Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

eneicrv

[Arquivado] O em8tqm.cmd encontrou um problema e precisa ser fech

Recommended Posts

Possuo 1 hd dividido em 5 partições, quando clico duas vezes pra abrir aparece o seguinte erro.

O em8tqm.cmd encontrou um problema e precisa ser fechado.

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:27:34, on 25/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Free Download Manager\fum\fum.exe

C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [Free Upload Manager] "C:\Arquivos de programas\Free Download Manager\fum\fum.exe" -autorun

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Arquivos de programas\Mozilla Firefox\plugins\GetFlash.exe -p

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-796845957-484061587-682003330-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrador')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211551815681

O17 - HKLM\System\CCS\Services\Tcpip\..\{D6991B07-22E9-447F-B2E0-135077BE0CBF}: NameServer = 201.10.120.3,201.10.128.3

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 5627 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá eneicrv! Baixe: ComboFix > salve na área de trabalho

  • Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.
  • Dê um duplo-clique no combofix.exe e clique em Executar para prosseguir o Fix. Aguarde pois é um pouco demorado.
  • O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
  • Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta.
     
    OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

 

O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia Segue Abaixo o Relatorio

 

 

ComboFix 09-03-25.03 - CPD 2009-03-26 10:35:38.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.512.335 [GMT -3:00]

Executando de: c:\documents and settings\CPD\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

C:\em8tqm.cmd

c:\windows\system32\idmhpr.dll

c:\windows\system32\nmdfgds0.dll

c:\windows\system32\olhrwef.exe

D:\Autorun.inf

D:\em8tqm.cmd

D:\gyn.cmd

D:\jm3cx96.bat

d:\recycler\Desktop.ini

d:\recycler\setup.exe

D:\xsia.bat

E:\Autorun.inf

E:\em8tqm.cmd

E:\gyn.cmd

E:\jm3cx96.bat

e:\recycler\Desktop.ini

e:\recycler\setup.exe

E:\xsia.bat

F:\Autorun.inf

F:\em8tqm.cmd

F:\gyn.cmd

F:\jm3cx96.bat

f:\recycler\Desktop.ini

f:\recycler\setup.exe

F:\xsia.bat

G:\Autorun.inf

G:\em8tqm.cmd

G:\jm3cx96.bat

g:\recycler\Desktop.ini

g:\recycler\setup.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_VOJLB

-------\Service_vojlb

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-26 to 2009-03-26 ))))))))))))))))))))))))))))

.

 

2009-03-26 08:53 . 2009-03-26 08:53 268 --ah----- C:\sqmdata02.sqm

2009-03-26 08:53 . 2009-03-26 08:53 244 --ah----- C:\sqmnoopt02.sqm

2009-03-26 08:40 . 2009-03-26 08:41 <DIR> d-------- c:\windows\system32\pt-br

2009-03-26 08:29 . 2008-12-20 19:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-03-26 08:29 . 2007-04-17 06:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-03-26 08:29 . 2007-03-08 02:12 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-03-26 08:29 . 2008-12-20 19:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-03-26 08:29 . 2008-12-20 19:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-03-26 08:29 . 2008-12-20 19:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-03-26 08:29 . 2008-12-20 19:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-03-26 08:29 . 2008-12-20 19:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-03-26 08:29 . 2008-12-19 06:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-03-26 08:26 . 2009-03-26 08:26 <DIR> d-------- C:\01ed35a0fb41fce03aa1

2009-03-26 08:03 . 2009-03-26 09:57 <DIR> d-------- C:\BACKUP

2009-03-26 07:59 . 2009-03-26 07:59 <DIR> d-------- c:\documents and settings\CPD\Dados de aplicativos\Media Player Classic

2009-03-25 19:42 . 2009-03-25 19:42 <DIR> d-------- c:\documents and settings\CPD\Contacts

2009-03-25 19:27 . 2008-10-29 08:59 401,720 --a------ C:\HiJackThis.exe

2009-03-25 19:22 . 2008-05-23 07:58 <DIR> d--h----- c:\documents and settings\Administrador\Modelos

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> dr------- c:\documents and settings\Administrador\Meus documentos

2009-03-25 19:22 . 2008-05-23 04:52 <DIR> dr------- c:\documents and settings\Administrador\Menu Iniciar

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> dr------- c:\documents and settings\Administrador\Favoritos

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> dr-h----- c:\documents and settings\Administrador\Dados de aplicativos

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> d--h----- c:\documents and settings\Administrador\Configurações locais

2009-03-25 19:22 . 2008-05-23 04:52 <DIR> d--h----- c:\documents and settings\Administrador\Ambiente de rede

2009-03-25 19:22 . 2008-05-23 04:52 <DIR> d--h----- c:\documents and settings\Administrador\Ambiente de impressão

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> d-------- c:\documents and settings\Administrador

2009-03-25 19:21 . 2009-03-25 19:21 268 --ah----- C:\sqmdata01.sqm

2009-03-25 19:21 . 2009-03-25 19:21 244 --ah----- C:\sqmnoopt01.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-26 13:38 --------- d-----w c:\documents and settings\CPD\Dados de aplicativos\Free Download Manager

2009-03-26 13:22 --------- d-----w c:\arquivos de programas\ESET

2009-03-25 22:19 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Google Updater

2006-10-11 08:04 61,036 ----a-w c:\arquivos de programas\mozilla firefox\components\jar50.dll

2006-10-11 08:04 48,742 ----a-w c:\arquivos de programas\mozilla firefox\components\jsd3250.dll

2006-10-11 08:05 29,313 ----a-w c:\arquivos de programas\mozilla firefox\components\myspell.dll

2006-10-11 08:05 41,082 ----a-w c:\arquivos de programas\mozilla firefox\components\spellchk.dll

2006-10-11 08:04 166,510 ----a-w c:\arquivos de programas\mozilla firefox\components\xpinstal.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2007-11-02 2445359]

"Free Upload Manager"="c:\arquivos de programas\Free Download Manager\fum\fum.exe" [2007-07-29 253952]

"Free Uploader Oe Integration"="c:\arquivos de programas\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 1667584]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Taskman"="c:\recycler\S-1-5-21-4198827682-3672240269-178007187-2002\hd1.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6516:TCP"= 6516:TCP:WWW

 

R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-05-23 6016]

R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2008-05-23 267136]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

qykzidlo

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##ebano#aplicativos]

\Shell\AutoRun\command - y:\recycler\sEtUp.exe

\Shell\OpEN\cOMMaND - y:\recycler\sEtUp.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74e4f7ad-289b-11dd-9fc2-806d6172696f}]

\Shell\AutoRun\command - g:\bootcd\wintools\autorun.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-26 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyServer = 192.168.0.254:3128

uInternet Settings,ProxyOverride = <local>

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

TCP: {D6991B07-22E9-447F-B2E0-135077BE0CBF} = 201.10.120.3,201.10.128.3

FF - ProfilePath - c:\documents and settings\CPD\Dados de aplicativos\Mozilla\Firefox\Profiles\r54imn9o.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: network.proxy.ftp - 192.168.0.254

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.gopher - 192.168.0.254

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - 192.168.0.254

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.socks - 192.168.0.254

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - 192.168.0.254

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 1

FF - component: c:\arquivos de programas\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-26 10:38:15

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-26 10:39:43 - Máquina reiniciou [CPD]

ComboFix-quarantined-files.txt 2009-03-26 13:39:34

 

Pré-execução: 12 pasta(s) 56.121.970.688 bytes disponíveis

Pós execução: 12 pasta(s) 56,140,775,424 bytes disponíveis

 

187

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

 

Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

c:\recycler\S-1-5-21-4198827682-3672240269-178007187-2002\hd1.exe

 

Dirlook::

C:\01ed35a0fb41fce03aa1

 

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Taskman"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##ebano#aplicativos]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]

"Hidden"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]

"ShowSuperHidden"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]

"CheckedValue"=dword:00000001

 

Driver::

qykzidlo

 

NetSvc::

qykzidlo

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

CFScript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, então reinicie manualmente.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

 

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema. Abram um tópico próprio solicitando ajuda.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

 

Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 09-03-25.03 - CPD 2009-03-30 16:24:33.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.512.219 [GMT -3:00]

Executando de: c:\documents and settings\CPD\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\CPD\Desktop\CFScript.txt

AV: ESET NOD32 sistema antivírus 2.70 *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

c:\recycler\S-1-5-21-4198827682-3672240269-178007187-2002\hd1.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\recycler\S-1-5-21-4198827682-3672240269-178007187-2002\hd1.exe

c:\windows\system32\amitjd.dll

c:\windows\system32\byjihxcl.dll

c:\windows\system32\cbXNEvtU.dll

c:\windows\system32\cihobsmj.dll

c:\windows\system32\ddcdCvSL.dll

c:\windows\system32\dntgavmx.dll

c:\windows\system32\efcASljG.dll

c:\windows\system32\epdhlw.dll

c:\windows\system32\jkkLBtrp.dll

c:\windows\system32\jmsbohic.ini

c:\windows\system32\joluynse.dll

c:\windows\system32\ljJCRkJc.dll

c:\windows\system32\maccmg.dll

c:\windows\system32\mryocs.dll

c:\windows\system32\nnnmjKeC.dll

c:\windows\system32\pmhlptcr.dll

c:\windows\system32\rqRLfccb.dll

c:\windows\system32\sfybegtp.dll

c:\windows\system32\sokdmi.dll

c:\windows\system32\tuvVOIBt.dll

c:\windows\system32\uqcbdvmt.dll

c:\windows\system32\UtvENXbc.ini

c:\windows\system32\UtvENXbc.ini2

c:\windows\system32\xvxoiegc.dll

c:\windows\system32\xxyxUNFy.dll

c:\windows\system32\yucxtbnf.dll

I:\autorun.inf

i:\recycler\Desktop.ini

i:\recycler\setup.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-28 to 2009-03-30 ))))))))))))))))))))))))))))

.

 

2009-03-30 16:25 . 2009-03-30 16:25 22,816 --a------ c:\windows\system32\drivers\spn0ecc.sys

2009-03-30 07:42 . 2009-03-30 07:42 34,816 --a------ C:\yxqsws.exe

2009-03-30 07:42 . 2009-03-30 07:42 29,696 --a------ c:\windows\system32\ajcmgeqq.dll

2009-03-30 07:42 . 2009-03-30 07:42 22,816 --a------ c:\windows\system32\drivers\gebfb75.sys

2009-03-30 07:42 . 2009-03-30 07:42 7,168 --a------ C:\xlggfkwb.exe

2009-03-28 11:44 . 2009-03-28 11:44 <DIR> d-------- C:\MalwarebytesPortable

2009-03-27 10:23 . 2009-03-27 10:23 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-26 18:51 . 2009-03-26 18:51 268 --ah----- C:\sqmdata04.sqm

2009-03-26 18:51 . 2009-03-26 18:51 244 --ah----- C:\sqmnoopt04.sqm

2009-03-26 17:45 . 2006-04-12 11:04 241,664 --a------ c:\windows\system32\hppapr04.DLL

2009-03-26 17:45 . 2005-10-05 09:55 526 --a------ c:\windows\system32\hppapr04.DAT

2009-03-26 14:39 . 2009-03-26 14:39 <DIR> d-------- c:\arquivos de programas\WinAVI MP4 Converter

2009-03-26 11:24 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

2009-03-26 10:45 . 2009-03-26 10:45 512,096 --a------ c:\windows\system32\drivers\amon.sys

2009-03-26 10:45 . 2009-03-26 10:45 298,104 --a------ c:\windows\system32\imon.dll

2009-03-26 10:45 . 2009-03-26 10:45 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys

2009-03-26 10:45 . 2009-03-26 10:45 268 --ah----- C:\sqmdata03.sqm

2009-03-26 10:45 . 2009-03-26 10:45 244 --ah----- C:\sqmnoopt03.sqm

2009-03-26 08:53 . 2009-03-26 08:53 268 --ah----- C:\sqmdata02.sqm

2009-03-26 08:53 . 2009-03-26 08:53 244 --ah----- C:\sqmnoopt02.sqm

2009-03-26 08:40 . 2009-03-26 08:41 <DIR> d-------- c:\windows\system32\pt-br

2009-03-26 08:29 . 2008-12-20 19:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-03-26 08:29 . 2007-04-17 06:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-03-26 08:29 . 2007-03-08 02:12 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-03-26 08:29 . 2008-12-20 19:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-03-26 08:29 . 2008-12-20 19:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-03-26 08:29 . 2008-12-20 19:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-03-26 08:29 . 2008-12-20 19:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-03-26 08:29 . 2008-12-20 19:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-03-26 08:29 . 2008-12-19 06:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-03-26 08:26 . 2009-03-26 08:26 <DIR> d-------- C:\01ed35a0fb41fce03aa1

2009-03-26 08:03 . 2009-03-30 16:00 <DIR> d-------- C:\BACKUP

2009-03-26 07:59 . 2009-03-26 07:59 <DIR> d-------- c:\documents and settings\CPD\Dados de aplicativos\Media Player Classic

2009-03-25 19:42 . 2009-03-26 10:53 <DIR> d-------- c:\documents and settings\CPD\Contacts

2009-03-25 19:27 . 2008-10-29 08:59 401,720 --a------ C:\HiJackThis.exe

2009-03-25 19:22 . 2008-05-23 07:58 <DIR> d--h----- c:\documents and settings\Administrador\Modelos

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> dr------- c:\documents and settings\Administrador\Meus documentos

2009-03-25 19:22 . 2008-05-23 04:52 <DIR> dr------- c:\documents and settings\Administrador\Menu Iniciar

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> dr------- c:\documents and settings\Administrador\Favoritos

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> dr-h----- c:\documents and settings\Administrador\Dados de aplicativos

2009-03-25 19:22 . 2009-03-30 14:54 <DIR> d--h----- c:\documents and settings\Administrador\Configurações locais

2009-03-25 19:22 . 2008-05-23 04:52 <DIR> d--h----- c:\documents and settings\Administrador\Ambiente de rede

2009-03-25 19:22 . 2008-05-23 04:52 <DIR> d--h----- c:\documents and settings\Administrador\Ambiente de impressão

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> d-------- c:\documents and settings\Administrador

2009-03-25 19:21 . 2009-03-25 19:21 268 --ah----- C:\sqmdata01.sqm

2009-03-25 19:21 . 2009-03-25 19:21 244 --ah----- C:\sqmnoopt01.sqm

2009-03-20 15:50 . 2009-03-20 15:50 3,358,720 --a------ c:\windows\system32\GPhotos.scr

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-30 19:31 --------- d-----w c:\documents and settings\CPD\Dados de aplicativos\Free Download Manager

2009-03-30 11:35 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Google Updater

2009-03-30 10:41 --------- d-----w c:\arquivos de programas\ESET

2009-03-28 12:56 --------- d-----w c:\arquivos de programas\Google

2009-03-27 18:04 --------- d-----w c:\arquivos de programas\UltraVNC

2009-03-27 13:17 --------- d-----w c:\arquivos de programas\Picasa2

2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll

2009-03-30 18:56 67,688 ----a-w c:\arquivos de programas\mozilla firefox\components\jar50.dll

2009-03-30 18:56 54,368 ----a-w c:\arquivos de programas\mozilla firefox\components\jsd3250.dll

2009-03-30 18:56 34,944 ----a-w c:\arquivos de programas\mozilla firefox\components\myspell.dll

2009-03-30 18:57 46,712 ----a-w c:\arquivos de programas\mozilla firefox\components\spellchk.dll

2009-03-30 18:57 172,136 ----a-w c:\arquivos de programas\mozilla firefox\components\xpinstal.dll

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of C:\01ed35a0fb41fce03aa1 ----

 

2007-10-04 10:50 8621 --a------ c:\01ed35a0fb41fce03aa1\update\update.ver

2007-10-04 10:47 44978 --a------ c:\01ed35a0fb41fce03aa1\update\ie7.cat

2007-10-04 10:47 33472 --a------ c:\01ed35a0fb41fce03aa1\update\iecustom.dll

2007-10-04 10:47 1579260 --a------ c:\01ed35a0fb41fce03aa1\update\update.inf

2007-10-04 10:47 1086144 --a------ c:\01ed35a0fb41fce03aa1\update\iesetup.exe

2007-10-04 10:45 66048 --a------ c:\01ed35a0fb41fce03aa1\update\iereseticons.exe

2007-10-04 10:45 6144 --a------ c:\01ed35a0fb41fce03aa1\winfxdocobj.exe.mui

2007-10-04 10:45 57344 --a------ c:\01ed35a0fb41fce03aa1\wininet.dll.mui

2007-10-04 10:45 57344 --a------ c:\01ed35a0fb41fce03aa1\mshtmler.dll.mui

2007-10-04 10:45 53248 --a------ c:\01ed35a0fb41fce03aa1\msrating.dll.mui

2007-10-04 10:45 45056 --a------ c:\01ed35a0fb41fce03aa1\webcheck.dll.mui

2007-10-04 10:45 40960 --a------ c:\01ed35a0fb41fce03aa1\urlmon.dll.mui

2007-10-04 10:45 4096 --a------ c:\01ed35a0fb41fce03aa1\licmgr10.dll.mui

2007-10-04 10:45 39372 --a------ c:\01ed35a0fb41fce03aa1\inetset.iem

2007-10-04 10:45 3584 --a------ c:\01ed35a0fb41fce03aa1\mshtmled.dll.mui

2007-10-04 10:45 3584 --a------ c:\01ed35a0fb41fce03aa1\inseng.dll.mui

2007-10-04 10:45 2560 --a------ c:\01ed35a0fb41fce03aa1\mshta.exe.mui

2007-10-04 10:45 20480 --a------ c:\01ed35a0fb41fce03aa1\occache.dll.mui

2007-10-04 10:45 12288 --a------ c:\01ed35a0fb41fce03aa1\mshtml.dll.mui

2007-10-04 10:44 9216 --a------ c:\01ed35a0fb41fce03aa1\extmgr.dll.mui

2007-10-04 10:44 8704 --a------ c:\01ed35a0fb41fce03aa1\icardie.dll.mui

2007-10-04 10:44 81920 --a------ c:\01ed35a0fb41fce03aa1\iedkcs32.dll.mui

2007-10-04 10:44 8192 --a------ c:\01ed35a0fb41fce03aa1\ieakeng.dll.mui

2007-10-04 10:44 6656 --a------ c:\01ed35a0fb41fce03aa1\iesetup.dll.mui

2007-10-04 10:44 5632 --a------ c:\01ed35a0fb41fce03aa1\iedw.exe.mui

2007-10-04 10:44 5120 --a------ c:\01ed35a0fb41fce03aa1\iernonce.dll.mui

2007-10-04 10:44 4608 --a------ c:\01ed35a0fb41fce03aa1\iepeers.dll.mui

2007-10-04 10:44 45056 --a------ c:\01ed35a0fb41fce03aa1\ieaksie.dll.mui

2007-10-04 10:44 4096 --a------ c:\01ed35a0fb41fce03aa1\ie4uinit.exe.mui

2007-10-04 10:44 3584 --a------ c:\01ed35a0fb41fce03aa1\admparse.dll.mui

2007-10-04 10:44 2560 --a------ c:\01ed35a0fb41fce03aa1\ieunatt.exe.mui

2007-10-04 10:44 2483706 --a------ c:\01ed35a0fb41fce03aa1\inetres.adm

2007-10-04 10:44 16384 --a------ c:\01ed35a0fb41fce03aa1\iexplore.exe.mui

2007-10-04 10:44 151552 --a------ c:\01ed35a0fb41fce03aa1\ieakui.dll.mui

2007-10-04 10:44 14382 --a------ c:\01ed35a0fb41fce03aa1\inetcorp.iem

2007-10-04 10:44 11776 --a------ c:\01ed35a0fb41fce03aa1\html.iec.mui

2007-10-04 10:44 11776 --a------ c:\01ed35a0fb41fce03aa1\advpack.dll.mui

2007-10-04 10:44 110592 --a------ c:\01ed35a0fb41fce03aa1\inetcpl.cpl.mui

2007-10-04 10:44 1024000 --a------ c:\01ed35a0fb41fce03aa1\ieframe.dll.mui

2007-08-13 18:54 818688 --a------ c:\01ed35a0fb41fce03aa1\wininet.dll

2007-08-13 18:54 765952 --a------ c:\01ed35a0fb41fce03aa1\vgx.dll

2007-08-13 18:54 670720 --a------ c:\01ed35a0fb41fce03aa1\mstime.dll

2007-08-13 18:54 6049280 --a------ c:\01ed35a0fb41fce03aa1\ieframe.dll

2007-08-13 18:54 50688 --a------ c:\01ed35a0fb41fce03aa1\msfeedsbs.dll

2007-08-13 18:54 475648 --a------ c:\01ed35a0fb41fce03aa1\mshtmled.dll

2007-08-13 18:54 458752 --a------ c:\01ed35a0fb41fce03aa1\msfeeds.dll

2007-08-13 18:54 413696 --a------ c:\01ed35a0fb41fce03aa1\vbscript.dll

2007-08-13 18:54 3578368 --a------ c:\01ed35a0fb41fce03aa1\mshtml.dll

2007-08-13 18:54 33792 --a------ c:\01ed35a0fb41fce03aa1\custsat.dll

2007-08-13 18:54 287744 --a------ c:\01ed35a0fb41fce03aa1\ieproxy.dll

2007-08-13 18:54 27136 --a------ c:\01ed35a0fb41fce03aa1\jsproxy.dll

2007-08-13 18:54 231424 --a------ c:\01ed35a0fb41fce03aa1\webcheck.dll

2007-08-13 18:54 191488 --a------ c:\01ed35a0fb41fce03aa1\iepeers.dll

2007-08-13 18:54 180736 --a------ c:\01ed35a0fb41fce03aa1\ieui.dll

2007-08-13 18:54 156160 --a------ c:\01ed35a0fb41fce03aa1\msls31.dll

2007-08-13 18:54 131584 --a------ c:\01ed35a0fb41fce03aa1\extmgr.dll

2007-08-13 18:54 1162240 --a------ c:\01ed35a0fb41fce03aa1\urlmon.dll

2007-08-13 18:45 78336 --a------ c:\01ed35a0fb41fce03aa1\ieencode.dll

2007-08-13 18:45 443904 --a------ c:\01ed35a0fb41fce03aa1\html.iec

2007-08-13 18:45 206336 --a------ c:\01ed35a0fb41fce03aa1\winfxdocobj.exe

2007-08-13 18:45 1817088 --a------ c:\01ed35a0fb41fce03aa1\inetcpl.cpl

2007-08-13 18:44 69120 --a------ c:\01ed35a0fb41fce03aa1\iedw.exe

2007-08-13 18:44 40960 --a------ c:\01ed35a0fb41fce03aa1\licmgr10.dll

2007-08-13 18:44 192000 --a------ c:\01ed35a0fb41fce03aa1\msrating.dll

2007-08-13 18:44 105984 --a------ c:\01ed35a0fb41fce03aa1\url.dll

2007-08-13 18:44 101376 --a------ c:\01ed35a0fb41fce03aa1\occache.dll

2007-08-13 18:43 622080 --a------ c:\01ed35a0fb41fce03aa1\iexplore.exe

2007-08-13 18:42 17408 --a------ c:\01ed35a0fb41fce03aa1\corpol.dll

2007-08-13 18:39 92672 --a------ c:\01ed35a0fb41fce03aa1\inseng.dll

2007-08-13 18:39 71680 --a------ c:\01ed35a0fb41fce03aa1\admparse.dll

2007-08-13 18:39 55296 --a------ c:\01ed35a0fb41fce03aa1\iesetup.dll

2007-08-13 18:39 54784 --a------ c:\01ed35a0fb41fce03aa1\ie4uinit.exe

2007-08-13 18:39 43008 --a------ c:\01ed35a0fb41fce03aa1\iernonce.dll

2007-08-13 18:39 382976 --a------ c:\01ed35a0fb41fce03aa1\iedkcs32.dll

2007-08-13 18:39 229376 --a------ c:\01ed35a0fb41fce03aa1\ieaksie.dll

2007-08-13 18:39 152064 --a------ c:\01ed35a0fb41fce03aa1\ieakeng.dll

2007-08-13 18:39 13312 --a------ c:\01ed35a0fb41fce03aa1\ieudinit.exe

2007-08-13 18:39 123904 --a------ c:\01ed35a0fb41fce03aa1\advpack.dll

2007-08-13 18:38 491520 --a------ c:\01ed35a0fb41fce03aa1\jscript.dll

2007-08-13 18:36 61952 --a------ c:\01ed35a0fb41fce03aa1\icardie.dll

2007-08-13 18:36 44544 --a------ c:\01ed35a0fb41fce03aa1\pngfilt.dll

2007-08-13 18:36 36352 --a------ c:\01ed35a0fb41fce03aa1\imgutil.dll

2007-08-13 18:36 2560 --a------ c:\01ed35a0fb41fce03aa1\msfeedsbs.dll.mui

2007-08-13 18:36 12288 --a------ c:\01ed35a0fb41fce03aa1\msfeedssync.exe

2007-08-13 18:35 346624 --a------ c:\01ed35a0fb41fce03aa1\dxtmsft.dll

2007-08-13 18:35 214528 --a------ c:\01ed35a0fb41fce03aa1\dxtrans.dll

2007-08-13 18:34 266752 --a------ c:\01ed35a0fb41fce03aa1\iertutil.dll

2007-08-13 18:32 66560 --a------ c:\01ed35a0fb41fce03aa1\tdc.ocx

2007-08-13 18:32 45568 --a------ c:\01ed35a0fb41fce03aa1\mshta.exe

2007-08-13 18:18 60416 --a------ c:\01ed35a0fb41fce03aa1\hmmapi.dll

2007-08-13 18:17 32768 --a------ c:\01ed35a0fb41fce03aa1\hmmapi.dll.mui

2007-08-13 18:11 3584 --a------ c:\01ed35a0fb41fce03aa1\ieui.dll.mui

2007-08-13 18:06 56700 --a------ c:\01ed35a0fb41fce03aa1\ieuinit.inf

2007-08-13 18:01 48128 --a------ c:\01ed35a0fb41fce03aa1\mshtmler.dll

2007-08-13 17:56 161792 --a------ c:\01ed35a0fb41fce03aa1\ieakui.dll

2007-08-13 17:50 1383424 --a------ c:\01ed35a0fb41fce03aa1\mshtml.tlb

2007-08-13 17:12 448 --a------ c:\01ed35a0fb41fce03aa1\install.ins

2007-07-11 12:27 383488 --a------ c:\01ed35a0fb41fce03aa1\ieapfltr.dll

2007-02-12 16:10 635696 --a------ c:\01ed35a0fb41fce03aa1\update\legitlibm.dll

2007-02-12 16:10 59025 --a------ c:\01ed35a0fb41fce03aa1\ieakmmc.chm

2007-02-12 16:10 524680 --a------ c:\01ed35a0fb41fce03aa1\iexplore.chm

2007-02-12 16:10 2451312 --a------ c:\01ed35a0fb41fce03aa1\ieapfltr.dat

2006-09-23 13:13 65728 --a------ c:\01ed35a0fb41fce03aa1\update\eula.rtf

2006-09-23 13:13 474112 --a------ c:\01ed35a0fb41fce03aa1\shlwapi.dll

2006-09-23 13:13 1497088 --a------ c:\01ed35a0fb41fce03aa1\shdocvw.dll

2006-09-23 13:13 1023488 --a------ c:\01ed35a0fb41fce03aa1\browseui.dll

2006-09-06 17:43 721120 --a------ c:\01ed35a0fb41fce03aa1\update\update.exe

2006-09-06 17:43 536888 --a------ c:\01ed35a0fb41fce03aa1\update\xmllitesetup.exe

2006-09-06 17:43 384224 --a------ c:\01ed35a0fb41fce03aa1\update\updspapi.dll

2006-09-06 17:43 22752 --a------ c:\01ed35a0fb41fce03aa1\spupdsvc.exe

2006-09-06 17:43 215264 --a------ c:\01ed35a0fb41fce03aa1\spuninst.exe

2006-09-06 17:43 15072 --a------ c:\01ed35a0fb41fce03aa1\spmsg.dll

2006-09-06 17:42 589672 --a------ c:\01ed35a0fb41fce03aa1\update\idndl.exe

2006-09-06 17:42 498016 --a------ c:\01ed35a0fb41fce03aa1\update\nlsdl.exe

2006-09-06 17:22 31056 --a------ c:\01ed35a0fb41fce03aa1\iesupp.chm

2006-09-06 17:22 12845 --a------ c:\01ed35a0fb41fce03aa1\ieeula.chm

2006-09-01 08:54 1938 --a------ c:\01ed35a0fb41fce03aa1\msfeedsbs.mof

2006-09-01 08:54 1876 --a------ c:\01ed35a0fb41fce03aa1\msfeeds.mof

2006-09-01 08:47 8636 --a------ c:\01ed35a0fb41fce03aa1\feeddisc.wav

2006-09-01 08:47 29444 --a------ c:\01ed35a0fb41fce03aa1\popupblk.wav

2006-09-01 08:47 2202 --a------ c:\01ed35a0fb41fce03aa1\navstart.wav

2006-09-01 08:47 20336 --a------ c:\01ed35a0fb41fce03aa1\infobar.wav

2006-09-01 08:46 781 --a------ c:\01ed35a0fb41fce03aa1\update\update.exe.manifest

2006-09-01 08:44 8798 --a------ c:\01ed35a0fb41fce03aa1\icrav03.rat

2006-09-01 08:44 65 --a------ c:\01ed35a0fb41fce03aa1\webcheck.ini

2006-09-01 08:44 65 --a------ c:\01ed35a0fb41fce03aa1\occache.ini

2006-09-01 08:44 1988 --a------ c:\01ed35a0fb41fce03aa1\ticrf.rat

 

 

((((((((((((((((((((((((((((( SnapShot_2009-03-30_14.53.28.81 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-03-30 17:50:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2009-03-30 19:30:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

- 2009-03-30 17:50:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

+ 2009-03-30 19:30:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

- 2009-03-30 17:50:34 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-03-30 19:30:57 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2007-11-02 2445359]

"Free Upload Manager"="c:\arquivos de programas\Free Download Manager\fum\fum.exe" [2007-07-29 253952]

"Free Uploader Oe Integration"="c:\arquivos de programas\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 1667584]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="c:\arquivos de programas\Eset\nod32kui.exe" [2009-03-26 949376]

"Google Quick Search Box"="c:\arquivos de programas\Google\Quick Search Box\qsb.exe" [2009-03-28 68592]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

UltraVNC Server.lnk - c:\arquivos de programas\UltraVNC\winvnc.exe [2008-05-23 712704]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ajcmgeqq]

2009-03-30 07:42 29696 c:\windows\system32\ajcmgeqq.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6516:TCP"= 6516:TCP:WWW

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-03-26 15424]

R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-05-23 6016]

R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2008-05-23 267136]

S3 gebfb75;gebfb75;c:\windows\system32\drivers\gebfb75.sys [2009-03-30 22816]

 

--- ---

 

*NewlyCreated* - NNG8F84

*Deregistered* - nng8f84

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74e4f7ad-289b-11dd-9fc2-806d6172696f}]

\Shell\AutoRun\command - g:\bootcd\wintools\autorun.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-30 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{1135cff7-35b6-4f85-9de1-381e823e6dc1} - c:\windows\system32\amitjd.dll

BHO-{D7E99210-F3FF-4EC4-B684-64E7F406E911} - c:\windows\system32\cbXNEvtU.dll

ShellExecuteHooks-{21c36b98-19dd-43a1-9f94-1468d8f9f63b} - c:\windows\system32\amitjd.dll

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyServer = 192.168.0.254:3128

uInternet Settings,ProxyOverride = <local>

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

LSP: c:\windows\system32\imon.dll

TCP: {D6991B07-22E9-447F-B2E0-135077BE0CBF} = 201.10.120.3,201.10.128.3

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\arquivos de programas\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll

FF - ProfilePath - c:\documents and settings\CPD\Dados de aplicativos\Mozilla\Firefox\Profiles\r54imn9o.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: network.proxy.ftp - 192.168.0.254

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.gopher - 192.168.0.254

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - 192.168.0.254

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.socks - 192.168.0.254

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - 192.168.0.254

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 1

FF - component: c:\arquivos de programas\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-30 16:32:43

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\osn55d6]

"ImagePath"="\SystemRoot\System32\drivers\spn0ecc.sys"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(548)

c:\windows\system32\ajcmgeqq.dll

c:\windows\system32\imon.dll

c:\arquivos de programas\Eset\pr_imon.dll

 

- - - - - - - > 'lsass.exe'(604)

c:\windows\system32\imon.dll

c:\arquivos de programas\Eset\pr_imon.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

c:\arquivos de programas\ESET\nod32krn.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-30 16:34:28 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-30 19:34:24

ComboFix2.txt 2009-03-30 17:54:47

ComboFix3.txt 2009-03-26 13:39:45

 

Pré-execução: 13 pasta(s) 39.706.218.496 bytes disponíveis

Pós execução: 12 pasta(s) 39,726,243,840 bytes disponíveis

 

373

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

 

Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\yxqsws.exe

c:\windows\system32\ajcmgeqq.dll

C:\xlggfkwb.exe

 

Rootkit::

c:\windows\system32\drivers\spn0ecc.sys

c:\windows\system32\drivers\gebfb75.sys

 

Driver::

NNG8F84

osn55d6

 

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ajcmgeqq]

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

CFScript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, então reinicie manualmente.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

 

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema. Abram um tópico próprio solicitando ajuda.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

 

Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Segue Relatorio

 

 

ComboFix 09-03-25.03 - CPD 2009-03-31 8:18:30.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.512.232 [GMT -3:00]

Executando de: c:\documents and settings\CPD\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\CPD\Desktop\CFScript.txt

AV: ESET NOD32 sistema antivírus 2.70 *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

c:\windows\system32\ajcmgeqq.dll

C:\xlggfkwb.exe

C:\yxqsws.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\ajcmgeqq.dll

c:\windows\system32\drivers\gebfb75.sys

c:\windows\system32\drivers\spn0ecc.sys

C:\xlggfkwb.exe

C:\yxqsws.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NNG8F84

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-28 to 2009-03-31 ))))))))))))))))))))))))))))

.

 

2009-03-28 11:44 . 2009-03-28 11:44 <DIR> d-------- C:\MalwarebytesPortable

2009-03-27 10:23 . 2009-03-27 10:23 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-26 18:51 . 2009-03-26 18:51 268 --ah----- C:\sqmdata04.sqm

2009-03-26 18:51 . 2009-03-26 18:51 244 --ah----- C:\sqmnoopt04.sqm

2009-03-26 17:45 . 2006-04-12 11:04 241,664 --a------ c:\windows\system32\hppapr04.DLL

2009-03-26 17:45 . 2005-10-05 09:55 526 --a------ c:\windows\system32\hppapr04.DAT

2009-03-26 14:39 . 2009-03-26 14:39 <DIR> d-------- c:\arquivos de programas\WinAVI MP4 Converter

2009-03-26 11:24 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

2009-03-26 10:45 . 2009-03-26 10:45 512,096 --a------ c:\windows\system32\drivers\amon.sys

2009-03-26 10:45 . 2009-03-26 10:45 298,104 --a------ c:\windows\system32\imon.dll

2009-03-26 10:45 . 2009-03-26 10:45 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys

2009-03-26 10:45 . 2009-03-26 10:45 268 --ah----- C:\sqmdata03.sqm

2009-03-26 10:45 . 2009-03-26 10:45 244 --ah----- C:\sqmnoopt03.sqm

2009-03-26 08:53 . 2009-03-26 08:53 268 --ah----- C:\sqmdata02.sqm

2009-03-26 08:53 . 2009-03-26 08:53 244 --ah----- C:\sqmnoopt02.sqm

2009-03-26 08:40 . 2009-03-26 08:41 <DIR> d-------- c:\windows\system32\pt-br

2009-03-26 08:29 . 2008-12-20 19:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-03-26 08:29 . 2007-04-17 06:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-03-26 08:29 . 2007-03-08 02:12 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-03-26 08:29 . 2008-12-20 19:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-03-26 08:29 . 2008-12-20 19:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-03-26 08:29 . 2008-12-20 19:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-03-26 08:29 . 2008-12-20 19:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-03-26 08:29 . 2008-12-20 19:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-03-26 08:29 . 2008-12-19 06:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-03-26 08:26 . 2009-03-26 08:26 <DIR> d-------- C:\01ed35a0fb41fce03aa1

2009-03-26 08:03 . 2009-03-30 16:00 <DIR> d-------- C:\BACKUP

2009-03-26 07:59 . 2009-03-26 07:59 <DIR> d-------- c:\documents and settings\CPD\Dados de aplicativos\Media Player Classic

2009-03-25 19:42 . 2009-03-26 10:53 <DIR> d-------- c:\documents and settings\CPD\Contacts

2009-03-25 19:27 . 2008-10-29 08:59 401,720 --a------ C:\HiJackThis.exe

2009-03-25 19:22 . 2008-05-23 07:58 <DIR> d--h----- c:\documents and settings\Administrador\Modelos

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> dr------- c:\documents and settings\Administrador\Meus documentos

2009-03-25 19:22 . 2008-05-23 04:52 <DIR> dr------- c:\documents and settings\Administrador\Menu Iniciar

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> dr------- c:\documents and settings\Administrador\Favoritos

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> dr-h----- c:\documents and settings\Administrador\Dados de aplicativos

2009-03-25 19:22 . 2009-03-30 16:34 <DIR> d--h----- c:\documents and settings\Administrador\Configurações locais

2009-03-25 19:22 . 2008-05-23 04:52 <DIR> d--h----- c:\documents and settings\Administrador\Ambiente de rede

2009-03-25 19:22 . 2008-05-23 04:52 <DIR> d--h----- c:\documents and settings\Administrador\Ambiente de impressão

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> d-------- c:\documents and settings\Administrador

2009-03-25 19:21 . 2009-03-25 19:21 268 --ah----- C:\sqmdata01.sqm

2009-03-25 19:21 . 2009-03-25 19:21 244 --ah----- C:\sqmnoopt01.sqm

2009-03-20 15:50 . 2009-03-20 15:50 3,358,720 --a------ c:\windows\system32\GPhotos.scr

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-31 11:21 --------- d-----w c:\documents and settings\CPD\Dados de aplicativos\Free Download Manager

2009-03-30 11:35 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Google Updater

2009-03-30 10:41 --------- d-----w c:\arquivos de programas\ESET

2009-03-28 12:56 --------- d-----w c:\arquivos de programas\Google

2009-03-27 18:04 --------- d-----w c:\arquivos de programas\UltraVNC

2009-03-27 13:17 --------- d-----w c:\arquivos de programas\Picasa2

2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll

2009-03-30 18:56 67,688 ----a-w c:\arquivos de programas\mozilla firefox\components\jar50.dll

2009-03-30 18:56 54,368 ----a-w c:\arquivos de programas\mozilla firefox\components\jsd3250.dll

2009-03-30 18:56 34,944 ----a-w c:\arquivos de programas\mozilla firefox\components\myspell.dll

2009-03-30 18:57 46,712 ----a-w c:\arquivos de programas\mozilla firefox\components\spellchk.dll

2009-03-30 18:57 172,136 ----a-w c:\arquivos de programas\mozilla firefox\components\xpinstal.dll

.

 

((((((((((((((((((((((((((((( SnapShot_2009-03-30_14.53.28.81 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-03-30 17:50:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2009-03-30 19:30:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

- 2009-03-30 17:50:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

+ 2009-03-30 19:30:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

- 2009-03-30 17:50:34 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-03-30 19:30:57 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2007-11-02 2445359]

"Free Upload Manager"="c:\arquivos de programas\Free Download Manager\fum\fum.exe" [2007-07-29 253952]

"Free Uploader Oe Integration"="c:\arquivos de programas\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 1667584]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="c:\arquivos de programas\Eset\nod32kui.exe" [2009-03-26 949376]

"Google Quick Search Box"="c:\arquivos de programas\Google\Quick Search Box\qsb.exe" [2009-03-28 68592]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

UltraVNC Server.lnk - c:\arquivos de programas\UltraVNC\winvnc.exe [2008-05-23 712704]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6516:TCP"= 6516:TCP:WWW

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 eief5a0;eief5a0;\SystemRoot\\SystemRoot\System32\drivers\spn0ecc.sys --> \SystemRoot\\SystemRoot\System32\drivers\spn0ecc.sys [?]

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-03-26 15424]

R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-05-23 6016]

R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2008-05-23 267136]

S3 gebfb75;gebfb75;c:\windows\system32\drivers\gebfb75.sys --> c:\windows\system32\drivers\gebfb75.sys [?]

 

--- ---

 

*NewlyCreated* - EIEF5A0

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74e4f7ad-289b-11dd-9fc2-806d6172696f}]

\Shell\AutoRun\command - g:\bootcd\wintools\autorun.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-31 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyServer = 192.168.0.254:3128

uInternet Settings,ProxyOverride = <local>

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

LSP: c:\windows\system32\imon.dll

TCP: {D6991B07-22E9-447F-B2E0-135077BE0CBF} = 201.10.120.3,201.10.128.3

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\arquivos de programas\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll

FF - ProfilePath - c:\documents and settings\CPD\Dados de aplicativos\Mozilla\Firefox\Profiles\r54imn9o.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: network.proxy.ftp - 192.168.0.254

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.gopher - 192.168.0.254

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - 192.168.0.254

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.socks - 192.168.0.254

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - 192.168.0.254

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 1

FF - component: c:\arquivos de programas\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-31 08:23:13

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(588)

c:\windows\system32\imon.dll

c:\arquivos de programas\Eset\pr_imon.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

c:\arquivos de programas\ESET\nod32krn.exe

c:\windows\system32\HPZipm12.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-31 8:24:42 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-31 11:24:39

ComboFix2.txt 2009-03-30 19:34:30

ComboFix3.txt 2009-03-30 17:54:47

ComboFix4.txt 2009-03-26 13:39:45

 

Pré-execução: 13 pasta(s) 39.717.355.520 bytes disponíveis

Pós execução: 12 pasta(s) 39,716,249,600 bytes disponíveis

 

204

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

 

Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Driver::

eief5a0

gebfb75

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

CFScript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, então reinicie manualmente.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

 

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema. Abram um tópico próprio solicitando ajuda.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

 

Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.