 22:40 <DIR> d-------- C:\Arquivos de programas\DVD Shrink

2008-08-03 20:52 . 2008-08-03 20:52 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\CyberLink

2008-08-03 09:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-08-03 09:35 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-08-03 09:35 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-08-02 09:58 . 2008-08-02 09:58 <DIR> d-------- C:\Arquivos de programas\phone move locks

2008-08-02 09:52 . 2008-08-02 09:58 <DIR> d-------- C:\Documents and Settings\Usuario\Contacts

2008-08-02 09:46 . 2008-08-10 11:37 <DIR> d-------- C:\Arquivos de programas\Windows Live Toolbar

2008-08-02 09:45 . 2008-08-10 11:37 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-08-02 09:33 . 2008-08-09 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-02 09:33 . 2008-08-10 11:38 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-08-02 09:33 . 2008-08-02 09:44 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-08-02 09:29 . 2008-08-02 10:00 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\phone move locks

2008-08-02 09:29 . 2008-08-02 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lies shim upload curb

2008-07-30 22:09 . 2008-07-30 22:09 <DIR> d-------- C:\Arquivos de programas\EPSON

2008-07-30 16:00 . 2008-08-06 14:21 <DIR> d-------- C:\Abaco

2008-07-29 13:46 . 2008-08-12 10:43 <DIR> d-------- C:\VSCIBACK

2008-07-29 12:19 . 2008-07-29 13:49 <DIR> d-------- C:\SCI

2008-07-29 09:56 . 2008-07-29 09:56 <DIR> d-------- C:\Arquivos de programas\Google

2008-07-29 09:50 . 2008-07-29 10:44 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-07-29 09:22 . 2008-07-29 09:22 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\AdobeUM

2008-07-29 09:22 . 2008-07-29 09:22 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-07-29 08:28 . 2008-07-29 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-07-29 08:28 . 2008-07-29 08:28 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-07-14 16:01 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-07-14 16:01 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-07-14 16:01 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-07-14 16:01 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-07-14 16:01 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

2008-07-12 10:09 . 2008-07-12 10:09 <DIR> d-------- C:\Arquivos de programas\Motorola

2008-07-12 10:09 . 2006-11-22 06:35 982,272 -ra------ C:\WINDOWS\system32\drivers\smserial.sys

2008-07-12 10:09 . 2006-11-22 06:31 196,608 -ra------ C:\WINDOWS\system32\sm56co6a.dll

2008-07-12 10:09 . 2001-08-17 21:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys

2008-07-12 10:09 . 2001-08-17 21:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-05 13:23 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-06-20 17:48 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:34 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 14:29 315,392 ----a-w C:\WINDOWS\HideWin.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:20 15360]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

"Gram Trans"="C:\DOCUME~1\Usuario\DADOSD~1\PHONEM~1\DumbGlue.exe" [2008-08-02 09:58 519168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 02:55 98304]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 02:52 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 02:55 118784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"SMSERIAL"="C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 06:31 630784]

"upload curb default new"="C:\Documents and Settings\All Users\Dados de aplicativos\Lies shim upload curb\Live Two.exe" [2008-08-12 09:42 1364992]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 11:38 78008]

"SkyTel"="SkyTel.EXE" [2007-06-15 05:45 1826816 C:\WINDOWS\SkyTel.exe]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 05:08 16380416 C:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:20 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

"VIDC.FFDS"= ffdshow.ax

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 11:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 11:37]

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-08-12 C:\WINDOWS\Tasks\AA33611F91BD12AF.job

- c:\docume~1\usuario\dadosd~1\phonem~1\LONGLOAD32.exe [2008-08-02 10:00]

.

- - - - ORFAOS REMOVIDOS - - - -

 

HKCU-Run-msnmsgr - C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

 

.

------- Ccan Suplementar -------

.

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-12 10:55:07

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-08-12 10:55:37

ComboFix-quarantined-files.txt 2008-08-12 13:55:35

 

Pre-Run: 12 pasta(s) 68,670,840,832 bytes disponíveis

Post-Run: 15 pasta(s) 68,671,553,536 bytes disponíveis

 

141 --- E O F --- 2008-08-06 20:55:23

Compartilhar este post


Link para o post
Compartilhar em outros sites

segue log do hijack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:45:23, on 12/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [upload curb default new] C:\Documents and Settings\All Users\Dados de aplicativos\Lies shim upload curb\você global.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Gram Trans] C:\DOCUME~1\Usuario\DADOSD~1\PHONEM~1\DumbGlue.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 6071 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

◘ Faça o download do LopS&D.

◘ Salve-o no Disco Local-C!.

Instale o programa e clique em: LopSD.cmd

◘ Na janela que abrir,aperte o "p" >> Aperte Enter.

◘ Em outra janela,aperte a opção 2 >> Aperte Enter >> Aguarde!

◘ Terminando,salve e poste o relatório. ( C:\lopR.txt )

◘ Poste,também,HJT atualizado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

segue log do Lop:

 

 

--------------------\\ Lop S&D 4.2.2-7 XP / Vista

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 3 ]

[ USER : Usuario ] [ "C:\Lop SD" ] [ Selection : 2 ]

[ ter 12/08/2008 | 23:08:54 ] [ PC : USUARIO-5A8D9DB (Proc:x86)]

[ MAJ : 12-08-2008 | 17:58 ]

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

[ Arquivos/Ficheiros Hosts ]

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[06/11/2007 15:21] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[05/08/2008 10:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\avg8

[06/11/2007 15:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink

[31/12/2006 21:29] C:\DOCUME~1\ALLUSE~1\DADOSD~1\desktop.ini

[03/08/2008 22:40] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink

[29/07/2008 09:56] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[12/08/2008 11:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Lies shim upload curb

[09/08/2008 22:31] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[06/11/2007 15:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

[29/07/2008 08:52] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[11/06/2008 13:57] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[09/08/2008 22:29] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

 

[31/12/2006 21:29] C:\DOCUME~1\DEFAUL~1\DADOSD~1\desktop.ini

[06/01/2007 15:58] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[05/08/2008 10:22] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[05/08/2008 10:22] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

[29/07/2008 09:56] C:\DOCUME~1\Usuario\DADOSD~1\Adobe

[29/07/2008 09:22] C:\DOCUME~1\Usuario\DADOSD~1\AdobeUM

[03/08/2008 20:52] C:\DOCUME~1\Usuario\DADOSD~1\CyberLink

[31/12/2006 21:29] C:\DOCUME~1\Usuario\DADOSD~1\desktop.ini

[30/07/2008 13:44] C:\DOCUME~1\Usuario\DADOSD~1\Google

[06/01/2007 16:02] C:\DOCUME~1\Usuario\DADOSD~1\Identities

[06/01/2007 16:08] C:\DOCUME~1\Usuario\DADOSD~1\InstallShield

[29/07/2008 10:44] C:\DOCUME~1\Usuario\DADOSD~1\Macromedia

[02/08/2008 09:52] C:\DOCUME~1\Usuario\DADOSD~1\Microsoft

[12/08/2008 11:11] C:\DOCUME~1\Usuario\DADOSD~1\phone move locks

[14/07/2008 16:26] C:\DOCUME~1\Usuario\DADOSD~1\Real

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[12/08/2008 20:31][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 12:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[06/11/2007|15:21] C:\Arquivos de programas\Adobe

[06/11/2007|15:24] C:\Arquivos de programas\Ahead

[05/08/2008|10:49] C:\Arquivos de programas\Alwil Software

[12/08/2008|10:54] C:\Arquivos de programas\Arquivos comuns

[06/11/2007|16:15] C:\Arquivos de programas\ATI Technologies

[06/11/2007|18:04] C:\Arquivos de programas\BurnInTest

[05/08/2008|16:52] C:\Arquivos de programas\CAIXA

[06/01/2007|15:54] C:\Arquivos de programas\ComPlus Applications

[06/11/2007|15:25] C:\Arquivos de programas\CyberLink

[03/08/2008|22:40] C:\Arquivos de programas\DVD Shrink

[30/07/2008|22:09] C:\Arquivos de programas\EPSON

[06/01/2007|16:15] C:\Arquivos de programas\GIGABYTE

[29/07/2008|09:56] C:\Arquivos de programas\Google

[06/11/2007|15:22] C:\Arquivos de programas\Grisoft

[06/11/2007|16:15] C:\Arquivos de programas\InstallShield Installation Information

[06/01/2007|16:16] C:\Arquivos de programas\Intel

[14/07/2008|16:39] C:\Arquivos de programas\Internet Explorer

[06/08/2008|16:09] C:\Arquivos de programas\Justi‡a Eleitoral

[06/11/2007|15:23] C:\Arquivos de programas\K-Lite Codec Pack

[11/06/2008|12:54] C:\Arquivos de programas\Messenger

[06/08/2008|17:55] C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

[06/01/2007|15:58] C:\Arquivos de programas\microsoft frontpage

[06/11/2007|15:29] C:\Arquivos de programas\Microsoft Office

[06/11/2007|15:28] C:\Arquivos de programas\Microsoft Visual Studio

[06/11/2007|15:28] C:\Arquivos de programas\Microsoft Works

[06/11/2007|15:29] C:\Arquivos de programas\Microsoft.NET

[12/07/2008|10:09] C:\Arquivos de programas\Motorola

[11/06/2008|12:54] C:\Arquivos de programas\Movie Maker

[06/01/2007|15:54] C:\Arquivos de programas\MSN Gaming Zone

[11/06/2008|12:51] C:\Arquivos de programas\NetMeeting

[11/06/2008|12:51] C:\Arquivos de programas\Outlook Express

[12/08/2008|11:09] C:\Arquivos de programas\phone move locks

[08/08/2008|09:58] C:\Arquivos de programas\Programas RFB

[11/06/2008|11:36] C:\Arquivos de programas\Realtek

[06/01/2007|15:56] C:\Arquivos de programas\Servi‡os on-line

[29/07/2008|08:28] C:\Arquivos de programas\Spybot - Search & Destroy

[06/01/2007|16:02] C:\Arquivos de programas\Uninstall Information

[10/08/2008|11:38] C:\Arquivos de programas\Windows Live

[10/08/2008|11:37] C:\Arquivos de programas\Windows Live Toolbar

[11/06/2008|12:54] C:\Arquivos de programas\Windows Media Player

[11/06/2008|12:51] C:\Arquivos de programas\Windows NT

[06/01/2007|15:56] C:\Arquivos de programas\WindowsUpdate

[06/01/2007|15:58] C:\Arquivos de programas\xerox

[06/11/2007|15:25] C:\Arquivos de programas\XP Codec Pack

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[29/07/2008|09:22] C:\Arquivos de programas\Arquivos comuns\Adobe

[06/11/2007|15:24] C:\Arquivos de programas\Arquivos comuns\Ahead

[06/11/2007|15:28] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[06/01/2007|16:16] C:\Arquivos de programas\Arquivos comuns\InstallShield

[09/08/2008|22:31] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[06/01/2007|15:56] C:\Arquivos de programas\Arquivos comuns\MSSoap

[31/12/2006|21:30] C:\Arquivos de programas\Arquivos comuns\ODBC

[06/01/2007|15:56] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[31/12/2006|21:30] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[11/06/2008|12:51] C:\Arquivos de programas\Arquivos comuns\System

[02/08/2008|09:44] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

 

--------------------\\ Process

 

( 32 Processus )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-12 23:10:12

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[F:26][D:5]-> C:\DOCUME~1\Usuario\CONFIG~1\Temp

[F:47][D:0]-> C:\DOCUME~1\Usuario\Cookies

[F:2516][D:4]-> C:\DOCUME~1\Usuario\CONFIG~1\TEMPOR~1\content.IE5

 

--------------------\\ Verificação completa em 23:10:29,18

 

 

segue novo log do hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:13:31, on 12/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [upload curb default new] C:\Documents and Settings\All Users\Dados de aplicativos\Lies shim upload curb\você global.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Gram Trans] C:\DOCUME~1\Usuario\DADOSD~1\PHONEM~1\DumbGlue.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5957 bytes

 

caríssimo moderador apos este bom trabalho que está sendo feito para limpeza do pc, gostaria de formular algumas perguntas :

1- os programas usados combofix, hijackthis e LopS&D podem ser deletados ou deixar algum?

2- desconfio que peguei o cid baixando o msn plus, caso este problema volte poderei usar estes passos ou devo sempre postar o log?

grato

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gram Trans"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"upload curb default new"=-

"nwiz"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

645i642ef2.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

 

 

1- os programas usados combofix, hijackthis e LopS&D podem ser deletados ou deixar algum?

 

Podem ser todos deletados, mais so faça isso depois de terminados todos os procedimentos.

 

2- desconfio que peguei o cid baixando o msn plus, caso este problema volte poderei usar estes passos ou devo sempre postar o log?

 

Deve sempre, postar o log do hijackthis, na instalação do messenger plus live, não concorde com a instalaçãodo patrocinador.

 

:)

Compartilhar este post


Link para o post
Compartilhar em outros sites

segue os novos log's para sua analize.....

 

ComboFix 08-08-11.01 - Usuario 2008-08-13 11:52:03.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1573 [GMT -3:00]

Executando de: D:\Temp\Programas diversos\ComboFix.exe

Command switches used :: D:\Temp\Programas diversos\CFScript.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))))

.

 

2008-08-12 23:07 . 2008-08-12 23:10 <DIR> d-------- C:\Lop SD

2008-08-12 20:44 . 2008-08-12 23:13 <DIR> d-------- C:\Hijack

2008-08-12 11:09 . 2008-08-12 11:09 <DIR> d-------- C:\Arquivos de programas\phone move locks

2008-08-08 09:58 . 2008-08-08 09:58 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-08-08 09:55 . 2008-08-13 10:06 <DIR> d-------- C:\Recnet

2008-08-08 09:55 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

2008-08-08 09:55 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

2008-08-08 09:55 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

2008-08-08 09:55 . 2008-08-08 09:55 127 --a------ C:\WINDOWS\REC-NET.INI

2008-08-07 21:39 . 2008-08-07 21:39 <DIR> d-------- C:\Lei

2008-08-07 21:39 . 2008-07-10 03:17 284,032 --a------ C:\WINDOWS\system32\XceedZip.dll

2008-08-07 21:36 . 2008-07-10 03:17 327,168 --a------ C:\WINDOWS\IsUn0416.exe

2008-08-06 17:55 . 2008-08-06 17:55 <DIR> d-------- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-08-06 17:06 . 2008-08-06 17:06 2,428 --a------ C:\XMLCAND_VEREADOR13125PTSC81795.ZIP

2008-08-06 16:09 . 2008-08-06 16:09 <DIR> d-------- C:\Arquivos de programas\Justiça Eleitoral

2008-08-05 16:27 . 2005-09-22 15:01 379,904 --a------ C:\WINDOWS\system32\cnsselo.dll

2008-08-05 16:13 . 2008-08-05 16:52 <DIR> d-------- C:\Arquivos de programas\CAIXA

2008-08-05 16:13 . 2006-01-10 15:27 1,044,480 --a------ C:\WINDOWS\system32\ROBOEX32.DLL

2008-08-05 16:13 . 2000-04-03 23:00 130,560 --------- C:\WINDOWS\system32\ZipDll.dll

2008-08-05 16:13 . 2000-03-29 23:00 125,440 --------- C:\WINDOWS\system32\UnzDll.dll

2008-08-05 16:13 . 1999-01-27 19:01 48,640 --a------ C:\WINDOWS\system32\INETWH32.dll

2008-08-05 16:13 . 2005-08-25 14:36 28,672 --a------ C:\WINDOWS\system32\base64.dll

2008-08-05 10:49 . 2008-08-05 10:49 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-08-03 22:40 . 2008-08-03 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-08-03 22:40 . 2008-08-03 22:40 <DIR> d-------- C:\Arquivos de programas\DVD Shrink

2008-08-03 20:52 . 2008-08-03 20:52 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\CyberLink

2008-08-03 09:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-08-03 09:35 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-08-03 09:35 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-08-02 09:52 . 2008-08-02 09:58 <DIR> d-------- C:\Documents and Settings\Usuario\Contacts

2008-08-02 09:46 . 2008-08-10 11:37 <DIR> d-------- C:\Arquivos de programas\Windows Live Toolbar

2008-08-02 09:45 . 2008-08-10 11:37 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-08-02 09:33 . 2008-08-09 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-02 09:33 . 2008-08-10 11:38 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-08-02 09:33 . 2008-08-02 09:44 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-08-02 09:29 . 2008-08-12 11:11 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\phone move locks

2008-08-02 09:29 . 2008-08-12 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lies shim upload curb

2008-07-30 22:09 . 2008-07-30 22:09 <DIR> d-------- C:\Arquivos de programas\EPSON

2008-07-30 16:00 . 2008-08-06 14:21 <DIR> d-------- C:\Abaco

2008-07-29 13:46 . 2008-08-12 10:43 <DIR> d-------- C:\VSCIBACK

2008-07-29 12:19 . 2008-07-29 13:49 <DIR> d-------- C:\SCI

2008-07-29 09:56 . 2008-07-29 09:56 <DIR> d-------- C:\Arquivos de programas\Google

2008-07-29 09:50 . 2008-07-29 10:44 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-07-29 09:22 . 2008-07-29 09:22 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\AdobeUM

2008-07-29 09:22 . 2008-07-29 09:22 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-07-29 08:28 . 2008-07-29 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-07-29 08:28 . 2008-07-29 08:28 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-07-14 16:01 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-07-14 16:01 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-07-14 16:01 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-07-14 16:01 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-07-14 16:01 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-05 13:23 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-07-12 13:09 --------- d-----w C:\Arquivos de programas\Motorola

2008-06-20 17:48 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:34 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 14:29 315,392 ----a-w C:\WINDOWS\HideWin.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-08-12_10.55.25.96 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-08-13 12:41:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_534.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:20 15360]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 02:55 98304]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 02:52 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 02:55 118784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"SMSERIAL"="C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 06:31 630784]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 11:38 78008]

"SkyTel"="SkyTel.EXE" [2007-06-15 05:45 1826816 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 05:08 16380416 C:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:20 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

"VIDC.FFDS"= ffdshow.ax

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 11:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 11:37]

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-13 11:53:03

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-08-13 11:53:27

ComboFix-quarantined-files.txt 2008-08-13 14:53:25

ComboFix2.txt 2008-08-12 13:55:38

 

Pre-Run: 14 pasta(s) 68,631,961,600 bytes disponíveis

Post-Run: 17 pasta(s) 68,673,511,424 bytes disponíveis

 

124 --- E O F --- 2008-08-06 20:55:23

 

 

e....

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:55:15, on 13/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5636 bytes

 

Grato......

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o log estar limpo :)

 

- Digite no Executar combofix /u e clique em Ok e aguarde a remoção do combofix.

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir Erros

 

- Desative e ative novamente a Restauração do Sistema

 

Leia o artigo Cuidados ao navegar na net para maiores informações sobre como evitar infecções.

 

:)

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.