Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

rehcarlos

[Resolvido!]  Analise de Log

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

rehcarlos    0

rehcarlos
Postado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:07:56, on 14/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\WinLogT.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Flavio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O1 - Hosts: antharas.ddns.com.br nProtect.lineage2.com

O1 - Hosts: antharas.ddns.com.br update.nProtect.com

O1 - Hosts: antharas.ddns.com.br update.nProtect.net

O1 - Hosts: antharas.ddns.com.br l2authd.lineage2.com

O1 - Hosts: antharas.ddns.com.br l2testauthd.lineage2.com

O1 - Hosts: antharas.ddns.com.br l2patcher.lineage2.com

O1 - Hosts: antharas.ddns.com.br nprotect.lineage2.net

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Utilitarios\AdobeReader\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [OCCAgent] C:\webchat\OCCAgent.exe

O4 - HKCU\..\Run: [ProvideSupportOperatorConsole[default]] "C:\webchat\PROVID~1.EXE" /profile default

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Arquivos de programas\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Arquivos de programas\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6\ICQ.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6\ICQ.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{51B16789-9DD6-4882-A8D1-5D985DA68DD2}: NameServer = 201.10.128.2 201.10.120.2

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE (file missing)

 

--

End of file - 7487 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Faça o download do HostsXpert

http://linhadefensiva.uol.com.br/dl/hoster

 

Abra o programa. Clique em Restore Microsoft's Hosts File. Clique em OK, feche o programa.

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado
Feito!

O resto esta tudo ok?

 

Calma amigo, Acesse o site Virus Total

 

Clique no botão arquivo e procure pelo arquivo abaixo.

 

C:\WINDOWS\WinLogT.exe <-

 

Feito isso, clique em Enviar Arquivo, na sua proxima resposta poste o resultado do arquivo junto com o novo log do hijackthis.

 

:thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

rehcarlos    0

rehcarlos
Postado
Calma amigo,

Desculpe, e por que vi em outros topicos que voce respondeu, e neles dava a entender que o cara deveria fazer tal coisa e depois voltar, na sua primeira resposta parecia que era para fazer apenas aquilo :blush:

-------------------------------------------

 

Arquivo WinLogT.exe recebido em 2008.09.09 20:04:27 (CET)

Andamento: terminado

Resultado: 1/36 (2.78%)

 

F-Secure - - Suspicious:W32/Malware!Gemini

 

-------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:41:55, on 14/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\WinLogT.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Flavio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Utilitarios\AdobeReader\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [OCCAgent] C:\webchat\OCCAgent.exe

O4 - HKCU\..\Run: [ProvideSupportOperatorConsole[default]] "C:\webchat\PROVID~1.EXE" /profile default

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Arquivos de programas\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Arquivos de programas\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6\ICQ.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6\ICQ.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{51B16789-9DD6-4882-A8D1-5D985DA68DD2}: NameServer = 201.10.128.2 201.10.120.2

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE (file missing)

 

--

End of file - 7156 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Baixe o Combofix e salve no seu desktop.

 

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

 

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

 

Para parar ou sair do ComboFix, tecle "2" e Enter.

 

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

Compartilhar este post

Link para o post
Compartilhar em outros sites

rehcarlos    0

rehcarlos
Postado

ComboFix:

 

ComboFix 08-09-14.01 - Flavio 2008-09-14 17:37:21.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.639 [GMT -3:00]

Executando de: C:\Documents and Settings\Flavio\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Flavio\Dados de aplicativos\inst.exe

C:\WINDOWS\system32\Cache

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-14 to 2008-09-14 ))))))))))))))))))))))))))))))))

.

 

2008-09-14 12:04 . 2008-09-14 13:41 <DIR> d-------- C:\HiJackThis

2008-09-14 11:59 . 2008-09-14 11:59 <DIR> d-------- C:\Arquivos de programas\Avira

2008-09-13 18:33 . 2008-09-13 18:34 <DIR> d-------- C:\Arquivos de programas\WinHTTrack

2008-09-13 16:39 . 2008-09-13 16:56 <DIR> d-------- C:\Arquivos de programas\Valve Hammer Editor

2008-09-10 14:14 . 2008-09-10 14:14 21,041 --a------ C:\Tamanhos Luvas.gif

2008-09-08 21:19 . 2008-09-08 21:19 <DIR> d-------- C:\Documents and Settings\Flavio\www.baixa.la

2008-09-07 00:26 . 2008-09-14 12:45 <DIR> d-------- C:\Besteiras

2008-09-05 13:18 . 2008-09-13 17:37 <DIR> d-------- C:\Seriados

2008-09-02 18:54 . 2008-09-13 22:18 <DIR> d-------- C:\Documents and Settings\Flavio\Dados de aplicativos\uTorrent

2008-09-02 18:54 . 2008-09-02 18:54 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-09-02 18:05 . 2008-09-02 18:05 4,892 --a------ C:\rkutgoogle.jpg

2008-09-01 19:07 . 2008-09-02 21:14 <DIR> d-------- C:\WireInTheBlood

2008-09-01 13:36 . 2008-09-01 13:36 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Thraex Software

2008-08-31 11:57 . 2008-09-01 13:36 200,457 --a------ C:\WINDOWS\ADDONS SITECS (NONSTEAM) Uninstaller.exe

2008-08-29 18:05 . 2008-09-14 11:45 <DIR> d-------- C:\Incomplete

2008-08-28 16:01 . 2008-08-28 16:01 268 --ah----- C:\sqmdata17.sqm

2008-08-28 16:01 . 2008-08-28 16:01 244 --ah----- C:\sqmnoopt17.sqm

2008-08-27 14:16 . 2008-08-27 14:16 18,956 --a------ C:\NovoSite3.jpg

2008-08-22 16:21 . 2008-08-22 16:21 <DIR> d-------- C:\Arquivos de programas\Microsoft Silverlight

2008-08-21 20:52 . 2008-08-21 20:52 61,465 --a------ C:\Novo2.gif

2008-08-21 16:20 . 2008-01-13 16:34 7,002 --a------ C:\high_ping_kicker.amxx

2008-08-21 16:20 . 2008-08-10 11:03 2,121 --a------ C:\plugins.ini

2008-08-21 16:20 . 2008-08-10 11:13 1,036 --a------ C:\users.ini

2008-08-19 22:48 . 2008-08-20 18:25 304,182 --a------ C:\Snap.bmp

2008-08-19 22:48 . 2008-08-20 18:25 152,064 --a------ C:\WINDOWS\snap.dat

2008-08-19 22:45 . 2008-08-19 22:45 <DIR> d-------- C:\WINDOWS\Setup2K

2008-08-19 22:45 . 2002-10-01 14:43 119,798 --a------ C:\WINDOWS\system32\drivers\spca561.sys

2008-08-19 22:45 . 2002-11-22 15:56 118,784 --a------ C:\WINDOWS\ShowBmp.exe

2008-08-19 22:45 . 2002-08-13 18:01 53,248 --a------ C:\WINDOWS\ap561.exe

2008-08-19 22:45 . 2002-08-13 18:01 14,385 --a------ C:\WINDOWS\Tw561a.ini

2008-08-19 22:45 . 2002-09-20 19:44 14,336 --a------ C:\WINDOWS\system32\dshow508.ax

2008-08-19 22:45 . 2002-08-13 18:01 7,431 --a------ C:\WINDOWS\Tw561a.src

2008-08-19 22:45 . 2002-03-19 14:11 81 --a------ C:\WINDOWS\Setup8a.ini

2008-08-19 22:15 . 2008-08-19 22:15 <DIR> d-------- C:\WINDOWS\CatRoot

2008-08-19 22:15 . 2008-08-19 22:15 <DIR> d-------- C:\Arquivos de programas\Vimicro

2008-08-19 22:15 . 2000-10-31 12:00 307,200 --a------ C:\WINDOWS\vidcap32.Exe

2008-08-19 22:15 . 2004-12-01 10:30 217,160 --a------ C:\WINDOWS\system32\VM31bPrp.Ax

2008-08-19 22:15 . 2004-12-10 10:07 94,208 --a------ C:\WINDOWS\VMCap.exe

2008-08-19 22:15 . 2004-12-01 09:54 93,632 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys

2008-08-19 22:15 . 2004-12-10 14:30 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll

2008-08-19 22:15 . 2004-12-09 15:41 57,344 --a------ C:\WINDOWS\StillCap.exe

2008-08-19 22:15 . 2003-08-07 15:19 49,152 --a------ C:\WINDOWS\amcap.exe

2008-08-19 22:15 . 2004-12-15 19:01 40,960 --a------ C:\WINDOWS\Vm_sti.exe

2008-08-19 21:57 . 2008-08-20 16:08 <DIR> d-------- C:\Documents and Settings\Flavio\Dados de aplicativos\skypePM

2008-08-19 21:57 . 2008-08-19 21:57 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-08-19 21:55 . 2008-08-27 18:14 <DIR> d-------- C:\Documents and Settings\Flavio\Dados de aplicativos\Skype

2008-08-19 21:55 . 2008-08-20 13:44 <DIR> d-------- C:\Arquivos de programas\Skype

2008-08-19 21:55 . 2008-08-19 21:55 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-08-19 21:54 . 2008-08-19 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-08-18 06:53 . 2008-08-18 06:56 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-08-17 21:43 . 2008-08-17 21:43 104,795 --a------ C:\NovoSite.gif

2008-08-17 21:31 . 2008-08-17 21:31 <DIR> d-------- C:\Documents and Settings\Photoshop\Configuraes locais

2008-08-17 21:29 . 2007-10-15 02:12 <DIR> d--h----- C:\Documents and Settings\Photoshop\Modelos

2008-08-17 21:29 . 2008-08-17 21:31 <DIR> d-------- C:\Documents and Settings\Photoshop\Meus documentos

2008-08-17 21:29 . 2007-10-14 21:40 <DIR> dr------- C:\Documents and Settings\Photoshop\Menu Iniciar

2008-08-17 21:29 . 2007-10-14 21:40 <DIR> d-------- C:\Documents and Settings\Photoshop\Favoritos

2008-08-17 21:29 . 2008-08-17 21:29 <DIR> dr-h----- C:\Documents and Settings\Photoshop\Dados de aplicativos

2008-08-17 21:29 . 2008-09-14 17:40 <DIR> d--h----- C:\Documents and Settings\Photoshop\Configurações locais

2008-08-17 21:29 . 2007-10-14 21:40 <DIR> d--h----- C:\Documents and Settings\Photoshop\Ambiente de rede

2008-08-17 21:29 . 2007-10-14 21:40 <DIR> d--h----- C:\Documents and Settings\Photoshop\Ambiente de impressão

2008-08-17 21:29 . 2008-08-17 21:31 <DIR> d-------- C:\Documents and Settings\Photoshop

2008-08-17 12:43 . 2008-08-17 12:44 <DIR> d-------- C:\Cd-d_5.0_by_Justin_gu

2008-08-17 12:43 . 2008-08-17 12:43 673,224 --a------ C:\Cd-d_5.0_by_Justin_gu.rar

2008-08-16 15:14 . 2008-09-14 17:37 <DIR> d--hs---- C:\WINDOWS\system32\Sys32

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-14 14:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-09-14 14:41 --------- d-----w C:\Arquivos de programas\LimeWire

2008-09-02 23:44 --------- d-----w C:\Arquivos de programas\Valve

2008-08-29 21:05 --------- d-----w C:\Documents and Settings\Flavio\Dados de aplicativos\LimeWire

2008-08-20 01:45 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-20 01:15 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-17 02:49 47,360 ----a-w C:\Documents and Settings\Flavio\Dados de aplicativos\pcouffin.sys

2008-08-17 02:49 --------- d-----w C:\Documents and Settings\Flavio\Dados de aplicativos\Vso

2008-08-17 02:49 --------- d-----w C:\Arquivos de programas\VSO

2008-08-17 02:48 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-08-11 22:44 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-08-11 22:05 --------- d-----w C:\Documents and Settings\Flavio\Dados de aplicativos\Apple Computer

2008-08-11 22:01 --------- d-----w C:\Arquivos de programas\QuickTime

2008-08-11 22:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-08-11 21:19 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2008-08-11 21:19 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-08-11 21:19 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared

2008-08-11 21:19 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-08-09 17:07 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-08-04 00:50 --------- d-----w C:\Arquivos de programas\Unity

2008-08-04 00:47 --------- d-----w C:\Arquivos de programas\CABAL Online (BRAZIL)

2008-08-02 02:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-07-29 17:53 --------- d-----w C:\Arquivos de programas\KAIZEN Games

2008-07-26 01:20 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2008-07-25 05:01 --------- d-----w C:\Documents and Settings\Flavio\Dados de aplicativos\FileZilla

2008-07-24 16:48 --------- d-----w C:\Arquivos de programas\MSECache

2008-07-21 19:25 --------- d-----w C:\Documents and Settings\Flavio\Dados de aplicativos\COWON

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-17 22:00 --------- d-----w C:\Documents and Settings\Flavio\Dados de aplicativos\mIRC

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:40 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2007-10-19 18:14 767,045 ----a-w C:\Arquivos de programas\classic.jar

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"Google Update"="C:\Documents and Settings\Flavio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"Adobe Reader Speed Launcher"="C:\Utilitarios\AdobeReader\Reader\Reader_sl.exe" [2007-05-11 40048]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-27 172032]

"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-12 49152]

"WinLogT"="C:\WINDOWS\WinLogT.exe" [2006-03-30 500224]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-08-11 185896]

"NICJ Agent"="C:\WINDOWS\system32\Sys32\NICJ.exe" [2008-08-17 486400]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]

"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 C:\WINDOWS\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-04-01 C:\WINDOWS\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

 

C:\Documents and Settings\Flavio\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 C:\Arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--a------ 2005-05-31 00:04 1415824 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Valve\\hlds.exe"=

"C:\\WINDOWS\\system32\\java.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\CABAL Online (BRAZIL)\\launcher\\update\\ESTdnheadless.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 1 (0x1)

 

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 13696]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-09 31232]

S2 PHPGeekUtil;PHPGeekUtil;c:\apache\APACHE.EXE [ ]

S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]

S3 XDva068;XDva068;C:\WINDOWS\system32\XDva068.sys [ ]

S3 XDva081;XDva081;C:\WINDOWS\system32\XDva081.sys [ ]

S3 XDva182;XDva182;C:\WINDOWS\system32\XDva182.sys [ ]

S3 XDva187;XDva187;C:\WINDOWS\system32\XDva187.sys [ ]

S3 XDva189;XDva189;C:\WINDOWS\system32\XDva189.sys [ ]

S3 XDva193;XDva193;C:\WINDOWS\system32\XDva193.sys [ ]

S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys [ ]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Titan#cdoffice]

\Shell\AutoRun\command - Z:\autorun.exe

 

*Newly Created Service* - ANTIVIRSCHEDULER

*Newly Created Service* - ANTIVIRSERVICE

*Newly Created Service* - AVGIO

*Newly Created Service* - AVGNTFLT

*Newly Created Service* - AVIPBB

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

.

- - - - ORFAOS REMOVIDOS - - - -

 

HKCU-Run-OCCAgent - C:\webchat\OCCAgent.exe

HKCU-Run-ProvideSupportOperatorConsole[default] - C:\webchat\PROVID~1.EXE

HKCU-Run-ares - C:\Arquivos de programas\Ares\Ares.exe

Notify-WgaLogon - (no file)

MSConfigStartUp-ICQ - C:\Arquivos de programas\ICQ6\ICQ.exe

 

 

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Flavio\Dados de aplicativos\Mozilla\Firefox\Profiles\sqi02ydl.default\

FF -: plugin - C:\Arquivos de programas\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - c:\Arquivos de programas\Microsoft Silverlight\2.0.30523.8\npctrl.dll

FF -: plugin - C:\Documents and Settings\Flavio\Configurações locais\Dados de aplicativos\Google\Update\1.2.131.11\npGoogleOneClick5.dll

FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF -: plugin - C:\Utilitarios\AdobeReader\Reader\browser\nppdf32.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-14 17:40:23

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-09-14 17:48:07

ComboFix-quarantined-files.txt 2008-09-14 20:47:22

 

Pre-Run: 29 pasta(s) 41,471,107,072 bytes disponíveis

Post-Run: 32 pasta(s) 41,603,387,392 bytes disponíveis

 

237 --- E O F --- 2008-09-10 01:53:33

 

HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:58:51, on 14/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Utilitarios\AdobeReader\Reader\Reader_sl.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\WinLogT.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Flavio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Utilitarios\AdobeReader\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iCQ] "C:\Arquivos de programas\ICQ6\ICQ.exe" silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Arquivos de programas\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Arquivos de programas\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6\ICQ.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6\ICQ.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{51B16789-9DD6-4882-A8D1-5D985DA68DD2}: NameServer = 201.10.128.2 201.10.120.2

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE (file missing)

 

--

End of file - 7101 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

Z:\autorun.exe

C:\WINDOWS\system32\ezsidmv.dat

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinLogT"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Titan#cdoffice]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

645i642ef2.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post

Link para o post
Compartilhar em outros sites

rehcarlos    0

rehcarlos
Postado

ComboFix:

 

ComboFix 08-09-14.01 - Flavio 2008-09-14 18:51:40.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.670 [GMT -3:00]

Executando de: C:\Documents and Settings\Flavio\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Flavio\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\ezsidmv.dat

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-14 to 2008-09-14 ))))))))))))))))))))))))))))))))

.

 

2008-09-14 12:04 . 2008-09-14 17:58 <DIR> d-------- C:\HiJackThis

2008-09-14 11:59 . 2008-09-14 11:59 <DIR> d-------- C:\Arquivos de programas\Avira

2008-09-13 18:33 . 2008-09-13 18:34 <DIR> d-------- C:\Arquivos de programas\WinHTTrack

2008-09-13 16:39 . 2008-09-13 16:56 <DIR> d-------- C:\Arquivos de programas\Valve Hammer Editor

2008-09-10 14:14 . 2008-09-10 14:14 21,041 --a------ C:\Tamanhos Luvas.gif

2008-09-08 21:19 . 2008-09-08 21:19 <DIR> d-------- C:\Documents and Settings\Flavio\www.baixa.la

2008-09-07 00:26 . 2008-09-14 12:45 <DIR> d-------- C:\Besteiras

2008-09-05 13:18 . 2008-09-13 17:37 <DIR> d-------- C:\Seriados

2008-09-02 18:54 . 2008-09-13 22:18 <DIR> d-------- C:\Documents and Settings\Flavio\Dados de aplicativos\uTorrent

2008-09-02 18:54 . 2008-09-02 18:54 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-09-02 18:05 . 2008-09-02 18:05 4,892 --a------ C:\rkutgoogle.jpg

2008-09-01 19:07 . 2008-09-02 21:14 <DIR> d-------- C:\WireInTheBlood

2008-09-01 13:36 . 2008-09-01 13:36 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Thraex Software

2008-08-31 11:57 . 2008-09-01 13:36 200,457 --a------ C:\WINDOWS\ADDONS SITECS (NONSTEAM) Uninstaller.exe

2008-08-29 18:05 . 2008-09-14 11:45 <DIR> d-------- C:\Incomplete

2008-08-28 16:01 . 2008-08-28 16:01 268 --ah----- C:\sqmdata17.sqm

2008-08-28 16:01 . 2008-08-28 16:01 244 --ah----- C:\sqmnoopt17.sqm

2008-08-27 14:16 . 2008-08-27 14:16 18,956 --a------ C:\NovoSite3.jpg

2008-08-22 16:21 . 2008-08-22 16:21 <DIR> d-------- C:\Arquivos de programas\Microsoft Silverlight

2008-08-21 20:52 . 2008-08-21 20:52 61,465 --a------ C:\Novo2.gif

2008-08-21 16:20 . 2008-01-13 16:34 7,002 --a------ C:\high_ping_kicker.amxx

2008-08-21 16:20 . 2008-08-10 11:03 2,121 --a------ C:\plugins.ini

2008-08-21 16:20 . 2008-08-10 11:13 1,036 --a------ C:\users.ini

2008-08-19 22:48 . 2008-08-20 18:25 304,182 --a------ C:\Snap.bmp

2008-08-19 22:48 . 2008-08-20 18:25 152,064 --a------ C:\WINDOWS\snap.dat

2008-08-19 22:45 . 2008-08-19 22:45 <DIR> d-------- C:\WINDOWS\Setup2K

2008-08-19 22:45 . 2002-10-01 14:43 119,798 --a------ C:\WINDOWS\system32\drivers\spca561.sys

2008-08-19 22:45 . 2002-11-22 15:56 118,784 --a------ C:\WINDOWS\ShowBmp.exe

2008-08-19 22:45 . 2002-08-13 18:01 53,248 --a------ C:\WINDOWS\ap561.exe

2008-08-19 22:45 . 2002-08-13 18:01 14,385 --a------ C:\WINDOWS\Tw561a.ini

2008-08-19 22:45 . 2002-09-20 19:44 14,336 --a------ C:\WINDOWS\system32\dshow508.ax

2008-08-19 22:45 . 2002-08-13 18:01 7,431 --a------ C:\WINDOWS\Tw561a.src

2008-08-19 22:45 . 2002-03-19 14:11 81 --a------ C:\WINDOWS\Setup8a.ini

2008-08-19 22:15 . 2008-08-19 22:15 <DIR> d-------- C:\WINDOWS\CatRoot

2008-08-19 22:15 . 2008-08-19 22:15 <DIR> d-------- C:\Arquivos de programas\Vimicro

2008-08-19 22:15 . 2000-10-31 12:00 307,200 --a------ C:\WINDOWS\vidcap32.Exe

2008-08-19 22:15 . 2004-12-01 10:30 217,160 --a------ C:\WINDOWS\system32\VM31bPrp.Ax

2008-08-19 22:15 . 2004-12-10 10:07 94,208 --a------ C:\WINDOWS\VMCap.exe

2008-08-19 22:15 . 2004-12-01 09:54 93,632 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys

2008-08-19 22:15 . 2004-12-10 14:30 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll

2008-08-19 22:15 . 2004-12-09 15:41 57,344 --a------ C:\WINDOWS\StillCap.exe

2008-08-19 22:15 . 2003-08-07 15:19 49,152 --a------ C:\WINDOWS\amcap.exe

2008-08-19 22:15 . 2004-12-15 19:01 40,960 --a------ C:\WINDOWS\Vm_sti.exe

2008-08-19 21:57 . 2008-08-20 16:08 <DIR> d-------- C:\Documents and Settings\Flavio\Dados de aplicativos\skypePM

2008-08-19 21:55 . 2008-08-27 18:14 <DIR> d-------- C:\Documents and Settings\Flavio\Dados de aplicativos\Skype

2008-08-19 21:55 . 2008-08-20 13:44 <DIR> d-------- C:\Arquivos de programas\Skype

2008-08-19 21:55 . 2008-08-19 21:55 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-08-19 21:54 . 2008-08-19 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-08-18 06:53 . 2008-08-18 06:56 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-08-17 21:43 . 2008-08-17 21:43 104,795 --a------ C:\NovoSite.gif

2008-08-17 21:31 . 2008-08-17 21:31 <DIR> d-------- C:\Documents and Settings\Photoshop\Configuraes locais

2008-08-17 21:29 . 2007-10-15 02:12 <DIR> d--h----- C:\Documents and Settings\Photoshop\Modelos

2008-08-17 21:29 . 2008-08-17 21:31 <DIR> d-------- C:\Documents and Settings\Photoshop\Meus documentos

2008-08-17 21:29 . 2007-10-14 21:40 <DIR> dr------- C:\Documents and Settings\Photoshop\Menu Iniciar

2008-08-17 21:29 . 2007-10-14 21:40 <DIR> d-------- C:\Documents and Settings\Photoshop\Favoritos

2008-08-17 21:29 . 2008-08-17 21:29 <DIR> dr-h----- C:\Documents and Settings\Photoshop\Dados de aplicativos

2008-08-17 21:29 . 2008-09-14 18:54 <DIR> d--h----- C:\Documents and Settings\Photoshop\Configurações locais

2008-08-17 21:29 . 2007-10-14 21:40 <DIR> d--h----- C:\Documents and Settings\Photoshop\Ambiente de rede

2008-08-17 21:29 . 2007-10-14 21:40 <DIR> d--h----- C:\Documents and Settings\Photoshop\Ambiente de impressão

2008-08-17 21:29 . 2008-08-17 21:31 <DIR> d-------- C:\Documents and Settings\Photoshop

2008-08-17 12:43 . 2008-08-17 12:44 <DIR> d-------- C:\Cd-d_5.0_by_Justin_gu

2008-08-17 12:43 . 2008-08-17 12:43 673,224 --a------ C:\Cd-d_5.0_by_Justin_gu.rar

2008-08-16 15:14 . 2008-09-14 18:51 <DIR> d--hs---- C:\WINDOWS\system32\Sys32

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-14 14:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-09-14 14:41 --------- d-----w C:\Arquivos de programas\LimeWire

2008-09-02 23:44 --------- d-----w C:\Arquivos de programas\Valve

2008-08-29 21:05 --------- d-----w C:\Documents and Settings\Flavio\Dados de aplicativos\LimeWire

2008-08-20 01:45 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-20 01:15 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-17 02:49 47,360 ----a-w C:\Documents and Settings\Flavio\Dados de aplicativos\pcouffin.sys

2008-08-17 02:49 --------- d-----w C:\Documents and Settings\Flavio\Dados de aplicativos\Vso

2008-08-17 02:49 --------- d-----w C:\Arquivos de programas\VSO

2008-08-17 02:48 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-08-11 22:44 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-08-11 22:05 --------- d-----w C:\Documents and Settings\Flavio\Dados de aplicativos\Apple Computer

2008-08-11 22:01 --------- d-----w C:\Arquivos de programas\QuickTime

2008-08-11 22:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-08-11 21:19 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2008-08-11 21:19 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-08-11 21:19 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared

2008-08-11 21:19 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-08-09 17:07 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-08-04 00:50 --------- d-----w C:\Arquivos de programas\Unity

2008-08-04 00:47 --------- d-----w C:\Arquivos de programas\CABAL Online (BRAZIL)

2008-08-02 02:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-07-29 17:53 --------- d-----w C:\Arquivos de programas\KAIZEN Games

2008-07-26 01:20 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2008-07-25 05:01 --------- d-----w C:\Documents and Settings\Flavio\Dados de aplicativos\FileZilla

2008-07-24 16:48 --------- d-----w C:\Arquivos de programas\MSECache

2008-07-21 19:25 --------- d-----w C:\Documents and Settings\Flavio\Dados de aplicativos\COWON

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-17 22:00 --------- d-----w C:\Documents and Settings\Flavio\Dados de aplicativos\mIRC

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:40 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2007-10-19 18:14 767,045 ----a-w C:\Arquivos de programas\classic.jar

.

 

((((((((((((((((((((((((((((( snapshot@2008-09-14_17.46.55.82 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-14 14:40:02 224,466 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin

+ 2008-09-14 20:54:26 224,470 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"Google Update"="C:\Documents and Settings\Flavio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"Adobe Reader Speed Launcher"="C:\Utilitarios\AdobeReader\Reader\Reader_sl.exe" [2007-05-11 40048]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-27 172032]

"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-12 49152]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-08-11 185896]

"NICJ Agent"="C:\WINDOWS\system32\Sys32\NICJ.exe" [2008-08-17 486400]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]

"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 C:\WINDOWS\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-04-01 C:\WINDOWS\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

 

C:\Documents and Settings\Flavio\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 C:\Arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--a------ 2005-05-31 00:04 1415824 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Valve\\hlds.exe"=

"C:\\WINDOWS\\system32\\java.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\CABAL Online (BRAZIL)\\launcher\\update\\ESTdnheadless.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 1 (0x1)

 

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 13696]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-09 31232]

S2 PHPGeekUtil;PHPGeekUtil;c:\apache\APACHE.EXE [ ]

S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]

S3 XDva068;XDva068;C:\WINDOWS\system32\XDva068.sys [ ]

S3 XDva081;XDva081;C:\WINDOWS\system32\XDva081.sys [ ]

S3 XDva182;XDva182;C:\WINDOWS\system32\XDva182.sys [ ]

S3 XDva187;XDva187;C:\WINDOWS\system32\XDva187.sys [ ]

S3 XDva189;XDva189;C:\WINDOWS\system32\XDva189.sys [ ]

S3 XDva193;XDva193;C:\WINDOWS\system32\XDva193.sys [ ]

S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys [ ]

 

*Newly Created Service* - SSMDRV

.

Conteúdo da pasta 'Tarefas Agendadas'

.

- - - - ORFAOS REMOVIDOS - - - -

 

HKCU-Run-ICQ - C:\Arquivos de programas\ICQ6\ICQ.exe

 

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-14 18:54:19

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-09-14 19:02:30

ComboFix-quarantined-files.txt 2008-09-14 22:01:55

ComboFix2.txt 2008-09-14 20:48:08

 

Pre-Run: 29 pasta(s) 41,817,436,160 bytes disponíveis

Post-Run: 31 pasta(s) 41,804,705,792 bytes disponíveis

 

218 --- E O F --- 2008-09-10 01:53:33

 

HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:12:02, on 14/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Utilitarios\AdobeReader\Reader\Reader_sl.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Flavio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Utilitarios\AdobeReader\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iCQ] "C:\Arquivos de programas\ICQ6\ICQ.exe" silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Arquivos de programas\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Arquivos de programas\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6\ICQ.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6\ICQ.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{51B16789-9DD6-4882-A8D1-5D985DA68DD2}: NameServer = 201.10.128.2 201.10.120.2

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE (file missing)

 

--

End of file - 7099 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Ok, o log estar limpo :)

 

- Digite no Executar combofix /u e clique em Ok e aguarde a remoção do combofix.

 

Visite o Windows Update e atualize o seu sistema, baixando o Service Pack 3

 

Ou, se preferir, baixe e instale o pacote completo (+- 300 Mb):

http://www.microsoft.com/downloads/details...splayLang=pt-br

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir Erros

 

• Faça o download do ATF-Cleaner

 

- Execute a Ferramenta ATF-Cleaner.exe. Marque a opção Select All e clique em Empty Selected. Aparecerá uma janela "Done Cleaning". Clique em OK e Exit.

 

- Desative e ative novamente a Restauração do Sistema

 

Leia o artigo Cuidados ao navegar na net para maiores informações sobre como evitar infecções.

 

:)

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

PROBLEMA RESOLVIDO

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito