[Resolvido!]Análise de LOG :( [Hijackthis & ComboFix]

[MarcosMK 0]

A Velha História do Avast x Trojan x ComboFix cmsetac & ntdcstp.dll

 

Já Fiz todo o Processo de Desinstalar os Ant-vírus passei o ComboFix Mas não Funcionou...

Meu PC Apresenta Esses Sintomas: Toda Vez Que inicio o XP o Avast Detecta Esses Vírus ntdcstp.dll e cmsetac.dll

E por assim Vai preciso de Alguém que Saiba ler Esses Relatórios para ver se há Algum problema.E onde!?

 

Por Favor Me Ajudem Pois Ler o Relatório é uma Coisa que Não Sei fazer. :(

 

--------------------------COMBO FIX:

 

ComboFix 08-09-16.05 - MarcO 2008-09-18 19:38:36.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.85 [GMT -3:00]

Executando de: C:\Documents and Settings\MarcO\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\MarcO\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\WINDOWS\cmsetac.dll

C:\WINDOWS\KB8888239.log

C:\WINDOWS\ntdtcstp.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-18 to 2008-09-18 ))))))))))))))))))))))))))))))))

.

 

2008-09-18 19:41 . 2008-09-18 19:41 33,792 --a------ C:\WINDOWS\cmsetac.dll

2008-09-18 19:41 . 2008-09-18 19:41 7,168 --a------ C:\WINDOWS\ntdtcstp.dll

2008-09-18 19:37 . 2008-09-18 19:37 <DIR> d-------- C:\ComboFixo

2008-09-13 10:36 . 2008-09-17 06:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-09-13 10:36 . 2008-09-17 06:04 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-09-06 00:41 . 2008-09-17 06:28 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-09-06 00:41 . 2008-09-17 06:28 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-09-06 00:41 . 2008-09-17 06:28 <DIR> d-------- C:\Documents and Settings\MarcO\Configurações locais

2008-09-06 00:41 . 2008-09-17 06:28 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-08-28 21:41 . 2008-08-28 21:41 737,280 --a------ C:\WINDOWS\fotoupd.exe

2008-08-28 21:41 . 2008-08-28 21:41 737,280 --a------ C:\WINDOWS\foto.exe

2008-08-26 16:14 . 2008-09-08 23:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-18 22:11 --------- d-----w C:\Documents and Settings\MarcO\Dados de aplicativos\MegauploadToolbar

2008-09-07 04:29 --------- d-----w C:\Arquivos de programas\ZDaemon

2008-09-02 17:30 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-08-31 02:14 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-30 21:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-23 15:33 --------- d-----w C:\Arquivos de programas\eMule

1995-06-01 04:41 28,672 ----a-w C:\Documents and Settings\MarcO\AWEMAN32.DLL

.

 

------- Sigcheck -------

 

2008-04-13 23:21 509952 71d440f79b711627b12b567fb2eadb42 C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\winlogon.exe

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\winlogon.exe

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\VistaMizer\old\winlogon.exe

 

2005-03-02 15:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2007-02-28 13:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2004-08-04 00:55 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 13:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

2008-04-13 23:00 2070144 f84054bfd1d688b901ad907499879bbd C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntkrnlpa.exe

2004-08-04 00:55 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2gdr\ntkrnlpa.exe

2004-08-04 00:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2qfe\ntkrnlpa.exe

2007-02-28 13:02 2318592 5ba55b3d2a842e71b435da02bf3f996d C:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 13:02 2318592 5ba55b3d2a842e71b435da02bf3f996d C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2007-02-28 13:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

 

2005-03-02 15:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2007-02-28 13:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

2007-02-28 13:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

2008-04-13 23:01 2193280 185f6c64734019e7e9f626e53cc37fb4 C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2gdr\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2qfe\ntoskrnl.exe

2007-02-28 13:02 2441344 8d05273c2f698acdd9cf069b8bf0702d C:\WINDOWS\system32\ntoskrnl.exe

2007-02-28 13:02 2441344 8d05273c2f698acdd9cf069b8bf0702d C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-02-28 13:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

 

2007-06-13 10:21 1553920 ed75afd3b280a671873caaf7506ca979 C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2008-04-13 23:20 1035776 064ec7ff5f58b928c3e119402977fa6d C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\SoftwareDistribution\Download\d094751ab7cc9d40619043e81a5f79c0\backup\sp2gdr\explorer.exe

2007-06-13 10:21 1553920 ed75afd3b280a671873caaf7506ca979 C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 10:21 977408 e2af4bc9e7859fdbbe6626c2b648b6bc C:\WINDOWS\VistaMizer\old\explorer.exe

 

2008-04-13 23:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ctfmon.exe

2004-08-04 00:45 25088 a3f0971dbba9657034c303b39464ea5b C:\WINDOWS\system32\ctfmon.exe

2004-08-04 00:45 25088 a3f0971dbba9657034c303b39464ea5b C:\WINDOWS\system32\dllcache\ctfmon.exe

2004-08-04 00:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\VistaMizer\old\ctfmon.exe

.

((((((((((((((((((((((((((((( snapshot_2008-09-17_ 6.25.33.73 )))))))))))))))))))))))))))))))))))))))))

.

+ 2003-07-15 09:43:20 87,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL

+ 2003-07-15 09:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL

+ 2003-07-15 09:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\AW.DLL

+ 2003-07-15 06:14:28 350,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL

+ 2003-07-15 14:18:12 47,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE

+ 2003-07-26 05:57:20 75,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL

+ 2003-07-15 09:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL

+ 2003-07-15 09:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE

+ 2003-08-01 02:19:52 131,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL

+ 2003-08-13 13:34:38 10,073,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE

+ 2003-07-15 09:41:44 13,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE

+ 2003-08-03 21:56:16 1,146,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\FM20.DLL

+ 2003-07-24 10:01:40 1,949,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL

+ 2003-07-15 10:36:14 186,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL

+ 2003-07-15 09:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL

+ 2003-07-26 06:00:16 1,157,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL

+ 2003-07-26 06:14:50 799,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL

+ 2003-07-15 10:11:42 2,139,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE

+ 2003-07-15 01:57:44 87,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL

+ 2003-07-15 09:53:50 161,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\IETAG.DLL

+ 2003-07-24 09:32:32 121,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL

+ 2003-05-29 02:42:48 514,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\INTLNAME.DLL

+ 2003-06-19 04:31:44 758,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL

+ 2003-06-19 04:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL

+ 2003-06-19 04:31:48 17,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL

+ 2003-06-19 04:31:48 18,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL

+ 2003-06-19 04:31:46 35,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL

+ 2003-06-19 04:31:34 443,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL

+ 2003-05-29 02:42:50 342,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\METCONV.DLL

+ 2003-07-15 09:46:08 176,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL

+ 2003-07-15 01:58:04 230,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL

+ 2003-07-15 09:51:50 116,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL

+ 2002-12-18 06:08:50 359,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL

+ 2002-12-18 06:08:54 1,383,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL

+ 2003-07-15 09:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL

+ 2002-04-10 07:14:36 187,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL

+ 2003-07-15 09:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL

+ 2003-08-08 11:23:16 12,172,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSO.DLL

+ 2003-07-15 01:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL

+ 2003-07-15 06:14:18 106,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL

+ 2003-07-24 01:35:26 127,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL

+ 2003-07-15 09:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL

+ 2003-07-15 09:44:06 25,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL

+ 2003-07-15 09:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE

+ 2002-12-18 06:09:24 2,071,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL

+ 2003-07-11 13:15:48 16,951,880 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL

+ 2003-07-15 14:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL

+ 2003-07-15 01:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL

+ 2003-07-15 09:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL

+ 2003-07-15 09:53:20 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL

+ 2003-07-15 09:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL

+ 2003-07-15 09:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE

+ 2003-07-15 09:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL

+ 2003-06-19 04:31:24 1,033,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL

+ 2003-06-19 04:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL

+ 2003-06-20 03:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE

+ 2003-07-15 09:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL

+ 2003-07-15 10:02:14 627,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE

+ 2003-07-15 09:56:24 124,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE

+ 2003-07-24 09:40:00 482,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL

+ 2003-07-15 10:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL

+ 2003-07-15 09:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\NAME.DLL

+ 2003-07-15 09:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL

+ 2003-07-15 14:14:26 283,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OIS.EXE

+ 2003-07-15 14:14:26 828,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL

+ 2003-07-15 14:14:26 27,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL

+ 2003-07-15 14:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL

+ 2003-07-15 10:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL

+ 2003-07-15 09:41:56 24,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL

+ 2003-07-15 09:44:34 102,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL

+ 2003-08-10 10:06:42 7,522,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL

+ 2003-07-15 09:44:32 88,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL

+ 2003-07-15 09:45:18 196,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE

+ 2003-07-15 09:43:48 139,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL

+ 2003-07-15 09:43:18 64,056 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL

+ 2003-07-15 09:43:16 49,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL

+ 2003-08-02 02:09:04 8,086,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OWC11.DLL

+ 2003-07-30 23:40:40 6,133,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE

+ 2003-07-15 14:18:54 430,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL

+ 2003-07-15 14:18:44 93,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL

+ 2003-08-01 02:21:08 1,782,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE

+ 2003-07-15 09:42:26 37,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\RECALL.DLL

+ 2003-05-09 08:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL

+ 2003-07-15 09:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL

+ 2003-07-15 09:43:30 74,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\RM.DLL

+ 2003-07-21 22:46:38 390,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL

+ 2003-07-15 09:44:16 66,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL

+ 2003-07-15 01:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL

+ 2003-07-15 09:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE

+ 2003-08-03 21:52:32 2,808,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL

+ 2003-07-15 10:00:22 99,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL

+ 2003-07-04 02:19:36 2,502,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\VBE6.DLL

+ 2003-08-07 00:24:20 12,037,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE

- 2008-09-10 06:03:10 593,920 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-09-18 10:31:09 593,920 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-09-10 06:03:10 12,288 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-09-18 10:31:09 12,288 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-09-10 06:03:10 86,016 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-09-18 10:31:09 86,016 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2008-09-10 06:03:08 135,168 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-09-18 10:31:08 135,168 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-09-10 06:03:10 11,264 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-09-18 10:31:10 11,264 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-09-10 06:03:11 27,136 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-09-18 10:31:10 27,136 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-09-10 06:03:11 4,096 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-09-18 10:31:10 4,096 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-09-10 06:03:11 794,624 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-09-18 10:31:11 794,624 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-09-10 06:03:09 249,856 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-09-18 10:31:08 249,856 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-09-10 06:03:09 61,440 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-09-18 10:31:08 61,440 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-09-10 06:03:11 23,040 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-09-18 10:31:11 23,040 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-09-10 06:03:08 286,720 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-09-18 10:31:08 286,720 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-09-10 06:03:08 409,600 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-09-18 10:31:08 409,600 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2003-08-03 21:56:16 1,146,184 ----a-w C:\WINDOWS\system32\FM20.DLL

+ 2007-06-06 13:53:34 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL

+ 2007-03-22 22:17:04 35,440 ----a-w C:\WINDOWS\system32\FM20ENU.DLL

- 2003-08-18 14:47:42 41,616 ----a-w C:\WINDOWS\system32\FM20PTB.DLL

+ 2007-04-05 13:29:54 47,328 ----a-w C:\WINDOWS\system32\FM20PTB.DLL

- 2008-04-09 19:57:06 194,568 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-09-18 18:14:47 194,568 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2003-06-19 04:31:48 17,920 ----a-w C:\WINDOWS\system32\mdimon.dll

+ 2007-04-09 16:23:54 28,040 ----a-w C:\WINDOWS\system32\mdimon.dll

- 2003-06-19 04:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll

+ 2007-04-09 16:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll

- 2003-06-19 04:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll

+ 2007-04-09 16:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll

- 2003-06-19 04:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll

+ 2007-04-09 16:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll

- 2003-06-19 04:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll

+ 2007-04-09 16:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll

- 2003-06-19 04:31:48 18,944 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

+ 2007-04-09 16:23:54 28,552 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"mstwain32"="C:\WINDOWS\foto.exe" [2008-08-28 737280]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-01 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-01 118784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2008-01-15 37376]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"SoundMan"="SOUNDMAN.EXE" [2006-08-03 C:\WINDOWS\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 25088]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\ZDaemon\\zlauncher.exe"=

"C:\\Arquivos de programas\\ZDaemon\\zdaemon.exe"=

"C:\\Arquivos de programas\\Azureus\\Azureus.exe"=

"C:\\Arquivos de programas\\ZDaemon\\zserv32.exe"=

"C:\\Arquivos de programas\\ZDaemon\\zsl\\ZDSProtocol.exe"=

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bff493bf-dcb7-11dc-8b90-8ce4b62b7d76}]

\Shell\Auto\command - F:\boot.pif

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.pif

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2bf41070-b2b1-21d1-b5c1-0305f4055515}]

C:\windows\svcr.exe

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\MarcO\Dados de aplicativos\Mozilla\Firefox\Profiles\cdz5kme3.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT498395&SearchSource=3&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com.br

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-18 19:41:45

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

C:\WINDOWS\cmsetac.dll 33792 bytes executable

 

Varredura completada com sucesso

Ficheiros ocultos: 1

 

**************************************************************************

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-09-18 19:48:15 - Maquina reiniciou [MarcO]

ComboFix-quarantined-files.txt 2008-09-18 22:48:02

ComboFix2.txt 2008-09-17 09:27:21

ComboFix3.txt 2008-09-09 04:34:24

ComboFix4.txt 2008-09-06 03:41:35

 

Pre-Run: 610,127,872 bytes disponíveis

Post-Run: 603,996,160 bytes dispon¡veis

 

287 --- E O F --- 2008-09-18 10:33:47

 

 

 

 

 

 

--------------------------------HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 06:00:16, on 17/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\Arquivos de programas\ZDaemon\zlauncher.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\MarcO\Desktop\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [mstwain32] C:\WINDOWS\foto.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: IMVU.lnk = C:\Arquivos de programas\IMVU\IMVUClient.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MarcO\Menu Iniciar\Programas\IMVU\Run IMVU.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

 

 

 

Se Alguém puder Me Ajudar a Me livrar desses Malwares Dsd Já Muito Obrigado. :)

[DigRam 144]

Bom Dia! MarcosMK

 

<@> Vá em Iniciar --> Executar --> Digite: combofix.exe /u --> Clique: OK

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: ComboFix desinstalado!

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

-------------------------

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

-------------------------

<!> Baixe,novamente,o ComboFix.exe e execute-o!

<!> Terminando,poste: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[MarcosMK 0]

Olá DigRam! :)

 

Aqui Segue as Ordenadas.

 

--------------COMBO FIX:

 

ComboFix 08-09-19.06 - MarcO 2008-09-20 5:22:52.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.92 [GMT -3:00]

Executando de: C:\Documents and Settings\MarcO\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\cmsetac.dll

C:\WINDOWS\KB8888239.log

C:\WINDOWS\ntdtcstp.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-20 to 2008-09-20 ))))))))))))))))))))))))))))))))

.

 

2008-09-20 04:57 . 2008-09-20 05:16 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-09-13 10:36 . 2008-09-20 05:18 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-09-06 00:41 . 2008-09-18 19:48 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-09-06 00:41 . 2008-09-18 19:48 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-09-06 00:41 . 2008-09-18 19:48 <DIR> d-------- C:\Documents and Settings\MarcO\Configurações locais

2008-09-06 00:41 . 2008-09-18 19:48 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-08-28 21:41 . 2008-08-28 21:41 737,280 --a------ C:\WINDOWS\fotoupd.exe

2008-08-28 21:41 . 2008-08-28 21:41 737,280 --a------ C:\WINDOWS\foto.exe

2008-08-26 16:14 . 2008-09-08 23:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-20 08:27 7,168 ----a-w C:\WINDOWS\ntdtcstp.dll

2008-09-20 08:27 33,792 ----a-w C:\WINDOWS\cmsetac.dll

2008-09-20 08:04 --------- d-----w C:\Arquivos de programas\ZDaemon

2008-09-18 22:11 --------- d-----w C:\Documents and Settings\MarcO\Dados de aplicativos\MegauploadToolbar

2008-09-02 17:30 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-08-31 02:14 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-30 21:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-23 15:33 --------- d-----w C:\Arquivos de programas\eMule

1995-06-01 04:41 28,672 ----a-w C:\Documents and Settings\MarcO\AWEMAN32.DLL

.

 

------- Sigcheck -------

 

2008-04-13 23:21 509952 71d440f79b711627b12b567fb2eadb42 C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\winlogon.exe

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\winlogon.exe

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\VistaMizer\old\winlogon.exe

 

2005-03-02 15:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2007-02-28 13:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2004-08-04 00:55 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 13:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

2008-04-13 23:00 2070144 f84054bfd1d688b901ad907499879bbd C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntkrnlpa.exe

2004-08-04 00:55 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2gdr\ntkrnlpa.exe

2004-08-04 00:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2qfe\ntkrnlpa.exe

2007-02-28 13:02 2318592 5ba55b3d2a842e71b435da02bf3f996d C:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 13:02 2318592 5ba55b3d2a842e71b435da02bf3f996d C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2007-02-28 13:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

 

2005-03-02 15:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2007-02-28 13:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

2007-02-28 13:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

2008-04-13 23:01 2193280 185f6c64734019e7e9f626e53cc37fb4 C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2gdr\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2qfe\ntoskrnl.exe

2007-02-28 13:02 2441344 8d05273c2f698acdd9cf069b8bf0702d C:\WINDOWS\system32\ntoskrnl.exe

2007-02-28 13:02 2441344 8d05273c2f698acdd9cf069b8bf0702d C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-02-28 13:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

 

2007-06-13 10:21 1553920 ed75afd3b280a671873caaf7506ca979 C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2008-04-13 23:20 1035776 064ec7ff5f58b928c3e119402977fa6d C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\SoftwareDistribution\Download\d094751ab7cc9d40619043e81a5f79c0\backup\sp2gdr\explorer.exe

2007-06-13 10:21 1553920 ed75afd3b280a671873caaf7506ca979 C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 10:21 977408 e2af4bc9e7859fdbbe6626c2b648b6bc C:\WINDOWS\VistaMizer\old\explorer.exe

 

2008-04-13 23:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ctfmon.exe

2004-08-04 00:45 25088 a3f0971dbba9657034c303b39464ea5b C:\WINDOWS\system32\ctfmon.exe

2004-08-04 00:45 25088 a3f0971dbba9657034c303b39464ea5b C:\WINDOWS\system32\dllcache\ctfmon.exe

2004-08-04 00:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\VistaMizer\old\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"mstwain32"="C:\WINDOWS\foto.exe" [2008-08-28 737280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-01 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-01 118784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2008-01-15 37376]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"SoundMan"="SOUNDMAN.EXE" [2006-08-03 C:\WINDOWS\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 25088]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\ZDaemon\\zlauncher.exe"=

"C:\\Arquivos de programas\\ZDaemon\\zdaemon.exe"=

"C:\\Arquivos de programas\\Azureus\\Azureus.exe"=

"C:\\Arquivos de programas\\ZDaemon\\zserv32.exe"=

"C:\\Arquivos de programas\\ZDaemon\\zsl\\ZDSProtocol.exe"=

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bff493bf-dcb7-11dc-8b90-8ce4b62b7d76}]

\Shell\Auto\command - F:\boot.pif

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.pif

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2bf41070-b2b1-21d1-b5c1-0305f4055515}]

C:\windows\svcr.exe

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\MarcO\Dados de aplicativos\Mozilla\Firefox\Profiles\cdz5kme3.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT498395&SearchSource=3&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com.br

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-20 05:28:16

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

 

PROCESSOS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-09-20 5:31:47 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-09-20 08:31:40

 

Pre-Run: 1.045.639.168 bytes disponíveis

Post-Run: 1,033,814,016 bytes dispon¡veis

 

140 --- E O F --- 2008-09-20 06:23:56

 

 

 

 

------------Hijackthis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 05:33:24, on 20/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\foto.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\Documents and Settings\MarcO\Desktop\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [mstwain32] C:\WINDOWS\foto.exe

O4 - Startup: IMVU.lnk = C:\Arquivos de programas\IMVU\IMVUClient.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MarcO\Menu Iniciar\Programas\IMVU\Run IMVU.lnk

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

 

 

 

Muito Grato por estar me Ajudando,

Pois procurei ajuda no Google e logo Me deparei com o Forum e Suas Soluções.

 

Até mais...

[DigRam 144]

Bom Dia! MarcosMK

 

ComboFix 08-09-19.06 - MarcO 2008-09-20 5:22:52.5 - NTFSx86

<!> A ferramenta,ainda é a antiga é já teve 5 execuções. Mas...tudo bem! Mantenha,pelo menos,a proteção TeaTimer desabilitada.

-------------------------

 

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,ipods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\fotoupd.exe

C:\WINDOWS\foto.exe

C:\WINDOWS\ntdtcstp.dll

C:\windows\svcr.exe

F:\boot.pif

Folder::

C:\ComboFixo

Rootkit::

C:\WINDOWS\cmsetac.dll

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bff493bf-dcb7-11dc-8b90-8ce4b62b7d76}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2bf41070-b2b1-21d1-b5c1-0305f4055515}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mstwain32"=-

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[MarcosMK 0]

Olá Dig!

 

Tudo Feito na Ordem...

 

---------------COMBO FIX:

 

ComboFix 08-09-20.05 - MarcO 2008-09-21 8:01:57.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.88 [GMT -3:00]

Executando de: C:\Documents and Settings\MarcO\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\MarcO\Desktop\CFScript.txt.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

C:\WINDOWS\foto.exe

C:\WINDOWS\fotoupd.exe

C:\WINDOWS\ntdtcstp.dll

C:\windows\svcr.exe

F:\boot.pif

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\cmsetac.dll

C:\WINDOWS\foto.exe

C:\WINDOWS\fotoupd.exe

C:\WINDOWS\KB8888239.log

C:\WINDOWS\ntdtcstp.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-21 to 2008-09-21 ))))))))))))))))))))))))))))))))

.

 

2008-09-20 04:57 . 2008-09-20 05:16 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-09-13 10:36 . 2008-09-20 05:18 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-09-06 00:41 . 2008-09-20 05:31 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-09-06 00:41 . 2008-09-20 05:31 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-09-06 00:41 . 2008-09-20 05:31 <DIR> d-------- C:\Documents and Settings\MarcO\Configurações locais

2008-09-06 00:41 . 2008-09-20 05:31 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-08-26 16:14 . 2008-09-08 23:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-20 08:04 --------- d-----w C:\Arquivos de programas\ZDaemon

2008-09-18 22:11 --------- d-----w C:\Documents and Settings\MarcO\Dados de aplicativos\MegauploadToolbar

2008-09-02 17:30 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-08-31 02:14 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-30 21:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-23 15:33 --------- d-----w C:\Arquivos de programas\eMule

1995-06-01 04:41 28,672 ----a-w C:\Documents and Settings\MarcO\AWEMAN32.DLL

.

 

------- Sigcheck -------

 

2008-04-13 23:21 509952 71d440f79b711627b12b567fb2eadb42 C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\winlogon.exe

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\winlogon.exe

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\VistaMizer\old\winlogon.exe

 

2005-03-02 15:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2007-02-28 13:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2004-08-04 00:55 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 13:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

2008-04-13 23:00 2070144 f84054bfd1d688b901ad907499879bbd C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntkrnlpa.exe

2004-08-04 00:55 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2gdr\ntkrnlpa.exe

2004-08-04 00:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2qfe\ntkrnlpa.exe

2007-02-28 13:02 2318592 5ba55b3d2a842e71b435da02bf3f996d C:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 13:02 2318592 5ba55b3d2a842e71b435da02bf3f996d C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2007-02-28 13:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

 

2005-03-02 15:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2007-02-28 13:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

2007-02-28 13:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

2008-04-13 23:01 2193280 185f6c64734019e7e9f626e53cc37fb4 C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2gdr\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2qfe\ntoskrnl.exe

2007-02-28 13:02 2441344 8d05273c2f698acdd9cf069b8bf0702d C:\WINDOWS\system32\ntoskrnl.exe

2007-02-28 13:02 2441344 8d05273c2f698acdd9cf069b8bf0702d C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-02-28 13:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

 

2007-06-13 10:21 1553920 ed75afd3b280a671873caaf7506ca979 C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2008-04-13 23:20 1035776 064ec7ff5f58b928c3e119402977fa6d C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\SoftwareDistribution\Download\d094751ab7cc9d40619043e81a5f79c0\backup\sp2gdr\explorer.exe

2007-06-13 10:21 1553920 ed75afd3b280a671873caaf7506ca979 C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 10:21 977408 e2af4bc9e7859fdbbe6626c2b648b6bc C:\WINDOWS\VistaMizer\old\explorer.exe

 

2008-04-13 23:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ctfmon.exe

2004-08-04 00:45 25088 a3f0971dbba9657034c303b39464ea5b C:\WINDOWS\system32\ctfmon.exe

2004-08-04 00:45 25088 a3f0971dbba9657034c303b39464ea5b C:\WINDOWS\system32\dllcache\ctfmon.exe

2004-08-04 00:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\VistaMizer\old\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-01 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-01 118784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2008-01-15 37376]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"SoundMan"="SOUNDMAN.EXE" [2006-08-03 C:\WINDOWS\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 25088]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\ZDaemon\\zlauncher.exe"=

"C:\\Arquivos de programas\\ZDaemon\\zdaemon.exe"=

"C:\\Arquivos de programas\\Azureus\\Azureus.exe"=

"C:\\Arquivos de programas\\ZDaemon\\zserv32.exe"=

"C:\\Arquivos de programas\\ZDaemon\\zsl\\ZDSProtocol.exe"=

 

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-21 08:04:56

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

 

PROCESSOS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-09-21 8:10:05 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-09-21 11:09:52

ComboFix2.txt 2008-09-20 08:31:48

 

Pre-Run: 604.512.256 bytes disponíveis

Post-Run: 591,650,816 bytes dispon¡veis

 

133 --- E O F --- 2008-09-20 06:23:56

 

 

 

 

 

 

----------------HijackThis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 08:11:25, on 21/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\Documents and Settings\MarcO\Desktop\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - Startup: IMVU.lnk = C:\Arquivos de programas\IMVU\IMVUClient.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MarcO\Menu Iniciar\Programas\IMVU\Run IMVU.lnk

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

 

Obs:

Vi isso no outro post também,O Testo no Quote

É oque? Alguma Adição, ou Alguma parte retirada dos Logs?

 

Isso pra min é Grego pois não intendo nada..:)

 

Muito Obrigado...

[DigRam 144]

Bom Dia! MarcosMK

 

Vi isso no outro post também,O Testo no Quote

É oque? Alguma Adição, ou Alguma parte retirada dos Logs?

Isso pra min é Grego pois não intendo nada..

<!> É apenas um procedimento de remoção,por scripts,utilizando o ComboFix.

---------------------------

<@> Vá a este Link,e baixe:

 

< Malwarebytes >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Rápido!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens,detectados,para a quarentena.

<@> Para maiores detalhes: < Link >

-----------------------

<@> Poste,os relatórios: mbam-log-9-21-2008 (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[MarcosMK 0]

Olá DigRam!

 

Aqui Esta:

 

-----------MalWareBytes:

 

Malwarebytes' Anti-Malware 1.28

Versão do banco de dados: 1186

Windows 5.1.2600 Service Pack 2

 

21/9/2008 14:37:08

mbam-log-2008-09-21 (14-37-08).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 38810

Tempo decorrido: 2 minute(s), 43 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

 

---------HijackThis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:40:37, on 21/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\MarcO\Desktop\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - Startup: IMVU.lnk = C:\Arquivos de programas\IMVU\IMVUClient.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MarcO\Menu Iniciar\Programas\IMVU\Run IMVU.lnk

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

 

 

Ai esta o programa MalWareBytes não encontrou nada... :unsure:

 

Perguntas:

É Necessario eu ter o MalWareBytes sempre instalado no pc?

E Sobre o Avast!:

Sempre Que encontro um vírus Malicioso o mando para Quarentena e logo o Excluo,Esta Certo em Excluí-lo Rapidamente

Da minha Máquina ou tenho Que mantê-lo na quarentena por agum tempo e depois Excluí-lo?

 

Dsd Já Muito Obrigado

Estou Ancioso por boas Notícias,Tomare!...rsrs

[DigRam 144]

Boa Noite! MarcosMK

 

É Necessario eu ter o MalWareBytes sempre instalado no pc?

E Sobre o Avast!:

<!> Caso queira,pode manter o Malwarebytes no PC.

<!> Não há problemas,em relação ao Avast,que é um antivírus,e não há incompatibilidades.

 

Sempre Que encontro um vírus Malicioso o mando para Quarentena e logo o Excluo,Esta Certo em Excluí-lo Rapidamente

Da minha Máquina ou tenho Que mantê-lo na quarentena por agum tempo e depois Excluí-lo?

<!> Pode mante-lo,alguns dias,em quarentena e depois excluí-lo.

----------------------

<@> Vá em Iniciar --> Executar --> Digite: combofix.exe /u --> Clique: OK

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: ComboFix desinstalado!

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

----------------------

<@> Baixe: < CCleaner >

<@> Salve-o no Desktop!

<@> Com a opção < Limpador >,já selecionada,clique em Analisar.

<@> Aguarde o progresso!

<@> Terminando,clique em Executar Cleaner.

<@> Na janela que surgir,dê o Ok.

<@> Aguarde o progresso!

<@> Selecionando a opção Registro,clique em Procurar erros.

<@> Terminando,clique em Corrigir erros selecionados...

<@> Na pergunta,clique em Sim!

<@> Nomeie os backups e clique em Salvar.

<@> Na janela que aparecer,clique em: Corrigir todos os erros selecionados

<@> Clique em Ok --> Fechar.

<@> Para maiores detalhes,leia o Tutorial: < Link >

-----------------------

<!> O log está limpo!

<!> Tudo Ok?

 

Abraços!

[MarcosMK 0]

Olá DigRam!

 

Poxa,ficou bom sim o log esta tudo beleza!

Pois reinstalei o Avast! e não detectou mais aqueles trojans

finalmente o computador esta tinindo, Muito Bom mesmo...

O Senhor é crânio no assunto,Muito obrigado pela ajuda! ^_^

 

Muito Grato e tudo de bom!

 

Parabéns!!!:thumbsup:

 

Abraços!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.