[Arquivado] Analizem meu log!

[Pedro the Hedgehog 0]

Por favor,analizem meu log eu não posso pegar virus neste PC dejeito nenhum!!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:18:45, on 02/11/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

 

Running processes:

D:\Windows\system32\Dwm.exe

D:\Windows\system32\taskeng.exe

D:\Windows\Explorer.EXE

D:\Program Files\Alwil Software\Avast4\ashDisp.exe

D:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

D:\Program Files\Windows Sidebar\sidebar.exe

D:\Program Files\Windows Live\Messenger\msnmsgr.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\PROGRA~1\Crawler\Toolbar\CToolbar.exe

D:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [MSConfig] "D:\Windows\system32\MSconfig.exe" /auto

O4 - HKCU\..\Run: [sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F35837E3-AEA0-4DA9-B8C4-71AA19DAF05F}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - D:\Windows\System32\DreamScene.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

 

--

End of file - 3604 bytes

[jgarcia 1]

Opa Pedro the Hedgehog,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em D:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Abraços.

[Pedro the Hedgehog 0]

Log do ComboFix:

 

ComboFix 08-11-03.06 - Pedro the Hedgehog 2008-11-04 12:39:45.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1046.18.523 [GMT -2:00]

Executando de: d:\users\Pedro the Hedgehog\Downloads\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-04 to 2008-11-04 ))))))))))))))))))))))))))))

.

 

2008-11-02 18:17 . 2008-11-02 18:18 <DIR> d-------- D:\Hijack

2008-11-02 17:34 . 2008-11-02 17:34 <DIR> d-------- d:\users\Pedro the Hedgehog\AppData\Roaming\GlarySoft

2008-11-02 17:17 . 2008-11-02 17:17 <DIR> d-------- d:\program files\Glary Utilities

2008-11-02 14:04 . 2008-11-02 14:04 <DIR> d-------- d:\program files\WinPcap

2008-11-01 14:06 . 2008-11-01 14:06 4,247,552 --a------ d:\windows\System32\GameUXLegacyGDFs.dll

2008-11-01 14:06 . 2008-11-01 14:06 1,686,528 --a------ d:\windows\System32\gameux.dll

2008-11-01 14:06 . 2008-11-01 14:06 28,160 --a------ d:\windows\System32\Apphlpdm.dll

2008-11-01 14:01 . 2008-11-01 14:01 802,816 --a------ d:\windows\System32\drivers\tcpip.sys

2008-11-01 14:01 . 2008-11-01 14:01 216,760 --a------ d:\windows\System32\drivers\netio.sys

2008-11-01 14:01 . 2008-11-01 14:01 167,424 --a------ d:\windows\System32\tcpipcfg.dll

2008-11-01 14:01 . 2008-11-01 14:01 24,064 --a------ d:\windows\System32\netcfg.exe

2008-11-01 14:01 . 2008-11-01 14:01 22,016 --a------ d:\windows\System32\netiougc.exe

2008-11-01 14:00 . 2008-11-01 14:00 1,060,920 --a------ d:\windows\System32\drivers\ntfs.sys

2008-11-01 14:00 . 2008-11-01 14:00 41,984 --a------ d:\windows\System32\drivers\monitor.sys

2008-11-01 13:58 . 2008-11-01 13:58 1,152,000 --a------ d:\windows\System32\themecpl.dll

2008-11-01 13:58 . 2008-11-01 13:58 268,288 --a------ d:\windows\System32\mcbuilder.exe

2008-11-01 13:58 . 2008-11-01 13:58 233,888 --a------ d:\windows\System32\DreamScene.dll

2008-11-01 13:58 . 2008-11-01 13:58 165,888 --a------ d:\windows\System32\lpksetup.exe

2008-11-01 13:58 . 2008-11-01 13:58 25,600 --a------ d:\windows\System32\LangCleanupSysprepAction.dll

2008-11-01 13:58 . 2008-11-01 13:58 23,552 --a------ d:\windows\System32\lpremove.exe

2008-11-01 13:58 . 2008-11-01 13:58 10,240 --a------ d:\windows\System32\MUILanguageCleanup.dll

2008-11-01 13:56 . 2008-11-01 13:56 2,048 --a------ d:\windows\System32\tzres.dll

2008-11-01 13:54 . 2008-11-01 13:54 8,147,968 --a------ d:\windows\System32\wmploc.DLL

2008-11-01 13:54 . 2008-11-01 13:54 356,864 --a------ d:\windows\System32\MediaMetadataHandler.dll

2008-11-01 13:54 . 2008-11-01 13:54 7,680 --a------ d:\windows\System32\spwmp.dll

2008-11-01 13:54 . 2008-11-01 13:54 4,096 --a------ d:\windows\System32\msdxm.ocx

2008-11-01 13:54 . 2008-11-01 13:54 4,096 --a------ d:\windows\System32\dxmasf.dll

2008-11-01 13:53 . 2008-11-01 13:53 104,448 --a------ d:\windows\System32\DWWIN.EXE

2008-11-01 13:52 . 2008-11-01 13:52 1,191,936 --a------ d:\windows\System32\msxml3.dll

2008-11-01 13:52 . 2008-11-01 13:52 2,048 --a------ d:\windows\System32\msxml3r.dll

2008-11-01 13:51 . 2008-11-01 13:51 224,768 --a------ d:\windows\System32\drivers\usbport.sys

2008-11-01 13:51 . 2008-11-01 13:51 192,000 --a------ d:\windows\System32\drivers\usbhub.sys

2008-11-01 13:51 . 2008-11-01 13:51 38,400 --a------ d:\windows\System32\drivers\usbehci.sys

2008-11-01 13:51 . 2008-11-01 13:51 23,040 --a------ d:\windows\System32\drivers\usbuhci.sys

2008-11-01 13:51 . 2008-11-01 13:51 8,704 --a------ d:\windows\System32\hcrstco.dll

2008-11-01 13:51 . 2008-11-01 13:51 8,704 --a------ d:\windows\System32\hccoin.dll

2008-11-01 13:51 . 2008-11-01 13:51 5,888 --a------ d:\windows\System32\drivers\usbd.sys

2008-11-01 13:48 . 2008-11-01 13:48 290,304 --a------ d:\windows\System32\drivers\srv.sys

2008-11-01 13:47 . 2008-11-01 13:47 441,856 --a------ d:\windows\System32\win32spl.dll

2008-11-01 13:47 . 2008-11-01 13:47 37,376 --a------ d:\windows\System32\printcom.dll

2008-11-01 13:46 . 2008-11-01 13:46 113,664 --a------ d:\windows\System32\drivers\rmcast.sys

2008-11-01 13:46 . 2008-11-01 13:46 14,848 --a------ d:\windows\System32\wshrm.dll

2008-11-01 13:45 . 2008-11-01 13:45 788,992 --a------ d:\windows\System32\rpcrt4.dll

2008-11-01 13:44 . 2008-11-01 13:44 152,576 --a------ d:\windows\System32\imagehlp.dll

2008-11-01 13:44 . 2008-11-01 13:44 12,800 --a------ d:\windows\System32\drivers\fs_rec.sys

2008-11-01 13:44 . 2008-11-01 13:44 5,120 --a------ d:\windows\System32\wmi.dll

2008-11-01 13:43 . 2008-11-01 13:43 1,327,104 --a------ d:\windows\System32\quartz.dll

2008-11-01 13:42 . 2008-11-01 13:42 974,336 --a------ d:\windows\System32\crypt32.dll

2008-11-01 13:34 . 2008-11-01 13:34 3,505,208 --a------ d:\windows\System32\ntkrnlpa.exe

2008-11-01 13:34 . 2008-11-01 13:34 3,470,904 --a------ d:\windows\System32\ntoskrnl.exe

2008-11-01 13:31 . 2008-11-01 13:31 750,080 --a------ d:\windows\System32\qmgr.dll

2008-10-31 20:11 . 2008-10-31 20:11 694,784 --a------ d:\windows\System32\localspl.dll

2008-10-31 19:18 . 2008-10-31 19:18 <DIR> d-------- D:\perflogs

2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- d:\program files\Crawler

2008-10-30 18:30 . 2008-11-04 12:29 <DIR> d-------- d:\users\Pedro the Hedgehog\AppData\Roaming\Spyware Terminator

2008-10-30 18:30 . 2008-11-01 12:11 <DIR> d-------- d:\users\All Users\Spyware Terminator

2008-10-30 18:30 . 2008-11-01 12:11 <DIR> d-------- d:\programdata\Spyware Terminator

2008-10-30 18:30 . 2008-10-30 18:34 <DIR> d-------- d:\program files\Spyware Terminator

2008-10-30 18:30 . 2008-10-30 18:30 141,312 --a------ d:\windows\System32\drivers\sp_rsdrv2.sys

2008-10-30 13:54 . 2008-10-30 13:54 <DIR> d-------- d:\program files\Alwil Software

2008-10-30 13:54 . 2003-03-18 19:20 1,060,864 --a------ d:\windows\System32\MFC71.dll

2008-10-30 13:54 . 2003-03-18 18:14 499,712 --a------ d:\windows\System32\MSVCP71.dll

2008-10-30 13:54 . 2003-02-21 03:42 348,160 --a------ d:\windows\System32\MSVCR71.dll

2008-10-30 13:54 . 2008-07-19 12:36 51,280 --a------ d:\windows\System32\drivers\aswMonFlt.sys

2008-10-30 13:33 . 2008-10-30 13:33 <DIR> d-------- d:\windows\PCHEALTH

2008-10-30 13:32 . 2008-10-30 22:28 <DIR> d-------- D:\crack vista

2008-10-30 13:28 . 2008-11-01 11:31 <DIR> dr------- d:\users\Pedro the Hedgehog\Searches

2008-10-30 13:28 . 2008-10-30 13:38 <DIR> dr------- d:\users\Pedro the Hedgehog\Contacts

2008-10-30 13:27 . 2008-10-30 13:28 <DIR> dr------- d:\users\Pedro the Hedgehog\Videos

2008-10-30 13:27 . 2008-10-30 13:50 <DIR> dr------- d:\users\Pedro the Hedgehog\Saved Games

2008-10-30 13:27 . 2008-10-30 13:28 <DIR> dr------- d:\users\Pedro the Hedgehog\Pictures

2008-10-30 13:27 . 2008-10-30 13:28 <DIR> dr------- d:\users\Pedro the Hedgehog\Music

2008-10-30 13:27 . 2008-11-01 11:31 <DIR> dr------- d:\users\Pedro the Hedgehog\Links

2008-10-30 13:27 . 2008-11-04 12:37 <DIR> dr------- d:\users\Pedro the Hedgehog\Downloads

2008-10-30 13:27 . 2008-11-02 17:19 <DIR> dr------- d:\users\Pedro the Hedgehog\Documents

2008-10-30 13:27 . 2006-11-02 10:35 <DIR> d-------- d:\users\Pedro the Hedgehog\AppData\Roaming\Media Center Programs

2008-10-30 13:27 . 2008-10-30 13:28 <DIR> d--h----- d:\users\Pedro the Hedgehog\AppData

2008-10-30 13:27 . 2008-11-01 13:59 <DIR> d-------- d:\users\Pedro the Hedgehog

2008-10-30 13:20 . 2008-10-30 13:20 <DIR> dr------- d:\windows\System32\config\systemprofile\Contacts

2008-10-30 13:18 . 2008-10-30 13:33 <DIR> d-------- d:\program files\Windows Live

2008-10-30 13:18 . 2008-10-30 13:33 <DIR> d--hsc--- d:\program files\Common Files\WindowsLiveInstaller

2008-10-30 13:16 . 2008-10-30 13:37 <DIR> d--hs---- d:\windows\Installer

2008-10-30 13:16 . 2008-10-30 13:16 <DIR> d-------- d:\users\All Users\WLInstaller

2008-10-30 13:16 . 2008-10-30 13:16 <DIR> d-------- d:\programdata\WLInstaller

2008-10-30 13:10 . 2008-10-30 13:10 <DIR> d-------- d:\windows\System32\Macromed

2008-10-30 13:08 . 2008-11-02 17:37 <DIR> d-------- d:\windows\System32\catroot2

2008-10-30 13:08 . 2008-11-01 14:07 <DIR> d-------- d:\windows\Debug

2008-10-30 13:04 . 2008-10-30 13:13 <DIR> d-------- d:\windows\Panther

2008-10-30 13:03 . 2008-10-30 13:03 <DIR> d-------- d:\windows\System32\OEM

2008-10-30 13:03 . 2007-03-06 12:08 240,128 -ra------ d:\windows\System32\drivers\boyoem.sys

2008-10-30 13:03 . 2006-12-21 20:30 32 -ra------ d:\windows\ASUS_VERSION

2008-10-30 13:03 . 2007-03-09 18:07 28 -ra------ d:\windows\BOY_VERSION

2008-10-30 12:46 . 2008-10-30 12:46 1,712,984 --a------ d:\windows\System32\wuaueng.dll

2008-10-30 12:46 . 2008-10-30 12:46 1,524,224 --a------ d:\windows\System32\wucltux.dll

2008-10-30 12:46 . 2008-10-30 12:46 53,080 --a------ d:\windows\System32\wuauclt.exe

2008-10-30 12:46 . 2008-10-30 12:46 43,352 --a------ d:\windows\System32\wups2.dll

2008-10-30 12:41 . 2008-10-30 12:41 163,000 --a------ d:\windows\System32\wuwebv.dll

2008-10-30 12:41 . 2008-10-30 12:41 31,232 --a------ d:\windows\System32\wuapp.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-01 16:11 --------- d-----w d:\program files\Windows Defender

2008-11-01 16:06 537,600 ----a-w d:\windows\AppPatch\AcLayers.dll

2008-11-01 16:06 449,536 ----a-w d:\windows\AppPatch\AcSpecfc.dll

2008-11-01 16:06 2,560 ----a-w d:\windows\AppPatch\AcRes.dll

2008-11-01 16:06 2,144,256 ----a-w d:\windows\AppPatch\AcGenral.dll

2008-11-01 16:06 173,056 ----a-w d:\windows\AppPatch\AcXtrnal.dll

2008-11-01 16:05 258,232 ----a-w d:\windows\system32\drivers\acpi.sys

2008-11-01 16:05 2,923,520 ----a-w d:\windows\explorer.exe

2008-11-01 15:37 52,736 ----a-w d:\windows\AppPatch\iebrshim.dll

2008-11-01 13:30 174 --sha-w d:\program files\desktop.ini

2008-10-31 23:05 --------- d-----w d:\program files\Windows Calendar

2008-10-31 22:19 320,000 ----a-w d:\windows\system32\drivers\csc.sys

2008-10-31 22:11 70,144 ----a-w d:\windows\system32\drivers\pacer.sys

2008-10-31 22:11 619,008 ----a-w d:\windows\system32\drivers\dxgkrnl.sys

2008-10-31 22:11 61,952 ----a-w d:\windows\system32\drivers\wanarp.sys

2008-10-31 22:11 48,640 ----a-w d:\windows\system32\drivers\ndproxy.sys

2008-10-31 22:11 20,480 ----a-w d:\windows\system32\drivers\ndistapi.sys

2008-10-30 15:21 --------- d-sh--w d:\programdata\Modelos

2008-10-30 15:21 --------- d-sh--w d:\programdata\Menu Iniciar

2008-10-30 15:21 --------- d-sh--w d:\programdata\Favoritos

2008-10-30 15:21 --------- d-sh--w d:\programdata\Documentos

2008-10-30 15:21 --------- d-sh--w d:\programdata\Dados de aplicativos

2008-10-30 15:21 --------- d-sh--w d:\program files\Common Files\Sistema

2008-10-30 15:21 --------- d-sh--w d:\program files\Arquivos Comuns

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]

"MsnMsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 d:\windows\System32\oobefldr.dll]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminator"="d:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-30 1783808]

"MSConfig"="d:\windows\system32\MSconfig.exe" [2006-11-02 222208]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 1 (0x1)

"NoRecentDocHistory"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2008-11-01 14:04 1006264 d:\program files\Windows Defender\MSASCui.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{9048F913-EE78-4893-940B-9D3266A36962}"= d:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{24DDA0FE-E084-438F-9310-0D0D4E7C2744}"= d:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{095831D8-CB74-451C-B94C-9D468CDEE12A}d:\\program files\\internet explorer\\iexplore.exe"= UDP:d:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{0332D518-0923-481B-BC07-9415D9E60956}d:\\program files\\internet explorer\\iexplore.exe"= TCP:d:\program files\internet explorer\iexplore.exe:Internet Explorer

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]

R1 sp_rsdrv2;Spyware Terminator Driver 2;d:\windows\system32\drivers\sp_rsdrv2.sys [2008-10-30 141312]

R2 aswFsBlk;aswFsBlk;d:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 aswMonFlt;aswMonFlt;d:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]

R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;d:\windows\system32\DRIVERS\fetnd6v.sys [2008-06-25 44032]

S0 OemBiosDevice;Royalty OEM Bios Extension;d:\windows\system32\drivers\boyoem.sys [2007-03-06 240128]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-11-04 d:\windows\Tasks\GlaryInitialize.job

- d:\program files\Glary Utilities\initialize.exe [2008-10-29 17:58]

 

2008-11-04 d:\windows\Tasks\User_Feed_Synchronization-{462C1F33-A16B-4ABE-B45D-F7BBB4930CF5}.job

- d:\windows\system32\msfeedssync.exe [2008-08-22 08:05]

.

.

------- Scan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.br/

O8 -: Crawler Search - tbr:iemenu

O17 -: HKLM\CCS\Interface\{F35837E3-AEA0-4DA9-B8C4-71AA19DAF05F}: NameServer = 200.204.0.10 200.204.0.138

O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - d:\progra~1\Crawler\Toolbar\ctbr.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-04 12:49:32

Windows 6.0.6000 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

d:\windows\System32\audiodg.exe

d:\program files\Alwil Software\Avast4\aswUpdSv.exe

d:\program files\Alwil Software\Avast4\ashServ.exe

d:\program files\Spyware Terminator\sp_rsser.exe

d:\program files\Alwil Software\Avast4\ashMaiSv.exe

d:\program files\Alwil Software\Avast4\ashWebSv.exe

d:\windows\System32\conime.exe

d:\program files\Windows Live\Messenger\usnsvc.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-11-04 12:54:47 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-11-04 14:54:23

 

Pré-execução: 5.525.303.296 bytes disponíveis

Pós execução: 5,429,620,736 bytes disponíveis

 

212 --- E O F --- 2008-11-01 16:09:40

[Pedro the Hedgehog 0]

Você está mandando eu seguir essas etapas porque eu estou infectado? :unsure:

[Pedro the Hedgehog 0]

Alguém aí? Por favor!

[jgarcia 1]

Opa Pedro the Hedgehog,

 

Poste um novo log do ComboFix.

 

Abraços.

 

PS.: Desculpe a demora, pois o tempo anda curto. :(

[Pedro the Hedgehog 0]

O novo log do ComboFix:,

 

 

ComboFix 08-11-10.01 - Pedro the Hedgehog 2008-11-11 8:55:21.2 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1046.18.558 [GMT -2:00]

Executando de: d:\users\Pedro the Hedgehog\Downloads\ComboFix.exe

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))

.

 

2008-11-10 18:04 . 2008-11-10 18:04 93,594 --a------ d:\windows\System32\AdobeLinguistic.dll

2008-11-09 13:27 . 2008-11-10 18:39 <DIR> d-------- D:\Downloads

2008-11-09 13:15 . 2008-11-10 18:38 <DIR> d-------- d:\users\Pedro the Hedgehog\AppData\Roaming\Orbit

2008-11-07 16:56 . 2008-11-07 16:56 <DIR> d-------- d:\users\Pedro the Hedgehog\AppData\Roaming\Media Player Classic

2008-11-07 16:54 . 2008-11-07 16:54 <DIR> d-------- d:\users\All Users\Real

2008-11-07 16:54 . 2008-11-07 16:54 <DIR> d-------- d:\program files\K-Lite Codec Pack

2008-11-05 13:35 . 2008-11-05 13:35 <DIR> d-------- d:\users\All Users\Messenger Plus!

2008-11-05 13:35 . 2008-11-05 13:35 <DIR> d-------- d:\programdata\Messenger Plus!

2008-11-05 10:50 . 2008-11-05 10:50 <DIR> d-------- d:\program files\Messenger Plus! Live

2008-11-04 18:48 . 2008-11-04 18:50 <DIR> d-------- d:\users\All Users\Adobe

2008-11-04 18:47 . 2008-11-04 18:48 <DIR> d-------- d:\program files\Common Files\Adobe

2008-11-04 14:09 . 2008-07-19 11:36 51,280 --a------ d:\windows\System32\drivers\aswMonFlt.sys

2008-11-04 13:15 . 2006-11-02 08:23 <DIR> dr------- d:\users\Administrador\Videos

2008-11-04 13:15 . 2006-11-02 08:23 <DIR> d-------- d:\users\Administrador\Saved Games

2008-11-04 13:15 . 2006-11-02 08:23 <DIR> dr------- d:\users\Administrador\Pictures

2008-11-04 13:15 . 2006-11-02 08:23 <DIR> dr------- d:\users\Administrador\Music

2008-11-04 13:15 . 2006-11-02 08:23 <DIR> dr------- d:\users\Administrador\Links

2008-11-04 13:15 . 2006-11-02 08:23 <DIR> dr------- d:\users\Administrador\Downloads

2008-11-04 13:15 . 2008-11-04 13:15 <DIR> dr------- d:\users\Administrador\Documents

2008-11-04 13:15 . 2006-11-02 09:18 <DIR> d--h----- d:\users\Administrador\AppData

2008-11-04 13:15 . 2008-11-10 18:38 <DIR> d-------- d:\users\Administrador

2008-11-02 17:34 . 2008-11-04 13:13 <DIR> d-------- d:\users\Pedro the Hedgehog\AppData\Roaming\GlarySoft

2008-11-02 17:17 . 2008-11-02 17:17 <DIR> d-------- d:\program files\Glary Utilities

2008-11-01 14:06 . 2008-11-01 14:06 4,247,552 --a------ d:\windows\System32\GameUXLegacyGDFs.dll

2008-11-01 14:06 . 2008-11-01 14:06 1,686,528 --a------ d:\windows\System32\gameux.dll

2008-11-01 14:06 . 2008-11-01 14:06 28,160 --a------ d:\windows\System32\Apphlpdm.dll

2008-11-01 14:01 . 2008-11-01 14:01 802,816 --a------ d:\windows\System32\drivers\tcpip.sys

2008-11-01 14:01 . 2008-11-01 14:01 216,760 --a------ d:\windows\System32\drivers\netio.sys

2008-11-01 14:01 . 2008-11-01 14:01 167,424 --a------ d:\windows\System32\tcpipcfg.dll

2008-11-01 14:01 . 2008-11-01 14:01 24,064 --a------ d:\windows\System32\netcfg.exe

2008-11-01 14:01 . 2008-11-01 14:01 22,016 --a------ d:\windows\System32\netiougc.exe

2008-11-01 14:00 . 2008-11-01 14:00 1,060,920 --a------ d:\windows\System32\drivers\ntfs.sys

2008-11-01 14:00 . 2008-11-01 14:00 41,984 --a------ d:\windows\System32\drivers\monitor.sys

2008-11-01 13:58 . 2008-11-01 13:58 1,152,000 --a------ d:\windows\System32\themecpl.dll

2008-11-01 13:58 . 2008-11-01 13:58 268,288 --a------ d:\windows\System32\mcbuilder.exe

2008-11-01 13:58 . 2008-11-01 13:58 233,888 --a------ d:\windows\System32\DreamScene.dll

2008-11-01 13:58 . 2008-11-01 13:58 165,888 --a------ d:\windows\System32\lpksetup.exe

2008-11-01 13:58 . 2008-11-01 13:58 25,600 --a------ d:\windows\System32\LangCleanupSysprepAction.dll

2008-11-01 13:58 . 2008-11-01 13:58 23,552 --a------ d:\windows\System32\lpremove.exe

2008-11-01 13:58 . 2008-11-01 13:58 10,240 --a------ d:\windows\System32\MUILanguageCleanup.dll

2008-11-01 13:56 . 2008-11-01 13:56 2,048 --a------ d:\windows\System32\tzres.dll

2008-11-01 13:54 . 2008-11-01 13:54 8,147,968 --a------ d:\windows\System32\wmploc.DLL

2008-11-01 13:54 . 2008-11-01 13:54 356,864 --a------ d:\windows\System32\MediaMetadataHandler.dll

2008-11-01 13:54 . 2008-11-01 13:54 7,680 --a------ d:\windows\System32\spwmp.dll

2008-11-01 13:54 . 2008-11-01 13:54 4,096 --a------ d:\windows\System32\msdxm.ocx

2008-11-01 13:54 . 2008-11-01 13:54 4,096 --a------ d:\windows\System32\dxmasf.dll

2008-11-01 13:53 . 2008-11-01 13:53 104,448 --a------ d:\windows\System32\DWWIN.EXE

2008-11-01 13:52 . 2008-11-01 13:52 1,191,936 --a------ d:\windows\System32\msxml3.dll

2008-11-01 13:52 . 2008-11-01 13:52 2,048 --a------ d:\windows\System32\msxml3r.dll

2008-11-01 13:51 . 2008-11-01 13:51 224,768 --a------ d:\windows\System32\drivers\usbport.sys

2008-11-01 13:51 . 2008-11-01 13:51 192,000 --a------ d:\windows\System32\drivers\usbhub.sys

2008-11-01 13:51 . 2008-11-01 13:51 38,400 --a------ d:\windows\System32\drivers\usbehci.sys

2008-11-01 13:51 . 2008-11-01 13:51 23,040 --a------ d:\windows\System32\drivers\usbuhci.sys

2008-11-01 13:51 . 2008-11-01 13:51 8,704 --a------ d:\windows\System32\hcrstco.dll

2008-11-01 13:51 . 2008-11-01 13:51 8,704 --a------ d:\windows\System32\hccoin.dll

2008-11-01 13:51 . 2008-11-01 13:51 5,888 --a------ d:\windows\System32\drivers\usbd.sys

2008-11-01 13:48 . 2008-11-01 13:48 290,304 --a------ d:\windows\System32\drivers\srv.sys

2008-11-01 13:47 . 2008-11-01 13:47 441,856 --a------ d:\windows\System32\win32spl.dll

2008-11-01 13:47 . 2008-11-01 13:47 37,376 --a------ d:\windows\System32\printcom.dll

2008-11-01 13:46 . 2008-11-01 13:46 113,664 --a------ d:\windows\System32\drivers\rmcast.sys

2008-11-01 13:46 . 2008-11-01 13:46 14,848 --a------ d:\windows\System32\wshrm.dll

2008-11-01 13:45 . 2008-11-01 13:45 788,992 --a------ d:\windows\System32\rpcrt4.dll

2008-11-01 13:44 . 2008-11-01 13:44 152,576 --a------ d:\windows\System32\imagehlp.dll

2008-11-01 13:44 . 2008-11-01 13:44 12,800 --a------ d:\windows\System32\drivers\fs_rec.sys

2008-11-01 13:44 . 2008-11-01 13:44 5,120 --a------ d:\windows\System32\wmi.dll

2008-11-01 13:43 . 2008-11-01 13:43 1,327,104 --a------ d:\windows\System32\quartz.dll

2008-11-01 13:42 . 2008-11-01 13:42 974,336 --a------ d:\windows\System32\crypt32.dll

2008-11-01 13:34 . 2008-11-01 13:34 3,505,208 --a------ d:\windows\System32\ntkrnlpa.exe

2008-11-01 13:34 . 2008-11-01 13:34 3,470,904 --a------ d:\windows\System32\ntoskrnl.exe

2008-11-01 13:31 . 2008-11-01 13:31 750,080 --a------ d:\windows\System32\qmgr.dll

2008-10-31 20:11 . 2008-10-31 20:11 694,784 --a------ d:\windows\System32\localspl.dll

2008-10-31 19:18 . 2008-10-31 19:18 <DIR> d-------- D:\perflogs

2008-10-30 13:54 . 2008-10-30 13:54 <DIR> d-------- d:\program files\Alwil Software

2008-10-30 13:54 . 2003-03-18 19:20 1,060,864 --a------ d:\windows\System32\MFC71.dll

2008-10-30 13:54 . 2003-03-18 18:14 499,712 --a------ d:\windows\System32\MSVCP71.dll

2008-10-30 13:54 . 2003-02-21 03:42 348,160 --a------ d:\windows\System32\MSVCR71.dll

2008-10-30 13:33 . 2008-10-30 13:33 <DIR> d-------- d:\windows\PCHEALTH

2008-10-30 13:28 . 2008-11-01 11:31 <DIR> dr------- d:\users\Pedro the Hedgehog\Searches

2008-10-30 13:28 . 2008-10-30 13:38 <DIR> dr------- d:\users\Pedro the Hedgehog\Contacts

2008-10-30 13:27 . 2008-11-07 18:07 <DIR> dr------- d:\users\Pedro the Hedgehog\Videos

2008-10-30 13:27 . 2008-10-30 13:50 <DIR> dr------- d:\users\Pedro the Hedgehog\Saved Games

2008-10-30 13:27 . 2008-11-10 16:34 <DIR> dr------- d:\users\Pedro the Hedgehog\Pictures

2008-10-30 13:27 . 2008-10-30 13:28 <DIR> dr------- d:\users\Pedro the Hedgehog\Music

2008-10-30 13:27 . 2008-11-01 11:31 <DIR> dr------- d:\users\Pedro the Hedgehog\Links

2008-10-30 13:27 . 2008-11-11 08:53 <DIR> dr------- d:\users\Pedro the Hedgehog\Downloads

2008-10-30 13:27 . 2008-11-11 08:55 <DIR> dr------- d:\users\Pedro the Hedgehog\Documents

2008-10-30 13:27 . 2006-11-02 10:35 <DIR> d-------- d:\users\Pedro the Hedgehog\AppData\Roaming\Media Center Programs

2008-10-30 13:27 . 2008-10-30 13:28 <DIR> d--h----- d:\users\Pedro the Hedgehog\AppData

2008-10-30 13:27 . 2008-11-09 15:52 <DIR> d-------- d:\users\Pedro the Hedgehog

2008-10-30 13:20 . 2008-10-30 13:20 <DIR> dr------- d:\windows\System32\config\systemprofile\Contacts

2008-10-30 13:18 . 2008-10-30 13:33 <DIR> d-------- d:\program files\Windows Live

2008-10-30 13:18 . 2008-10-30 13:33 <DIR> d--hsc--- d:\program files\Common Files\WindowsLiveInstaller

2008-10-30 13:16 . 2008-11-04 18:50 <DIR> d--hs---- d:\windows\Installer

2008-10-30 13:10 . 2008-10-30 13:10 <DIR> d-------- d:\windows\System32\Macromed

2008-10-30 13:08 . 2008-11-02 17:37 <DIR> d-------- d:\windows\System32\catroot2

2008-10-30 13:08 . 2008-11-01 14:07 <DIR> d-------- d:\windows\Debug

2008-10-30 13:04 . 2008-11-04 12:58 <DIR> d-------- d:\windows\Panther

2008-10-30 13:03 . 2008-10-30 13:03 <DIR> d-------- d:\windows\System32\OEM

2008-10-30 13:03 . 2007-03-06 12:08 240,128 -ra------ d:\windows\System32\drivers\boyoem.sys

2008-10-30 13:03 . 2006-12-21 20:30 32 -ra------ d:\windows\ASUS_VERSION

2008-10-30 13:03 . 2007-03-09 18:07 28 -ra------ d:\windows\BOY_VERSION

2008-10-30 12:46 . 2008-10-30 12:46 1,712,984 --a------ d:\windows\System32\wuaueng.dll

2008-10-30 12:46 . 2008-10-30 12:46 1,524,224 --a------ d:\windows\System32\wucltux.dll

2008-10-30 12:46 . 2008-10-30 12:46 53,080 --a------ d:\windows\System32\wuauclt.exe

2008-10-30 12:46 . 2008-10-30 12:46 43,352 --a------ d:\windows\System32\wups2.dll

2008-10-30 12:41 . 2008-10-30 12:41 163,000 --a------ d:\windows\System32\wuwebv.dll

2008-10-30 12:41 . 2008-10-30 12:41 31,232 --a------ d:\windows\System32\wuapp.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-01 16:11 --------- d-----w d:\program files\Windows Defender

2008-11-01 16:06 537,600 ----a-w d:\windows\AppPatch\AcLayers.dll

2008-11-01 16:06 449,536 ----a-w d:\windows\AppPatch\AcSpecfc.dll

2008-11-01 16:06 2,560 ----a-w d:\windows\AppPatch\AcRes.dll

2008-11-01 16:06 2,144,256 ----a-w d:\windows\AppPatch\AcGenral.dll

2008-11-01 16:06 173,056 ----a-w d:\windows\AppPatch\AcXtrnal.dll

2008-11-01 16:05 704,000 ----a-w d:\windows\System32\PhotoScreensaver.scr

2008-11-01 16:05 67,584 ----a-w d:\windows\System32\wlanhlp.dll

2008-11-01 16:05 542,720 ----a-w d:\windows\System32\sysmain.dll

2008-11-01 16:05 502,784 ----a-w d:\windows\System32\wlansvc.dll

2008-11-01 16:05 47,104 ----a-w d:\windows\System32\wlanapi.dll

2008-11-01 16:05 297,984 ----a-w d:\windows\System32\wlansec.dll

2008-11-01 16:05 290,816 ----a-w d:\windows\System32\wlanmsm.dll

2008-11-01 16:05 258,232 ----a-w d:\windows\system32\drivers\acpi.sys

2008-11-01 16:05 24,064 ----a-w d:\windows\System32\wtsapi32.dll

2008-11-01 16:05 2,923,520 ----a-w d:\windows\explorer.exe

2008-11-01 16:05 2,027,008 ----a-w d:\windows\System32\win32k.sys

2008-11-01 15:37 52,736 ----a-w d:\windows\AppPatch\iebrshim.dll

2008-11-01 13:30 174 --sha-w d:\program files\desktop.ini

2008-10-31 23:05 --------- d-----w d:\program files\Windows Calendar

2008-10-31 22:11 8,192 ----a-w d:\windows\System32\riched32.dll

2008-10-30 15:21 --------- d-sh--w d:\programdata\Modelos

2008-10-30 15:21 --------- d-sh--w d:\programdata\Menu Iniciar

2008-10-30 15:21 --------- d-sh--w d:\programdata\Favoritos

2008-10-30 15:21 --------- d-sh--w d:\programdata\Documentos

2008-10-30 15:21 --------- d-sh--w d:\programdata\Dados de aplicativos

2008-10-30 15:21 --------- d-sh--w d:\program files\Common Files\Sistema

2008-10-30 15:21 --------- d-sh--w d:\program files\Arquivos Comuns

2008-09-16 00:14 3,596,288 ----a-w d:\windows\System32\qt-dx331.dll

2008-09-16 00:12 81,920 ----a-w d:\windows\System32\dpl100.dll

2008-09-16 00:11 683,520 ----a-w d:\windows\System32\divx.dll

2008-08-22 10:08 878,592 ----a-w d:\windows\System32\wininet.dll

2008-08-22 10:07 43,008 ----a-w d:\windows\System32\licmgr10.dll

2008-08-22 10:07 18,944 ----a-w d:\windows\System32\corpol.dll

2008-08-22 10:06 72,704 ----a-w d:\windows\System32\admparse.dll

2008-08-22 10:06 71,680 ----a-w d:\windows\System32\iesetup.dll

2008-08-22 10:06 66,560 ----a-w d:\windows\System32\wextract.exe

2008-08-22 10:06 129,024 ----a-w d:\windows\System32\ieUnatt.exe

2008-08-22 10:06 110,080 ----a-w d:\windows\System32\PDMSetup.exe

2008-08-22 10:06 103,424 ----a-w d:\windows\System32\SetIEInstalledDate.exe

2008-08-22 10:05 35,840 ----a-w d:\windows\System32\imgutil.dll

2008-08-22 10:05 168,960 ----a-w d:\windows\System32\iexpress.exe

2008-08-22 10:04 48,640 ----a-w d:\windows\System32\PrivacIE.dll

2008-08-22 10:04 48,128 ----a-w d:\windows\System32\mshtmler.dll

2008-08-22 10:04 45,568 ----a-w d:\windows\System32\mshta.exe

2008-08-22 09:57 156,160 ----a-w d:\windows\System32\msls31.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ehTray.exe"="d:\windows\ehome\ehTray.exe" [2006-11-02 125440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSConfig"="d:\windows\system32\msconfig.exe" [2006-11-02 222208]

"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 1 (0x1)

"NoRecentDocHistory"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2008-11-01 14:04 1006264 d:\program files\Windows Defender\MSASCui.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{9048F913-EE78-4893-940B-9D3266A36962}"= d:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{24DDA0FE-E084-438F-9310-0D0D4E7C2744}"= d:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{095831D8-CB74-451C-B94C-9D468CDEE12A}d:\\program files\\internet explorer\\iexplore.exe"= UDP:d:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{0332D518-0923-481B-BC07-9415D9E60956}d:\\program files\\internet explorer\\iexplore.exe"= TCP:d:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{8BE818E8-954F-4A41-803E-F31271979117}d:\\program files\\winpcap\\rpcapd.exe"= UDP:d:\program files\winpcap\rpcapd.exe:Remote Packet Capture Daemon

"UDP Query User{39509377-A9FC-4776-916B-CC091787A211}d:\\program files\\winpcap\\rpcapd.exe"= TCP:d:\program files\winpcap\rpcapd.exe:Remote Packet Capture Daemon

"TCP Query User{32FB953B-9F69-44F5-907D-B622F93754BE}d:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:d:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"UDP Query User{D0BE17B3-B5ED-4165-84A4-9D0CFDE1AB2C}d:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:d:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

 

R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;d:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 aswMonFlt;aswMonFlt;d:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]

R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;d:\windows\system32\DRIVERS\fetnd6v.sys [2008-06-25 44032]

S0 OemBiosDevice;Royalty OEM Bios Extension;d:\windows\system32\drivers\boyoem.sys [2007-03-06 240128]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-11-11 d:\windows\Tasks\GlaryInitialize.job

- d:\program files\Glary Utilities\initialize.exe [2008-10-29 17:58]

 

2008-11-11 d:\windows\Tasks\User_Feed_Synchronization-{462C1F33-A16B-4ABE-B45D-F7BBB4930CF5}.job

- d:\windows\system32\msfeedssync.exe [2008-08-22 08:05]

.

.

------- Scan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.br/

O8 -: &Download by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/201

O8 -: &Grab video by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/204

O8 -: Do&wnload selected by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/203

O8 -: Down&load all by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/202

O17 -: HKLM\CCS\Interface\{F35837E3-AEA0-4DA9-B8C4-71AA19DAF05F}: NameServer = 200.204.0.10 200.204.0.138

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-11 09:01:05

Windows 6.0.6000 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-11-11 9:03:44

ComboFix-quarantined-files.txt 2008-11-11 11:03:31

 

Pré-execução: 5.038.411.776 bytes disponíveis

Pós execução: 5,028,233,216 bytes disponíveis

 

226 --- E O F --- 2008-11-01 16:09:40

[jgarcia 1]

Opa Pedro the Hedgehog,

 

1. Baixe o BankerFix 3.0.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. A janela do Banker Fix 3.0 abrir-se-á com a seguinte pergunta Instalar o BankerFix 3.0 / Install BankerFix 3.0 ? >> clique em SIM.

 

4. Uma janela informando que o BankerFix 3.0 será baixado via internet abrir-se-á >> clique sobre OK e aguarde. Na próxima janela clique em OK mais uma vez, a fim de que o BankerFix 3.0 seja iniciado.

 

5. Pressione qualquer tecla para dar continuidade ao processo e aguarde até que a varredura se complete. Tenha paciência, pois ela pode demorar alguns minutos.

 

6. Terminado o scan, leia a mensagem na tela e aperte Enter.

 

7. Habilite o seu anti-vírus.

 

8. Retorne com o relatorio.txt do BankerFix (ele estará em D:\LinhaDefensiva\).

 

9. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no D.

 

Abraços.

 

PS.: Caso apareça a seguinte mensagem: Site denunciado como foco de ataques!, não se preocupe e clique sobre Ignorar este alerta.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.