[Resolvido!] PC infectado

Edvan · Fevereiro 10, 2009

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:35 Edvânia, on 9/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe

C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

c:\arquivos de programas\blok free 3\blkfc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dvmd.exe

C:\WINDOWS\System32\sbfc.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\explorer.exe

C:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [blok Free 3] "c:\arquivos de programas\blok free 3\blkfc.exe"

O4 - HKLM\..\Run: [sbfc] C:\WINDOWS\System32\sbfc.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bDMCon] "C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKCU\..\Run: [sbfc] C:\WINDOWS\System32\sbfc.exe

O4 - HKCU\..\Run: [abfc] "c:\arquivos de programas\blok free 3\blkfc.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Assistente Wireless Intelbras WBG901.lnk = C:\Arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Recurso DVMD (ResDVMD) - DVMD - C:\WINDOWS\system32\dvmd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

--

End of file - 7811 bytes

ComboFix 09-02-08.02 - Windows XP 2009-02-09 22:30:54.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.895.666 [GMT -3:00]

Running from: c:\documents and settings\Windows XP\Desktop\ComboFix.exe

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))

.

2009-02-09 22:29 . 2009-02-09 22:29 <DIR> d-------- C:\32788R22FWJFW

2009-02-09 18:42 . 2009-02-09 18:42 <DIR> d-------- c:\windows\LastGood.Tmp

2009-02-09 18:41 . 2009-02-09 18:41 <DIR> d-------- c:\windows\system32\bits

2009-02-09 18:41 . 2009-02-09 18:41 <DIR> d-------- c:\windows\l2schemas

2009-02-09 18:39 . 2009-02-09 18:41 <DIR> d-------- c:\windows\ServicePackFiles

2009-01-29 15:16 . 2009-01-29 15:16 <DIR> d--h----- c:\windows\PIF

2009-01-27 23:22 . 2009-01-27 23:22 <DIR> d-------- c:\arquivos de programas\Nokia

2009-01-27 23:22 . 2009-01-27 23:22 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\PCSuite

2009-01-27 23:22 . 2009-01-27 23:22 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Nokia

2009-01-27 23:22 . 2006-05-29 08:26 127,488 --a------ c:\windows\system32\drivers\nmwcd.sys

2009-01-27 23:22 . 2006-05-29 08:26 4,608 --a------ c:\windows\system32\nmwcdlog.dll

2009-01-27 21:59 . 2009-01-27 21:59 <DIR> d-------- c:\arquivos de programas\DIFX

2009-01-27 21:58 . 2009-01-27 22:01 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2009-01-27 21:55 . 2009-01-27 23:06 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Downloaded Installations

2009-01-27 21:55 . 2008-04-13 15:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys

2009-01-27 21:54 . 2009-01-27 21:54 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-01-27 21:54 . 2009-01-27 21:54 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2009-01-27 21:47 . 2009-01-27 21:47 <DIR> d-------- c:\documents and settings\Windows XP\Dados de aplicativos\Nokia Multimedia Player

2009-01-27 21:44 . 2009-01-28 22:11 <DIR> d-------- c:\documents and settings\Windows XP\Phone Browser

2009-01-27 21:44 . 2009-01-28 22:11 <DIR> d-------- c:\documents and settings\Windows XP\Dados de aplicativos\DataLayer

2009-01-27 21:43 . 2009-01-27 21:43 <DIR> d-------- c:\documents and settings\Windows XP\Dados de aplicativos\Nokia

2009-01-27 21:42 . 2009-01-27 21:42 <DIR> d-------- c:\documents and settings\Windows XP\Dados de aplicativos\PC Suite

2009-01-27 21:40 . 2005-09-26 08:07 48,640 -ra------ c:\windows\system32\drivers\ser2pl.sys

2009-01-26 21:23 . 2009-01-26 21:23 <DIR> d-------- c:\documents and settings\Windows XP\Dados de aplicativos\Bitdefender

2009-01-26 21:08 . 2009-02-09 22:30 81,984 --a------ c:\windows\system32\bdod.bin

2009-01-26 21:03 . 2009-01-26 21:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\BitDefender

2009-01-26 21:03 . 2009-01-26 21:03 <DIR> d-------- c:\arquivos de programas\Softwin

2009-01-26 21:00 . 2009-01-26 21:03 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Softwin

2009-01-25 19:14 . 2009-01-25 19:14 268 --ah----- C:\sqmdata13.sqm

2009-01-25 19:14 . 2009-01-25 19:14 244 --ah----- C:\sqmnoopt13.sqm

2009-01-24 00:22 . 2009-01-24 00:39 38 --a------ c:\windows\avisplitter.INI

2009-01-22 23:34 . 2009-01-22 23:34 <DIR> d-------- c:\arquivos de programas\MSECache

2009-01-21 22:39 . 2009-01-21 22:39 <DIR> d--h----- c:\windows\system32\GroupPolicy

2009-01-21 22:02 . 2009-02-08 23:21 <DIR> d-------- C:\downloads

2009-01-21 22:02 . 2009-02-09 19:02 <DIR> d-------- c:\documents and settings\Windows XP\Dados de aplicativos\Orbit

2009-01-21 22:02 . 2009-01-21 22:56 <DIR> d-------- c:\documents and settings\Windows XP\Dados de aplicativos\GrabPro

2009-01-21 22:02 . 2009-02-09 19:09 <DIR> d-------- c:\arquivos de programas\Orbitdownloader

2009-01-20 22:19 . 2009-01-20 22:21 <DIR> d-------- C:\DDNS

2009-01-20 22:19 . 1996-01-09 10:38 283,648 --a------ c:\windows\uninst.exe

2009-01-20 20:50 . 2009-01-20 20:50 <DIR> d-------- c:\arquivos de programas\Winco

2009-01-19 20:37 . 2009-01-19 20:37 <DIR> d-------- c:\windows\PaltalkScene

2009-01-19 20:37 . 2009-01-22 23:38 <DIR> d-------- c:\documents and settings\Windows XP\Dados de aplicativos\Paltalk

2009-01-19 20:37 . 2009-01-22 23:38 <DIR> d-------- c:\arquivos de programas\Paltalk Messenger

2009-01-11 00:52 . 2009-01-11 00:52 268 --ah----- C:\sqmdata12.sqm

2009-01-11 00:52 . 2009-01-11 00:52 244 --ah----- C:\sqmnoopt12.sqm

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-09 22:02 --------- d-----w c:\arquivos de programas\MSN Messenger

2009-02-03 21:12 --------- d-----w c:\documents and settings\Windows XP\Dados de aplicativos\Skype

2009-02-03 19:04 --------- d-----w c:\documents and settings\Windows XP\Dados de aplicativos\skypePM

2009-01-28 02:11 --------- d-----w c:\documents and settings\Windows XP\Dados de aplicativos\Teleca

2009-01-28 02:11 --------- d-----w c:\arquivos de programas\Arquivos comuns\Teleca Shared

2009-01-28 00:39 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-01-26 23:57 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-01-24 21:15 --------- d-----w c:\documents and settings\Windows XP\Dados de aplicativos\Hamachi

2009-01-02 14:52 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-01-02 14:52 --------- d-----w c:\arquivos de programas\Arquivos comuns\Skype

2009-01-02 14:52 --------- d-----r c:\arquivos de programas\Skype

2008-12-30 22:00 --------- d-----w c:\arquivos de programas\Ares

2008-12-30 21:26 --------- d-----w c:\documents and settings\Windows XP\Dados de aplicativos\Leadertech

2008-12-28 21:25 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-12-23 00:15 --------- d-----w c:\arquivos de programas\RealVNC

2008-12-22 03:48 --------- d-----w c:\arquivos de programas\MSXML 4.0

2008-12-21 03:19 --------- d-----w c:\documents and settings\Windows XP\Dados de aplicativos\AdobeUM

2008-12-21 03:19 --------- d-----w c:\documents and settings\Windows XP\Dados de aplicativos\AdobeAUM

2008-12-21 03:03 --------- d-----w c:\documents and settings\Windows XP\Dados de aplicativos\Sony Ericsson

2008-12-18 20:39 --------- d-----w c:\arquivos de programas\a-squared Free

2008-12-13 03:50 401,720 ----a-w C:\HiJackThis.exe

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-11-13 10:29 315,392 ----a-w c:\windows\HideWin.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"sbfc"="c:\windows\System32\sbfc.exe" [2008-08-22 428544]

"abfc"="c:\arquivos de programas\blok free 3\blkfc.exe" [2008-08-22 1101312]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"msnmsgr"="c:\arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2008-12-25 893440]

"PcSync"="c:\arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Blok Free 3"="c:\arquivos de programas\blok free 3\blkfc.exe" [2008-08-22 1101312]

"sbfc"="c:\windows\System32\sbfc.exe" [2008-08-22 428544]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-30 7634944]

"BDMCon"="c:\arquivos de programas\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 290816]

"BDAgent"="c:\arquivos de programas\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]

"PCSuiteTrayApplication"="c:\arquiv~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Wireless Intelbras WBG901.lnk - c:\arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe [2008-11-19 671744]

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-01-21 1715400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Windows XP^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

path=c:\documents and settings\Windows XP\Menu Iniciar\Programas\Inicializar\hamachi.lnk

backup=c:\windows\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\abfc]

--a------ 2008-08-22 10:56 1101312 c:\arquivos de programas\Blok Free 3\blkfc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2005-06-06 23:46 57344 c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 21:16 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

--a------ 2008-12-25 21:40 893440 c:\arquivos de programas\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blok Free 3]

--a------ 2008-08-22 10:56 1101312 c:\arquivos de programas\Blok Free 3\blkfc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 11:54 5674352 c:\arquivos de programas\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-10-30 19:35 7634944 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2006-10-30 19:35 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sbfc]

--a------ 2008-08-22 10:46 428544 c:\windows\system32\sbfc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-12-08 13:41 26499880 c:\arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 04:27 144784 c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-10-30 19:35 1622016 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-07-05 05:08 16380416 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2007-06-15 05:45 1826816 c:\windows\SkyTel.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

R2 ResDVMD;Recurso DVMD;c:\windows\system32\dvmd.exe [2008-08-22 479744]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - USNJSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{202f04c2-b0e3-11dd-9a62-806d6172696f}]

\Shell\AutoRun\command - d:\bin\assetup.exe

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Sony Ericsson PC Suite - c:\arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.orbitdownloader.com

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Windows XP\Dados de aplicativos\Mozilla\Firefox\Profiles\hapcrg01.default\

FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-09 22:33:15

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2009-02-09 22:34:13

ComboFix-quarantined-files.txt 2009-02-10 01:34:05

Pre-Run: 15 pasta(s) 138.559.291.392 bytes disponíveis

Post-Run: 15 pasta(s) 138,869,800,960 bytes disponíveis

197 --- E O F --- 2009-02-09 21:44:00

DigRam · Fevereiro 12, 2009

Bom Dia! Edvan

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-o no Desktop! --> Tire-o do zip!

<@> Desabilite,temporariamente,seus programas de proteção. <-- ( antivírus,antispyware e firewall )

<@> Para maiores detalhes,na instalação,siga as recomendações deste Tutorial. <-- Link

<@> Execute a ferramenta,com um duplo-clique em UsbFix.exe.

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado.

Abraços!

Edvan · Fevereiro 13, 2009

Bom Dia! Edvan

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-o no Desktop! --> Tire-o do zip!

<@> Desabilite,temporariamente,seus programas de proteção. <-- ( antivírus,antispyware e firewall )

<@> Para maiores detalhes,na instalação,siga as recomendações deste Tutorial. <-- Link

<@> Execute a ferramenta,com um duplo-clique em UsbFix.exe.

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado.

Abraços!

Caro 'DigRam não conseguir baixar o UsbFix.exe pelo link acima deve está corrompido, alguma coisa está errado pois outros amigos também tentaram baixar e também nao conseguiu.. fico esperando sua instrução..

PS: Qualquer coisa manda para meu e-mail do msn.. edvan.tj@hotmail.com

DigRam · Fevereiro 13, 2009

Boa Noite! Edvan

Caro 'DigRam não conseguir baixar o UsbFix.exe pelo link acima deve está corrompido, alguma coisa está errado pois outros amigos também tentaram baixar e também nao conseguiu.. fico esperando sua instrução..

PS: Qualquer coisa manda para meu e-mail do msn.. edvan.tj@hotmail.com

<!> Fiz a correção lá no Post.

< http://www.badongo.com/file/13360751 >

Abraços!

Edvan · Fevereiro 14, 2009

OBS: Caro Digram eu conseguir fazer o download do programa mais demorou muito pois quando eu colocava as letras para fazer o download daí aparecia os segundos diminuindo ate dar o link mais só que sempre direcionava para uma pagina do Mercado Livre mais com muita insistência deu certo.. :thumbsup:

-------------- UsbFix V2.395 ---------------

* User : Windows XP - PERSONAL-3CF72C

* Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8

* Recherche effectuée à 21:59:18 le --- 13/02/2009

* Windows Xp - Internet Explorer 7.0.5730.11

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\logonui.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\svchost.exe

C:\DOCUME~1\WINDOW~1\CONFIG~1\Temp\1.tmp\b2e.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\dvmd.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe

--------------- [ Informations lecteurs ] ----------------

C: - Unidade de disco fixo

E: - Unidade de disco remov¡vel

+- Contenu de l'autorun : E:\autorun.inf

--------------- [ Registre / Startup ] ----------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Blok Free 3 REG_SZ "c:\arquivos de programas\blok free 3\blkfc.exe"

sbfc REG_SZ C:\WINDOWS\System32\sbfc.exe

NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

BDMCon REG_SZ "C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe" /reg

BDAgent REG_SZ "C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe"

PCSuiteTrayApplication REG_SZ C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

sbfc REG_SZ C:\WINDOWS\System32\sbfc.exe

abfc REG_SZ "c:\arquivos de programas\blok free 3\blkfc.exe"

ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

msnmsgr REG_SZ "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

ares REG_SZ "C:\Arquivos de programas\Ares\Ares.exe" -h

PcSync REG_SZ C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{202f04c2-b0e3-11dd-9a62-806d6172696f}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{202f04c2-b0e3-11dd-9a62-806d6172696f}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Echec de la supression !! - E:\autorun.inf

Supprimé ! - E:\start.exe

Supprimé ! - E:\b.com

Supprimé ! - E:\autorun.inf

--------------- ! Fin du rapport ! ----------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:06 Edvânia, on 13/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\dvmd.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe

C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe