[Arquivado] Analise de Log

[ric1000 0]

Sei que o problema esta

No filekan.exe

E no SockSa também

Mais gostaria de saber se existe mais algum problema com meu log

E não sei como deletar esses arquivos!

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 02:08 Ricardo, on 7/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\algsrv.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\DOCUME~1\Rick\CONFIG~1\Temp\Rar$EX00.047\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Arquivos de programas\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [ASocksrv] SocksA.exe

O4 - HKLM\..\Run: [RRT-Auto] C:\DOCUME~1\Rick\CONFIG~1\Temp\Rar$EX01.000\RRT.exe auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bSserver] FileKan.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215359564687

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[PedroN 1]

Faça o download do Kill Box

 

- Faça a descompactação do KillBox e reserve-o numa pasta ou em seu desktop;

 

- Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em negrito selecionando-a e clicando com o botão direito do mouse -> copiar...

 

C:\WINDOWS\system32\algsrv.exe

 

KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no . e responda Não à pergunta.

 

Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

 

1) Rode o hijackthis

2) Clique em Do a System Scan Only.

3) Marque as caixinhas abaixo na caixa cinza.

4) Ao final da seleção, clique em Fix Checked...

 

O4 - HKLM\..\Run: [ASocksrv] SocksA.exe

 

O4 - HKCU\..\Run: [bSserver] FileKan.exe

 

Reinicie o computador em modo normal, e na sua proxima resposta poste um novo log do hijackthis

[ric1000 0]

Prontinho amigo

Aqui está

Eu li na internet sobre aqueles virus...

Fiquei sabendo que eles são transmitidos via pendrive

Gostaria de saber se caso eu coloque um pendrive que os contenha.. eles vão voltar? ou o programa bloqueia?

Também gostaria de saber como limpar o meu pendrive deles.

Obrigado

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:48 Ricardo, on 7/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\DOCUME~1\Rick\CONFIG~1\Temp\Rar$EX00.812\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Arquivos de programas\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [RRT-Auto] C:\DOCUME~1\Rick\CONFIG~1\Temp\Rar$EX01.000\RRT.exe auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215359564687

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[PedroN 1]

Baixe o Combofix e salve no seu desktop.

 

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

 

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

 

Para parar ou sair do ComboFix, tecle "2" e Enter.

 

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

[ric1000 0]

Nossa

Ainda me liberou 3gb de HD *-*

Minhas pastas agora desocultam

O explorer não trava + na hora de abrir

Mas ainda não sei como retirar o virus do pendrive... e se eu colocar o pendrive no pc novamente, o virus ira voltar?

 

 

Log do ComboFix

 

ComboFix 08-09-05.04 - Rick 2008-09-07 20:35:42.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.545 [GMT -3:00]

Executando de: C:\Documents and Settings\Rick\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

C:\Documents and Settings\Rafaela\Cookies\rafaela@ad.adnetwork.com[1].txt

C:\Documents and Settings\Rafaela\Cookies\rafaela@vagalume.uol.com[1].txt

C:\Documents and Settings\Rafaela\Cookies\rafaela@web2.checkm8[1].txt

C:\Documents and Settings\Rick\Cookies\rick@ad.yieldmanager[1].txt

C:\Documents and Settings\Rick\Cookies\rick@isohunt[2].txt

C:\Documents and Settings\Rick\Cookies\rick@www.myheritage.com[1].txt

C:\WINDOWS\system32\filekan.exe

C:\WINDOWS\system32\msssc.dll

C:\WINDOWS\system32\socksa.exe

C:\WINDOWS\ufdata2000.log

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))

.

 

2008-09-09 16:11 . 2008-09-09 16:11 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-09-07 17:18 . 2008-09-07 17:18 <DIR> d-------- C:\Arquivos de programas\GameVicio

2008-09-07 17:08 . 2008-09-07 17:08 <DIR> d-------- C:\Arquivos de programas\Ubisoft

2008-09-07 17:06 . 2008-09-07 17:06 1,849,056 --a------ C:\csi3_dm[www.gamevicio.com.br].exe

2008-09-07 11:08 . 2008-09-07 11:09 2,363,924 --a------ C:\rzr-hmc.rar

2008-09-07 11:03 . 2008-09-07 11:04 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2008-09-07 02:52 . 2008-09-07 17:04 <DIR> d-------- C:\Documents and Settings\Rick\Dados de aplicativos\uTorrent

2008-09-07 02:52 . 2008-09-07 02:52 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-09-07 02:03 . 2008-09-07 10:40 <DIR> d-------- C:\!KillBox

2008-09-07 02:03 . 2008-09-07 02:03 93,696 --a------ C:\KillBox-Beta.exe

2008-09-07 01:50 . 2008-09-07 01:50 16,244 --a------ C:\WINDOWS\system32\rrt_is.wav

2008-09-07 01:50 . 2008-09-07 01:50 7,302 --a------ C:\WINDOWS\system32\rrt_vf.wav

2008-09-07 01:50 . 2008-09-07 01:50 7,148 --a------ C:\WINDOWS\system32\rrt_tv.wav

2008-09-07 01:50 . 2008-09-07 01:50 6,282 --a------ C:\WINDOWS\system32\rrt_tn.wav

2008-09-02 17:35 . 2007-07-30 19:19 1,712,984 --a------ C:\WINDOWS\system32\wuaueng.dll

2008-09-02 17:35 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll

2008-09-02 17:35 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll

2008-09-02 17:35 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl

2008-09-02 17:35 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll

2008-09-02 17:35 . 2007-07-30 19:19 92,504 --a------ C:\WINDOWS\system32\cdm.dll

2008-09-02 17:35 . 2007-07-30 19:19 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe

2008-09-02 17:35 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll

2008-09-02 17:35 . 2008-07-18 22:10 36,552 --a------ C:\WINDOWS\system32\wups.dll

2008-09-02 17:35 . 2008-07-18 22:10 36,552 --a--c--- C:\WINDOWS\system32\dllcache\wups.dll

2008-09-02 15:18 . 2004-08-03 21:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-08-30 12:23 . 2008-08-30 12:23 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2008-08-30 10:15 . 2008-08-30 10:15 <DIR> d-------- C:\WINDOWS\system32\QuickTime

2008-08-30 10:15 . 2008-08-30 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TechSmith

2008-08-30 10:15 . 2008-08-30 10:15 <DIR> d-------- C:\Arquivos de programas\TechSmith

2008-08-30 10:15 . 2008-08-30 10:15 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\TechSmith Shared

2008-08-30 10:15 . 2007-08-27 10:53 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll

2008-08-30 08:59 . 2008-08-30 10:19 <DIR> d-------- C:\Documents and Settings\Rick\Dados de aplicativos\Sony

2008-08-30 08:59 . 2008-08-31 23:44 <DIR> d-------- C:\Documents and Settings\Rick\Dados de aplicativos\Publish Providers

2008-08-30 08:59 . 2008-09-15 00:06 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-08-30 08:54 . 2008-08-30 08:54 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Sony

2008-08-30 08:54 . 2008-08-30 08:54 <DIR> d-------- C:\Arquivos de programas\Vstplugins

2008-08-30 08:53 . 2008-08-30 08:53 <DIR> d-------- C:\Arquivos de programas\Sony

2008-08-30 08:47 . 2008-08-30 08:47 <DIR> d-------- C:\Arquivos de programas\MSBuild

2008-08-30 08:41 . 2008-08-30 08:41 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-08-30 08:40 . 2008-08-30 08:40 <DIR> d-------- C:\Arquivos de programas\Reference Assemblies

2008-08-30 08:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-08-30 08:35 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-08-30 02:55 . 2008-08-30 02:55 <DIR> d-------- C:\Documents and Settings\Rick\Dados de aplicativos\Sony Setup

2008-08-30 02:54 . 2008-08-30 02:54 <DIR> d-------- C:\Arquivos de programas\Sony Setup

2008-08-30 02:46 . 2008-08-30 02:46 <DIR> d-------- C:\Documents and Settings\Rick\SystemRequirementsLab

2008-08-29 22:23 . 2008-08-29 22:23 49,152 ---hs---- C:\tel.xls.exe

2008-08-29 20:10 . 2008-08-29 20:10 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-08-29 16:50 . 2008-04-11 15:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-29 16:44 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-08-29 16:44 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-08-28 20:02 . 2008-08-30 02:54 <DIR> d-------- C:\Documents and Settings\Rick\Dados de aplicativos\LimeWire

2008-08-16 21:54 . 2003-03-21 06:10 23,296 -ra------ C:\WINDOWS\system32\drivers\CnxTrLan.sys

2008-08-16 21:53 . 2008-08-16 21:53 <DIR> d-------- C:\Arquivos de programas\ADSL USB Modem

2008-08-16 21:53 . 2003-03-26 06:46 2,404,857 -ra------ C:\WINDOWS\system32\drivers\CnxE2Fw.bin

2008-08-16 21:53 . 2008-09-07 11:03 524,288 --a------ C:\WINDOWS\system32\drivers\CnxE2FS.bin

2008-08-16 21:53 . 2003-03-21 06:10 50,560 -ra------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys

2008-08-16 21:53 . 2001-07-21 07:30 22,048 -ra------ C:\WINDOWS\system32\cocpyinf.dll

2008-08-16 21:51 . 2008-08-16 21:52 <DIR> d-------- C:\Arquivos de programas\Turbo

2008-08-10 23:39 . 2008-08-10 23:56 <DIR> d-------- C:\gamesX

2008-08-10 23:39 . 2008-08-10 23:39 <DIR> d-------- C:\Arquivos de programas\gamesX

2008-08-09 09:01 . 2008-08-08 21:00 <DIR> d-------- C:\Documents and Settings\Rafaela\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-08-09 09:01 . 2008-08-08 21:00 <DIR> d-------- C:\Documents and Settings\Rafaela\Dados de aplicativos\EmailNotifier

2008-08-08 17:16 . 2008-08-08 17:16 <DIR> d-------- C:\WINDOWS\Sun

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-06 03:11 --------- d-----w C:\Documents and Settings\Rafaela\Dados de aplicativos\LimeWire

2008-08-30 12:11 --------- d-----w C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

2008-08-30 03:45 --------- d-----w C:\Arquivos de programas\Valve

2008-08-28 23:01 --------- d-----w C:\Arquivos de programas\LimeWire

2008-08-27 01:32 --------- d-----w C:\Arquivos de programas\MeeSoft

2008-07-31 01:52 --------- d-----w C:\Arquivos de programas\DVDVideoSoft

2008-07-28 22:49 --------- d-----w C:\Arquivos de programas\SystemRequirementsLab

2008-07-25 22:21 --------- d-----w C:\Documents and Settings\Rafaela\Dados de aplicativos\Media Player Classic

2008-07-23 21:17 --------- d-----w C:\Documents and Settings\Rick\Dados de aplicativos\Skype

2008-07-23 18:22 --------- d-----w C:\Documents and Settings\Rick\Dados de aplicativos\skypePM

2008-07-22 23:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-07-22 23:34 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2008-07-22 23:34 --------- d-----r C:\Arquivos de programas\Skype

2008-07-22 22:49 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-15 19:56 --------- d-----w C:\Documents and Settings\Rick\Dados de aplicativos\teamspeak2

2008-07-15 19:49 --------- d-----w C:\Arquivos de programas\Google

2008-07-15 16:23 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-07-15 14:12 --------- d-----w C:\Arquivos de programas\Java

2008-07-15 14:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-07-14 21:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-14 15:29 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-07-14 14:45 --------- d-----w C:\Arquivos de programas\Microsoft Games

2008-07-14 14:28 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-07-14 13:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-07-14 11:36 --------- d-----w C:\Arquivos de programas\DAEMON Tools Lite

2008-07-14 11:33 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-07-14 11:33 --------- d-----w C:\Documents and Settings\Rick\Dados de aplicativos\DAEMON Tools

2008-07-11 21:42 --------- d-----w C:\Arquivos de programas\eMule

2008-07-11 21:41 --------- d-----w C:\Arquivos de programas\LimeWire(2)

2008-07-11 21:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java(2)

2008-07-08 16:22 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-03 14:07 646 ----a-w C:\setup.reg

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:40 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

.

 

------- Sigcheck -------

 

2007-03-08 12:36 578048 b5782ee6eafe3c218236f79f1a27b747 C:\WINDOWS\SoftwareDistribution\Download\97230336356bec55d07286344aba34f0\sp2gdr\user32.dll

2007-03-08 12:50 578560 f86d3e5c8fe13297e1c2d662f9e2d59d C:\WINDOWS\SoftwareDistribution\Download\97230336356bec55d07286344aba34f0\sp2qfe\user32.dll

2006-05-21 20:11 577536 3ed0a4d74efd5aaf8408095f452e2613 C:\WINDOWS\system32\user32.dll

 

2006-05-21 20:11 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\system32\spoolsv.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-20 68856]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"Media Codec Update Service"="C:\Arquivos de programas\Essentials Codec Pack\update.exe" [2007-04-08 303104]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]

"smapp"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]

"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7ac5ca5-5261-11dd-a0ee-0011d8648390}]

\shell\Setup\command - setup.exe

 

*Newly Created Service* - PROCEXP90

.

- - - - ORFAOS REMOVIDOS - - - -

 

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)

 

 

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Rick\Dados de aplicativos\Mozilla\Firefox\Profiles\ivzxn58r.default\

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-07 20:38:41

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-09-07 20:40:10

ComboFix-quarantined-files.txt 2008-09-07 23:40:06

 

Pre-Run: 5,874,536,448 bytes disponíveis

Post-Run: 8,337,805,312 bytes disponíveis

 

185

 

 

 

 

 

 

Log do HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 20:47 Ricardo, on 7/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Rick\CONFIG~1\Temp\Rar$EX09.187\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Arquivos de programas\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215359564687

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[PedroN 1]

Mas ainda não sei como retirar o virus do pendrive... e se eu colocar o pendrive no pc novamente, o virus ira voltar?

 

Sim, você terá que formata o seu pendrive para não ocorrer uma nova infecção.

 

1) Se tiver um Pendrive ou um drive de MP3 ou MP4, conecte no PC (se tiver mais de um, tem de conectar todos). Não os tire até completar todas as instruções.

 

Delete a pasta qoobox que está localizada em C:\, delete também o Log ComboFix.txt também localizado em C:\.

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\WINDOWS\system32\d3d9caps.dat

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7ac5ca5-5261-11dd-a0ee-0011d8648390}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

 

 

2) ◘ Baixe o PenClean e salve-o em seu desktop;

◘ Execute o programa;

◘ Conecte o seu pendrive ao computador;

◘ Selecione a opção Verificar todas as unidades e clique sobre o botão Verificar;

<<Aguarde alguns instantes, o exame é bem rápido>>

◘ Se algo for encontrado será solicitada a reinicialização da máquina. Clique sobre Sim. O computador será reiniciado;

◘ Um relatório sobre a execução será gerado e salvo em C:\PenClean\PenClean.txt.

◘ Poste o conteúdo do relatório em sua próxima resposta.

 

:)

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.