[Resolvido!] Link Suspeito,avaliem meu log.

[Magman 0]

Primeiramente boa noite/dia/tarde :P

então,eu cliquei em um link por acidente e meu avast alertou me que era um site com algum arquivo malicioso.

rapidamente apertei em "desconectar" porém ainda acho que não estou seguro.

 

Log do hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:13:22, on 21/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

C:\Documents and Settings\Alan 1\mk11.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx'>http://search.live.com/sphome.aspx

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx'>http://search.live.com/sphome.aspx

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [trust grim] C:\DOCUME~1\ALAN1~1\DADOSD~1\MATHWI~1\second platform.exe

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [gbpkm] C:\Documents and Settings\Alan 1\mk11.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-484763869-1715567821-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Claudia')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Update Service (gupdate1ca10daf10d31a) (gupdate1ca10daf10d31a) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 6561 bytes

 

 

Por favor me ajudem.

grato desde já

 

Atenciosamente , magman.

[DigRam 144]

Bom Dia! Magman

 

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

 

 

<@> Em outra janela,aperte a opção: 2 - Fix + Hosts --> Aperte Enter --> Aguarde!

 

 

<@> Ps: Fique atento às notificações de seu antivírus,enviando os ficheiros detectados,para a quarentena.

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Magman 0]

DiRam primeiramente obrigado =)

Agora o log do lopr

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )

BIOS : Award Modular BIOS v6.00PG

USER : Alan 1 ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090821-0] 4.8.1335 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:61 Go)

D:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( --- 21/08/2009|19:47 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\WINDOWS\Tasks\AF0A70F391A1E80B.job

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Tick Find Close Surf\Copy Default.dat

Deletado! - C:\DOCUME~1\ALAN1~1\Cookies\alan 1@advertising.marketnetwork[2].txt

Deletado! - C:\DOCUME~1\ALAN1~1\Cookies\alan 1@advertising[1].txt

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Tick Find Close Surf

Deletado! - C:\DOCUME~1\ALAN1~1\DADOSD~1\mathwi~1

Deletado! - C:\Arquivos de programas\mathwi~1

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[19/07/2009|12:31] C:\DOCUME~1\ALAN1~1\DADOSD~1\Adobe

[19/07/2009|12:42] C:\DOCUME~1\ALAN1~1\DADOSD~1\Ahead

[19/08/2009|02:14] C:\DOCUME~1\ALAN1~1\DADOSD~1\gtk-2.0

[19/07/2009|11:53] C:\DOCUME~1\ALAN1~1\DADOSD~1\Identities

[05/08/2009|00:02] C:\DOCUME~1\ALAN1~1\DADOSD~1\LimeWire

[19/07/2009|12:31] C:\DOCUME~1\ALAN1~1\DADOSD~1\Macromedia

[25/07/2009|22:53] C:\DOCUME~1\ALAN1~1\DADOSD~1\Microsoft

[19/07/2009|12:16] C:\DOCUME~1\ALAN1~1\DADOSD~1\Mozilla

[30/07/2009|02:58] C:\DOCUME~1\ALAN1~1\DADOSD~1\Real

[08/08/2009|02:23] C:\DOCUME~1\ALAN1~1\DADOSD~1\Remere's Map Editor

[14/08/2009|22:44] C:\DOCUME~1\ALAN1~1\DADOSD~1\sqlitestudio

[25/07/2009|21:02] C:\DOCUME~1\ALAN1~1\DADOSD~1\Sun

[20/08/2009|22:23] C:\DOCUME~1\ALAN1~1\DADOSD~1\Tibia

 

[19/07/2009|12:05] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[25/07/2009|20:33] C:\DOCUME~1\ALLUSE~1\DADOSD~1\avg8

[30/07/2009|00:40] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[25/07/2009|23:17] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[21/08/2009|02:41] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[21/08/2009|01:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[25/07/2009|22:49] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[25/07/2009|22:50] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

 

[28/07/2009|02:21] C:\DOCUME~1\Claudia\DADOSD~1\Adobe

[21/07/2009|20:47] C:\DOCUME~1\Claudia\DADOSD~1\Identities

[28/07/2009|02:21] C:\DOCUME~1\Claudia\DADOSD~1\Macromedia

[21/08/2009|01:42] C:\DOCUME~1\Claudia\DADOSD~1\Microsoft

[25/07/2009|00:49] C:\DOCUME~1\Claudia\DADOSD~1\Mozilla

[20/08/2009|17:42] C:\DOCUME~1\Claudia\DADOSD~1\Real

 

[19/07/2009|11:47] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[26/07/2009|01:10] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[25/07/2009|20:30] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[17/08/2009 19:36][--a------] C:\WINDOWS\tasks\SCHEDLGU.TXT

[21/08/2009 02:13][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[21/08/2009 19:38][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[21/08/2009 19:38][--ah-----] C:\WINDOWS\tasks\SA.DAT

[04/08/2004 09:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[19/07/2009|12:04] C:\Arquivos de programas\Adobe

[25/07/2009|21:05] C:\Arquivos de programas\Alwil Software

[30/07/2009|02:55] C:\Arquivos de programas\Arquivos comuns

[26/07/2009|04:14] C:\Arquivos de programas\Asprate

[19/07/2009|12:13] C:\Arquivos de programas\AVG

[25/07/2009|21:13] C:\Arquivos de programas\Circle Develoement

[19/07/2009|11:44] C:\Arquivos de programas\ComPlus Applications

[25/07/2009|23:51] C:\Arquivos de programas\Eidos

[06/08/2009|22:09] C:\Arquivos de programas\Fatalite Server

[02/08/2009|20:23] C:\Arquivos de programas\GIMP-2.0

[30/07/2009|02:53] C:\Arquivos de programas\Google

[19/07/2009|12:37] C:\Arquivos de programas\InstallShield Installation Information

[25/07/2009|21:40] C:\Arquivos de programas\Internet Explorer

[25/07/2009|21:07] C:\Arquivos de programas\Java

[25/07/2009|20:42] C:\Arquivos de programas\LimeWire

[25/07/2009|21:42] C:\Arquivos de programas\Messenger

[25/07/2009|21:20] C:\Arquivos de programas\Messenger Plus! Live

[26/07/2009|00:03] C:\Arquivos de programas\Microsoft

[19/07/2009|11:48] C:\Arquivos de programas\microsoft frontpage

[19/07/2009|12:02] C:\Arquivos de programas\Microsoft Office

[19/07/2009|11:45] C:\Arquivos de programas\Movie Maker

[21/08/2009|19:41] C:\Arquivos de programas\Mozilla Firefox

[25/07/2009|21:50] C:\Arquivos de programas\MSECACHE

[19/07/2009|11:43] C:\Arquivos de programas\MSN Gaming Zone

[19/07/2009|12:30] C:\Arquivos de programas\Nero

[19/07/2009|12:34] C:\Arquivos de programas\NETEagle

[19/07/2009|11:45] C:\Arquivos de programas\NetMeeting

[26/07/2009|02:09] C:\Arquivos de programas\OnGame

[27/07/2009|16:47] C:\Arquivos de programas\Outlook Express

[08/08/2009|02:23] C:\Arquivos de programas\Remere's Map Editor

[19/07/2009|12:13] C:\Arquivos de programas\S3

[19/07/2009|11:46] C:\Arquivos de programas\Servi‡os on-line

[21/08/2009|02:08] C:\Arquivos de programas\Spybot - Search & Destroy

[25/07/2009|21:53] C:\Arquivos de programas\TaskSwitchXP

[26/07/2009|17:17] C:\Arquivos de programas\Tibia 792

[28/07/2009|17:37] C:\Arquivos de programas\Tibia 8.1

[25/07/2009|20:51] C:\Arquivos de programas\Tibia 8.4

[28/07/2009|17:55] C:\Arquivos de programas\Tibia 8.42

[13/08/2009|18:18] C:\Arquivos de programas\Tibia 8.50

[31/07/2009|16:35] C:\Arquivos de programas\TibiaBot NG

[25/07/2009|20:50] C:\Arquivos de programas\TibiaCam TV Lite

[02/08/2009|22:44] C:\Arquivos de programas\TibiaLive

[19/07/2009|11:53] C:\Arquivos de programas\Uninstall Information

[19/07/2009|12:36] C:\Arquivos de programas\VIA

[19/07/2009|12:37] C:\Arquivos de programas\VIAudioi

[26/07/2009|02:07] C:\Arquivos de programas\Winamp

[25/07/2009|21:51] C:\Arquivos de programas\Windows Installer Clean Up

[25/07/2009|23:10] C:\Arquivos de programas\Windows Live

[19/07/2009|13:07] C:\Arquivos de programas\Windows Live SkyDrive

[26/07/2009|01:08] C:\Arquivos de programas\Windows Media Connect 2

[26/07/2009|01:08] C:\Arquivos de programas\Windows Media Player

[19/07/2009|11:43] C:\Arquivos de programas\Windows NT

[19/07/2009|11:46] C:\Arquivos de programas\WindowsUpdate

[25/07/2009|21:32] C:\Arquivos de programas\WinRAR

[19/07/2009|11:48] C:\Arquivos de programas\xerox

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[19/07/2009|12:05] C:\Arquivos de programas\Arquivos comuns\Adobe

[08/08/2009|02:34] C:\Arquivos de programas\Arquivos comuns\Ahead

[19/07/2009|12:02] C:\Arquivos de programas\Arquivos comuns\Designer

[19/07/2009|12:36] C:\Arquivos de programas\Arquivos comuns\InstallShield

[25/07/2009|21:55] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[19/07/2009|11:45] C:\Arquivos de programas\Arquivos comuns\MSSoap

[19/07/2009|08:36] C:\Arquivos de programas\Arquivos comuns\ODBC

[30/07/2009|02:55] C:\Arquivos de programas\Arquivos comuns\Real

[19/07/2009|11:45] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[19/07/2009|08:36] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[19/07/2009|12:02] C:\Arquivos de programas\Arquivos comuns\System

[19/07/2009|12:56] C:\Arquivos de programas\Arquivos comuns\Windows Live

[25/07/2009|21:58] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

[30/07/2009|02:55] C:\Arquivos de programas\Arquivos comuns\xing shared

 

--------------------\\ Process

 

( 30 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-21 19:50:44

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[F:2248][D:59]-> C:\DOCUME~1\ALAN1~1\CONFIG~1\Temp

[F:272][D:0]-> C:\DOCUME~1\ALAN1~1\Cookies

[F:16039][D:20]-> C:\DOCUME~1\ALAN1~1\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - --- 21/08/2009|19:52 - Option : [2]

 

--------------------\\ Verificação completa em 19:52:19

 

 

 

Novo log do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:54:55, on 21/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

C:\Documents and Settings\Alan 1\mk11.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx'>http://search.live.com/sphome.aspx

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx'>http://search.live.com/sphome.aspx

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [gbpkm] C:\Documents and Settings\Alan 1\mk11.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Update Service (gupdate1ca10daf10d31a) (gupdate1ca10daf10d31a) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 6317 bytes

[DigRam 144]

Boa Noite! Magman

 

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. --> Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

<><><><><><><><><><>

<@> Baixe: < > ( ...by sUBs )

 

<!> Link-2 <!> < ForoSpyware >

 

<!> Link-3 <!> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\Desktop\Combofix.exe" /killall

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Magman 0]

Log do combofix

 

ComboFix 09-08-21.01 - Alan 1 21/08/2009 23:00.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.447.164 [GMT -3:00]

Executando de: c:\documents and settings\Alan 1\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090821-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Alan 1\aabegbdj.exe

c:\documents and settings\Alan 1\abfadfci.exe

c:\documents and settings\Alan 1\aebiggce.exe

c:\documents and settings\Alan 1\aefgdcde.exe

c:\documents and settings\Alan 1\aeidigga.exe

c:\documents and settings\Alan 1\afabbidi.exe

c:\documents and settings\Alan 1\afacdedf.exe

c:\documents and settings\Alan 1\afhfeiii.exe

c:\documents and settings\Alan 1\ajbieebh.exe

c:\documents and settings\Alan 1\ajdhgdac.exe

c:\documents and settings\Alan 1\baiaefec.exe

c:\documents and settings\Alan 1\bdeffgij.exe

c:\documents and settings\Alan 1\bfbhdcei.exe

c:\documents and settings\Alan 1\bhjeabbi.exe

c:\documents and settings\Alan 1\bigcadbd.exe

c:\documents and settings\Alan 1\bjbdbbdj.exe

c:\documents and settings\Alan 1\bjbibfce.exe

c:\documents and settings\Alan 1\cgbhiada.exe

c:\documents and settings\Alan 1\cibjfbaa.exe

c:\documents and settings\Alan 1\cicaigjb.exe

c:\documents and settings\Alan 1\dajehjbj.exe

c:\documents and settings\Alan 1\dccbifcj.exe

c:\documents and settings\Alan 1\dcjebghd.exe

c:\documents and settings\Alan 1\ddjahacd.exe

c:\documents and settings\Alan 1\dfbbhdid.exe

c:\documents and settings\Alan 1\fajfadfi.exe

c:\documents and settings\Alan 1\fijeaahb.exe

c:\documents and settings\Alan 1\gahdcief.exe

c:\documents and settings\Alan 1\gcajefbf.exe

c:\documents and settings\Alan 1\ghbfifce.exe

c:\documents and settings\Alan 1\giggcjbi.exe

c:\documents and settings\Alan 1\hibfeijb.exe

c:\documents and settings\Alan 1\iajbaidd.exe

c:\documents and settings\Alan 1\ibefegie.exe

c:\documents and settings\Alan 1\idcigfba.exe

c:\documents and settings\Alan 1\iiefbgde.exe

c:\documents and settings\Alan 1\ijjdfdeg.exe

c:\documents and settings\Alan 1\jagbcbjb.exe

c:\documents and settings\Alan 1\jagjhahc.exe

c:\documents and settings\Alan 1\jfbajieb.exe

c:\documents and settings\Alan 1\jjgehcgc.exe

c:\documents and settings\Alan 1\temp3.exe

c:\windows\system32\Drivers\wzgyd.sys

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_eplr

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-22 to 2009-08-22 ))))))))))))))))))))))))))))

.

 

2009-08-22 02:10 . 2009-08-22 02:10 0 ----a-w- C:\backup.reg

2009-08-22 02:09 . 2009-08-22 02:09 61440 ----a-w- c:\windows\system32\drivers\xszu.sys

2009-08-22 02:09 . 2009-08-22 02:09 574 ----a-w- C:\cleanup.bat

2009-08-22 02:09 . 2009-08-22 02:09 19286 ----a-w- C:\cleanup.exe

2009-08-22 02:09 . 2009-08-22 02:09 135168 ----a-w- C:\zip.exe

2009-08-22 02:09 . 2009-08-22 02:09 902888 ----a-w- c:\documents and settings\Alan 1\bgdaccjb.exe

2009-08-21 22:43 . 2009-08-21 22:52 -------- d-----w- C:\Lop SD

2009-08-21 22:43 . 2009-08-21 22:43 501736 ----a-w- C:\LopSD.exe

2009-08-21 05:10 . 2009-08-21 22:54 -------- d-----w- C:\Hijack

2009-08-21 05:08 . 2009-08-21 05:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-08-21 05:08 . 2009-08-21 05:08 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-08-21 04:39 . 2009-08-21 04:39 -------- d-----w- c:\documents and settings\Claudia\Tracing

2009-08-19 21:55 . 2009-08-19 21:55 -------- d-----w- c:\windows\Sun

2009-08-17 22:44 . 2009-08-22 02:10 43 ----a-w- c:\documents and settings\Alan 1\udate.bin

2009-08-08 06:30 . 2009-08-22 01:27 -------- d-----w- c:\documents and settings\Alan 1\Dados de aplicativos\Tibia

2009-08-08 05:45 . 2009-08-13 21:18 -------- d-----w- c:\arquivos de programas\Tibia 8.50

2009-08-08 05:23 . 2009-08-08 05:23 -------- d-----w- c:\documents and settings\Alan 1\Dados de aplicativos\Remere's Map Editor

2009-08-08 05:23 . 2009-08-08 05:23 -------- d-----w- c:\arquivos de programas\Remere's Map Editor

2009-08-08 00:02 . 2009-08-15 01:44 -------- d-----w- c:\documents and settings\Alan 1\Dados de aplicativos\sqlitestudio

2009-08-07 01:09 . 2009-08-07 01:09 -------- d-----w- c:\arquivos de programas\Fatalite Server

2009-08-02 23:25 . 2009-08-19 05:14 -------- d-----w- c:\documents and settings\Alan 1\Dados de aplicativos\gtk-2.0

2009-08-02 23:25 . 2009-08-02 23:25 -------- d-----w- c:\documents and settings\Alan 1\.thumbnails

2009-08-02 23:24 . 2009-08-19 05:20 -------- d-----w- c:\documents and settings\Alan 1\.gimp-2.6

2009-08-02 23:24 . 2009-08-02 23:24 -------- d-----w- c:\documents and settings\Alan 1\.gegl-0.0

2009-08-02 23:23 . 2009-08-02 23:23 -------- d-----w- c:\arquivos de programas\GIMP-2.0

2009-07-30 05:55 . 2009-07-30 05:55 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2009-07-30 05:55 . 2009-07-30 05:55 -------- d-----w- C:\Program Files

2009-07-30 05:55 . 2009-07-30 05:55 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2009-07-30 05:52 . 2009-07-30 05:53 -------- d-----w- c:\arquivos de programas\Google

2009-07-27 02:36 . 2009-07-28 20:55 -------- d-----w- c:\arquivos de programas\Tibia 8.42

2009-07-26 20:50 . 2008-10-16 17:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-07-26 20:50 . 2008-10-16 17:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-07-26 20:12 . 2009-07-26 20:17 -------- d-----w- c:\arquivos de programas\Tibia 792

2009-07-26 20:01 . 2009-07-28 20:37 -------- d-----w- c:\arquivos de programas\Tibia 8.1

2009-07-26 07:14 . 2009-07-26 07:14 -------- d-----w- c:\arquivos de programas\Asprate

2009-07-26 05:09 . 2009-07-26 05:09 -------- d-----w- c:\arquivos de programas\OnGame

2009-07-26 04:10 . 2004-08-04 12:00 25600 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2009-07-26 04:08 . 2009-07-26 04:08 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-07-26 04:08 . 2009-07-31 19:35 -------- d-----w- c:\arquivos de programas\TibiaBot NG

2009-07-26 04:05 . 2009-07-26 04:06 -------- d-----w- c:\windows\system32\drivers\UMDF

2009-07-26 04:05 . 2009-07-26 04:05 -------- d-----w- c:\windows\system32\LogFiles

2009-07-26 03:10 . 2009-07-26 03:10 -------- d-s---w- c:\documents and settings\Alan 1\UserData

2009-07-26 03:05 . 2009-07-30 03:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-07-26 03:03 . 2009-07-26 03:03 -------- d-----w- c:\arquivos de programas\Microsoft

2009-07-26 02:51 . 2009-07-26 02:51 -------- d-----w- c:\arquivos de programas\Eidos

2009-07-26 02:49 . 2009-08-03 01:44 -------- d-----w- c:\arquivos de programas\TibiaLive

2009-07-26 02:29 . 2009-08-21 04:32 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-07-26 01:51 . 2009-07-26 01:51 0 ----a-w- c:\documents and settings\Alan 1\pag.bin

2009-07-26 01:51 . 2009-07-05 23:34 819712 ----a-w- c:\windows\arp32.exe

2009-07-26 01:51 . 2009-07-26 01:51 304331 ----a-w- c:\documents and settings\Alan 1\mk15.exe

2009-07-26 01:50 . 2009-07-26 01:50 3061535 ----a-w- c:\documents and settings\Alan 1\mk11.exe

2009-07-26 01:50 . 2009-07-26 01:50 0 ----a-w- c:\documents and settings\Alan 1\lodctrl.sys

2009-07-26 00:55 . 2009-07-26 00:58 -------- dcsh--w- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-07-26 00:53 . 2009-07-26 00:53 -------- d-----w- c:\arquivos de programas\TaskSwitchXP

2009-07-26 00:51 . 2009-07-26 00:51 3584 ----a-r- c:\documents and settings\Alan 1\Dados de aplicativos\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2009-07-26 00:51 . 2009-07-26 00:51 -------- d-----w- c:\arquivos de programas\Windows Installer Clean Up

2009-07-26 00:50 . 2009-07-26 00:50 -------- d-----w- c:\arquivos de programas\MSECACHE

2009-07-26 00:42 . 2009-07-26 01:50 -------- d-----w- c:\windows\system32\KB905474

2009-07-26 00:42 . 2009-03-11 01:18 454536 ----a-w- c:\windows\system32\KB905474\wgasetup.exe

2009-07-26 00:39 . 2009-08-05 03:02 -------- d-----w- c:\documents and settings\Alan 1\Dados de aplicativos\LimeWire

2009-07-26 00:32 . 2004-08-04 12:00 2790912 ----a-w- c:\windows\system32\XPize_Logon.exe

2009-07-26 00:29 . 2009-07-26 00:53 -------- d--h--w- c:\windows\XPize Darkside

2009-07-26 00:08 . 2009-07-26 00:07 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-26 00:07 . 2009-07-26 00:07 -------- d-----w- c:\arquivos de programas\Java

2009-07-26 00:07 . 2009-07-26 00:07 152576 ----a-w- c:\documents and settings\Alan 1\Dados de aplicativos\Sun\Java\jre1.6.0_14\lzma.dll

2009-07-26 00:06 . 2009-02-05 22:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-07-26 00:06 . 2009-02-05 22:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-07-26 00:06 . 2009-02-05 22:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-07-26 00:06 . 2009-02-05 22:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-07-26 00:06 . 2009-02-05 22:04 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-07-26 00:06 . 2009-02-05 22:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-07-26 00:06 . 2009-02-05 22:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-07-26 00:06 . 2009-02-05 22:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-07-26 00:05 . 2009-02-05 22:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe

2009-07-26 00:05 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll

2009-07-26 00:05 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll

2009-07-26 00:05 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll

2009-07-26 00:05 . 2009-07-26 00:05 -------- d-----w- c:\arquivos de programas\Alwil Software

2009-07-25 23:56 . 2009-07-26 01:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-07-25 23:53 . 2009-07-26 21:04 -------- d-----w- c:\windows\system32\CatRoot_bak

2009-07-25 23:51 . 2009-07-25 23:51 -------- d-----w- c:\arquivos de programas\Tibia 8.4

2009-07-25 23:49 . 2009-07-25 23:50 -------- d-----w- c:\arquivos de programas\TibiaCam TV Lite

2009-07-25 23:48 . 2008-06-14 17:59 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-07-25 23:48 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys

2009-07-25 23:48 . 2009-02-09 11:50 2061952 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-07-25 23:48 . 2009-02-09 11:50 2184704 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-07-25 23:42 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-07-25 23:41 . 2009-07-25 23:42 -------- d-----w- c:\arquivos de programas\LimeWire

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-08 05:34 . 2009-07-19 15:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2009-07-26 05:07 . 2009-07-26 04:20 -------- d-----w- c:\arquivos de programas\Winamp

2009-07-26 02:10 . 2009-07-19 16:07 -------- d-----w- c:\arquivos de programas\Windows Live

2009-07-26 01:53 . 2004-08-04 12:00 48628 ----a-w- c:\windows\system32\perfc016.dat

2009-07-26 01:53 . 2004-08-04 12:00 344380 ----a-w- c:\windows\system32\perfh016.dat

2009-07-26 00:20 . 2009-07-26 00:13 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-07-26 00:18 . 2009-07-19 14:47 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-07-26 00:13 . 2009-07-26 00:13 -------- d-----w- c:\arquivos de programas\Circle Develoement

2009-07-25 23:33 . 2009-07-19 15:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-07-19 16:07 . 2009-07-19 16:07 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-07-19 15:56 . 2009-07-19 15:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-07-19 15:42 . 2009-07-19 15:41 -------- d-----w- c:\documents and settings\Alan 1\Dados de aplicativos\Ahead

2009-07-19 15:37 . 2009-07-19 14:57 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-07-19 15:37 . 2009-07-19 15:37 -------- d-----w- c:\arquivos de programas\VIAudioi

2009-07-19 15:36 . 2009-07-19 15:36 -------- d-----w- c:\arquivos de programas\VIA

2009-07-19 15:36 . 2009-07-19 14:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-07-19 15:34 . 2009-07-19 15:34 -------- d-----w- c:\arquivos de programas\NETEagle

2009-07-19 15:30 . 2009-07-19 15:30 -------- d-----w- c:\arquivos de programas\Nero

2009-07-19 15:16 . 2009-07-19 15:16 0 ----a-w- c:\windows\nsreg.dat

2009-07-19 15:13 . 2009-07-19 15:13 -------- d-----w- c:\arquivos de programas\AVG

2009-07-19 15:13 . 2009-07-19 15:12 -------- d-----w- c:\arquivos de programas\S3

2009-07-19 15:05 . 2009-07-19 15:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-07-19 14:48 . 2009-07-19 14:48 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-07-19 14:46 . 2009-07-19 14:46 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-07-19 14:45 . 2009-07-19 14:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-07-19 14:44 . 2009-07-19 14:44 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-06-16 14:54 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:54 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

.

 

------- Sigcheck -------

 

[-] 2004-08-04 12:00 1696256 FC3BE5CEB215C8EF8B14ADF1CFB939CE c:\windows\explorer.exe

[-] 2008-04-14 02:20 1035776 064EC7FF5F58B928C3E119402977FA6D c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\explorer.exe

[-] 2004-08-04 12:00 1696256 FC3BE5CEB215C8EF8B14ADF1CFB939CE c:\windows\system32\dllcache\explorer.exe

[7] 2004-08-04 12:00 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\XPize Darkside\Backup\explorer.exe

 

[-] 2008-04-14 02:20 15360 4E486ADFE3A0B9ED0EB0639902E9F64F c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ctfmon.exe

[-] 2004-08-04 12:00 30208 C44B39505116F6961988B8681793E572 c:\windows\system32\ctfmon.exe

[-] 2004-08-04 12:00 30208 C44B39505116F6961988B8681793E572 c:\windows\system32\dllcache\ctfmon.exe

[7] 2004-08-04 12:00 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\XPize Darkside\Backup\ctfmon.exe

 

[-] 2008-04-14 02:20 821760 D3F8E8DBE93A80440CAC78B305B40A67 c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\comres.dll

[-] 2004-08-04 12:00 832000 967501E42379A775953FAB1D4B273FD2 c:\windows\system32\comres.dll

[-] 2004-08-04 12:00 832000 967501E42379A775953FAB1D4B273FD2 c:\windows\system32\dllcache\comres.dll

[7] 2004-08-04 12:00 821760 FB93B504600DA3EC407ED0252EEF97AB c:\windows\XPize Darkside\Backup\comres.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TaskSwitchXP"="c:\arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]

"XPize Darkside Reloader"="c:\windows\XPize Darkside\XPize Darkside Reloader.exe" [2007-10-12 112737]

"gbpkm"="c:\documents and settings\Alan 1\mk11.exe" [2009-07-26 3061535]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 540672]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-26 148888]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-07-30 198160]

"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]

"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-03-11 147456]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Cleanup"="C:\cleanup.exe" [2009-08-22 19286]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 30208]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\Alan 1\\Meus documentos\\World War Pure SVN 8.1\\WorldWar.exe"=

"c:\\Arquivos de programas\\Tibia 8.50\\Tibia.exe"=

"c:\\Arquivos de programas\\Tibia 8.42\\Tibia 8.42.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7172:TCP"= 7172:TCP:Open Tibia Server

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/7/2009 21:06 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/7/2009 21:06 20560]

S2 gupdate1ca10daf10d31a;Google Update Service (gupdate1ca10daf10d31a);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [30/7/2009 02:53 133104]

S3 extrem.sys;extrem;\??\c:\docume~1\ALAN1~1\CONFIG~1\Temp\extrem.sys --> c:\docume~1\ALAN1~1\CONFIG~1\Temp\extrem.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-07-30 05:53]

 

2009-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-07-30 05:53]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

HKLM-Run-WinampAgent - c:\arquivos de programas\Winamp\winampa.exe

 

 

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Alan 1\Dados de aplicativos\Mozilla\Firefox\Profiles\c44nr2x7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://forum.imasters.com.br/index.php?/topic/359090-link-suspeitoavaliem-meu-log/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-21 23:09

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AudioDeck = c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???c:\documents???????|???|????????????ktop\Via686\vi

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(648)

c:\windows\system32\cscui.dll

 

- - - - - - - > 'explorer.exe'(412)

c:\windows\System32\cscui.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-08-22 23:13 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-22 02:13

 

Pré-execução: 8 pasta(s) 65.961.390.080 bytes disponíveis

Pós execução: 8 pasta(s) 68.068.356.096 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

306 --- E O F --- 2009-07-26 00:43

 

 

 

 

Log do Hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:26:22, on 21/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

C:\Documents and Settings\Alan 1\mk11.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [gbpkm] C:\Documents and Settings\Alan 1\mk11.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Update Service (gupdate1ca10daf10d31a) (gupdate1ca10daf10d31a) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 5862 bytes

[DigRam 144]

Bom Dia! Magman

 

<@> Selecione e copie,todo o conteúdo que está na área do Quote,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"gbpkm"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Cleanup"=-

Rootkit::

c:\docume~1\ALAN1~1\CONFIG~1\Temp\extrem.sys

c:\windows\system32\drivers\xszu.sys

File::

c:\documents and settings\Alan 1\bgdaccjb.exe

c:\documents and settings\Alan 1\mk11.exe

C:\cleanup.exe

C:\cleanup.bat

C:\zip.exe

Folder::

c:\arquivos de programas\Avenger

Driver::

"extrem.sys"

"xszu"

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Magman 0]

Log do Combofix

 

 

ComboFix 09-08-21.01 - Alan 1 22/08/2009 16:00.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.447.166 [GMT -3:00]

Executando de: c:\documents and settings\Alan 1\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Alan 1\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1335 [VPS 090821-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

FILE ::

"C:\cleanup.bat"

"C:\cleanup.exe"

"c:\documents and settings\Alan 1\bgdaccjb.exe"

"c:\documents and settings\Alan 1\mk11.exe"

"C:\zip.exe"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Alan 1\bgdaccjb.exe

c:\documents and settings\Alan 1\fffcbdai.exe

c:\documents and settings\Alan 1\mk11.exe

c:\windows\system32\Drivers\okelbrwj.sys

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_EXTREM.SYS

-------\Service_extrem.sys

-------\Service_rvngnwev

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-22 to 2009-08-22 ))))))))))))))))))))))))))))

.

 

2009-08-21 22:43 . 2009-08-21 22:52 -------- d-----w- C:\Lop SD

2009-08-21 22:43 . 2009-08-21 22:43 501736 ----a-w- C:\LopSD.exe

2009-08-21 05:10 . 2009-08-22 02:26 -------- d-----w- C:\Hijack

2009-08-21 05:08 . 2009-08-21 05:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-08-21 05:08 . 2009-08-21 05:08 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-08-21 04:39 . 2009-08-21 04:39 -------- d-----w- c:\documents and settings\Claudia\Tracing

2009-08-19 21:55 . 2009-08-19 21:55 -------- d-----w- c:\windows\Sun

2009-08-17 22:44 . 2009-08-22 02:10 43 ----a-w- c:\documents and settings\Alan 1\udate.bin

2009-08-08 06:30 . 2009-08-22 01:27 -------- d-----w- c:\documents and settings\Alan 1\Dados de aplicativos\Tibia

2009-08-08 05:45 . 2009-08-13 21:18 -------- d-----w- c:\arquivos de programas\Tibia 8.50

2009-08-08 05:23 . 2009-08-08 05:23 -------- d-----w- c:\documents and settings\Alan 1\Dados de aplicativos\Remere's Map Editor

2009-08-08 05:23 . 2009-08-08 05:23 -------- d-----w- c:\arquivos de programas\Remere's Map Editor

2009-08-08 00:02 . 2009-08-15 01:44 -------- d-----w- c:\documents and settings\Alan 1\Dados de aplicativos\sqlitestudio

2009-08-07 01:09 . 2009-08-07 01:09 -------- d-----w- c:\arquivos de programas\Fatalite Server

2009-08-02 23:25 . 2009-08-19 05:14 -------- d-----w- c:\documents and settings\Alan 1\Dados de aplicativos\gtk-2.0

2009-08-02 23:25 . 2009-08-02 23:25 -------- d-----w- c:\documents and settings\Alan 1\.thumbnails

2009-08-02 23:24 . 2009-08-19 05:20 -------- d-----w- c:\documents and settings\Alan 1\.gimp-2.6

2009-08-02 23:24 . 2009-08-02 23:24 -------- d-----w- c:\documents and settings\Alan 1\.gegl-0.0

2009-08-02 23:23 . 2009-08-02 23:23 -------- d-----w- c:\arquivos de programas\GIMP-2.0

2009-07-30 05:55 . 2009-07-30 05:55 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2009-07-30 05:55 . 2009-07-30 05:55 -------- d-----w- C:\Program Files

2009-07-30 05:55 . 2009-07-30 05:55 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2009-07-30 05:52 . 2009-07-30 05:53 -------- d-----w- c:\arquivos de programas\Google

2009-07-27 02:36 . 2009-07-28 20:55 -------- d-----w- c:\arquivos de programas\Tibia 8.42

2009-07-26 20:50 . 2008-10-16 17:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-07-26 20:50 . 2008-10-16 17:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-07-26 20:12 . 2009-07-26 20:17 -------- d-----w- c:\arquivos de programas\Tibia 792

2009-07-26 20:01 . 2009-07-28 20:37 -------- d-----w- c:\arquivos de programas\Tibia 8.1

2009-07-26 07:14 . 2009-07-26 07:14 -------- d-----w- c:\arquivos de programas\Asprate

2009-07-26 05:09 . 2009-07-26 05:09 -------- d-----w- c:\arquivos de programas\OnGame

2009-07-26 04:10 . 2004-08-04 12:00 25600 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2009-07-26 04:08 . 2009-07-26 04:08 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-07-26 04:08 . 2009-07-31 19:35 -------- d-----w- c:\arquivos de programas\TibiaBot NG

2009-07-26 04:05 . 2009-07-26 04:06 -------- d-----w- c:\windows\system32\drivers\UMDF

2009-07-26 04:05 . 2009-07-26 04:05 -------- d-----w- c:\windows\system32\LogFiles

2009-07-26 03:10 . 2009-07-26 03:10 -------- d-s---w- c:\documents and settings\Alan 1\UserData

2009-07-26 03:05 . 2009-07-30 03:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-07-26 03:03 . 2009-07-26 03:03 -------- d-----w- c:\arquivos de programas\Microsoft

2009-07-26 02:51 . 2009-07-26 02:51 -------- d-----w- c:\arquivos de programas\Eidos

2009-07-26 02:49 . 2009-08-03 01:44 -------- d-----w- c:\arquivos de programas\TibiaLive

2009-07-26 02:29 . 2009-08-22 08:14 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-07-26 01:51 . 2009-07-26 01:51 0 ----a-w- c:\documents and settings\Alan 1\pag.bin

2009-07-26 01:51 . 2009-07-05 23:34 819712 ----a-w- c:\windows\arp32.exe

2009-07-26 01:51 . 2009-07-26 01:51 304331 ----a-w- c:\documents and settings\Alan 1\mk15.exe

2009-07-26 01:50 . 2009-07-26 01:50 0 ----a-w- c:\documents and settings\Alan 1\lodctrl.sys

2009-07-26 00:55 . 2009-07-26 00:58 -------- dcsh--w- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-07-26 00:53 . 2009-07-26 00:53 -------- d-----w- c:\arquivos de programas\TaskSwitchXP

2009-07-26 00:51 . 2009-07-26 00:51 3584 ----a-r- c:\documents and settings\Alan 1\Dados de aplicativos\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2009-07-26 00:51 . 2009-07-26 00:51 -------- d-----w- c:\arquivos de programas\Windows Installer Clean Up

2009-07-26 00:50 . 2009-07-26 00:50 -------- d-----w- c:\arquivos de programas\MSECACHE

2009-07-26 00:42 . 2009-07-26 01:50 -------- d-----w- c:\windows\system32\KB905474

2009-07-26 00:42 . 2009-03-11 01:18 454536 ----a-w- c:\windows\system32\KB905474\wgasetup.exe

2009-07-26 00:39 . 2009-08-05 03:02 -------- d-----w- c:\documents and settings\Alan 1\Dados de aplicativos\LimeWire

2009-07-26 00:32 . 2004-08-04 12:00 2790912 ----a-w- c:\windows\system32\XPize_Logon.exe

2009-07-26 00:29 . 2009-07-26 00:53 -------- d--h--w- c:\windows\XPize Darkside

2009-07-26 00:08 . 2009-07-26 00:07 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-26 00:07 . 2009-07-26 00:07 -------- d-----w- c:\arquivos de programas\Java

2009-07-26 00:07 . 2009-07-26 00:07 152576 ----a-w- c:\documents and settings\Alan 1\Dados de aplicativos\Sun\Java\jre1.6.0_14\lzma.dll

2009-07-26 00:06 . 2009-02-05 22:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-07-26 00:06 . 2009-02-05 22:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-07-26 00:06 . 2009-02-05 22:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-07-26 00:06 . 2009-02-05 22:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-07-26 00:06 . 2009-02-05 22:04 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-07-26 00:06 . 2009-02-05 22:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-07-26 00:06 . 2009-02-05 22:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-07-26 00:06 . 2009-02-05 22:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-07-26 00:05 . 2009-02-05 22:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe

2009-07-26 00:05 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll

2009-07-26 00:05 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll

2009-07-26 00:05 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll

2009-07-26 00:05 . 2009-07-26 00:05 -------- d-----w- c:\arquivos de programas\Alwil Software

2009-07-25 23:56 . 2009-07-26 01:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-07-25 23:53 . 2009-07-26 21:04 -------- d-----w- c:\windows\system32\CatRoot_bak

2009-07-25 23:51 . 2009-07-25 23:51 -------- d-----w- c:\arquivos de programas\Tibia 8.4

2009-07-25 23:49 . 2009-07-25 23:50 -------- d-----w- c:\arquivos de programas\TibiaCam TV Lite

2009-07-25 23:48 . 2008-06-14 17:59 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-07-25 23:48 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys

2009-07-25 23:48 . 2009-02-09 11:50 2061952 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-07-25 23:48 . 2009-02-09 11:50 2184704 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-07-25 23:42 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-07-25 23:41 . 2009-07-25 23:42 -------- d-----w- c:\arquivos de programas\LimeWire

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-08 05:34 . 2009-07-19 15:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2009-07-26 05:07 . 2009-07-26 04:20 -------- d-----w- c:\arquivos de programas\Winamp

2009-07-26 02:10 . 2009-07-19 16:07 -------- d-----w- c:\arquivos de programas\Windows Live

2009-07-26 01:53 . 2004-08-04 12:00 48628 ----a-w- c:\windows\system32\perfc016.dat

2009-07-26 01:53 . 2004-08-04 12:00 344380 ----a-w- c:\windows\system32\perfh016.dat

2009-07-26 00:20 . 2009-07-26 00:13 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-07-26 00:18 . 2009-07-19 14:47 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-07-26 00:13 . 2009-07-26 00:13 -------- d-----w- c:\arquivos de programas\Circle Develoement

2009-07-25 23:33 . 2009-07-19 15:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-07-19 16:07 . 2009-07-19 16:07 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-07-19 15:56 . 2009-07-19 15:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-07-19 15:42 . 2009-07-19 15:41 -------- d-----w- c:\documents and settings\Alan 1\Dados de aplicativos\Ahead

2009-07-19 15:37 . 2009-07-19 14:57 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-07-19 15:37 . 2009-07-19 15:37 -------- d-----w- c:\arquivos de programas\VIAudioi

2009-07-19 15:36 . 2009-07-19 15:36 -------- d-----w- c:\arquivos de programas\VIA

2009-07-19 15:36 . 2009-07-19 14:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-07-19 15:34 . 2009-07-19 15:34 -------- d-----w- c:\arquivos de programas\NETEagle

2009-07-19 15:30 . 2009-07-19 15:30 -------- d-----w- c:\arquivos de programas\Nero

2009-07-19 15:16 . 2009-07-19 15:16 0 ----a-w- c:\windows\nsreg.dat

2009-07-19 15:13 . 2009-07-19 15:13 -------- d-----w- c:\arquivos de programas\AVG

2009-07-19 15:13 . 2009-07-19 15:12 -------- d-----w- c:\arquivos de programas\S3

2009-07-19 15:05 . 2009-07-19 15:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-07-19 14:48 . 2009-07-19 14:48 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-07-19 14:46 . 2009-07-19 14:46 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-07-19 14:45 . 2009-07-19 14:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-07-19 14:44 . 2009-07-19 14:44 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-06-16 14:54 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:54 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

.

 

------- Sigcheck -------

 

[-] 2004-08-04 12:00 1696256 FC3BE5CEB215C8EF8B14ADF1CFB939CE c:\windows\explorer.exe

[-] 2008-04-14 02:20 1035776 064EC7FF5F58B928C3E119402977FA6D c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\explorer.exe

[-] 2004-08-04 12:00 1696256 FC3BE5CEB215C8EF8B14ADF1CFB939CE c:\windows\system32\dllcache\explorer.exe

[7] 2004-08-04 12:00 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\XPize Darkside\Backup\explorer.exe

 

[-] 2008-04-14 02:20 15360 4E486ADFE3A0B9ED0EB0639902E9F64F c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ctfmon.exe

[-] 2004-08-04 12:00 30208 C44B39505116F6961988B8681793E572 c:\windows\system32\ctfmon.exe

[-] 2004-08-04 12:00 30208 C44B39505116F6961988B8681793E572 c:\windows\system32\dllcache\ctfmon.exe

[7] 2004-08-04 12:00 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\XPize Darkside\Backup\ctfmon.exe

 

[-] 2008-04-14 02:20 821760 D3F8E8DBE93A80440CAC78B305B40A67 c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\comres.dll

[-] 2004-08-04 12:00 832000 967501E42379A775953FAB1D4B273FD2 c:\windows\system32\comres.dll

[-] 2004-08-04 12:00 832000 967501E42379A775953FAB1D4B273FD2 c:\windows\system32\dllcache\comres.dll

[7] 2004-08-04 12:00 821760 FB93B504600DA3EC407ED0252EEF97AB c:\windows\XPize Darkside\Backup\comres.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-08-22_02.10.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-22 19:05 . 2009-08-22 19:05 16384 c:\windows\Temp\Perflib_Perfdata_75c.dat

+ 2009-08-22 19:05 . 2009-08-22 19:05 16384 c:\windows\Temp\Perflib_Perfdata_584.dat

+ 2009-08-22 18:51 . 2009-08-22 18:51 16384 c:\windows\Temp\Perflib_Perfdata_57c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TaskSwitchXP"="c:\arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]

"XPize Darkside Reloader"="c:\windows\XPize Darkside\XPize Darkside Reloader.exe" [2007-10-12 112737]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 540672]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-26 148888]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-07-30 198160]

"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]

"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-03-11 147456]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 30208]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\Alan 1\\Meus documentos\\World War Pure SVN 8.1\\WorldWar.exe"=

"c:\\Arquivos de programas\\Tibia 8.50\\Tibia.exe"=

"c:\\Arquivos de programas\\Tibia 8.42\\Tibia 8.42.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7172:TCP"= 7172:TCP:Open Tibia Server

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/7/2009 21:06 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/7/2009 21:06 20560]

S2 gupdate1ca10daf10d31a;Google Update Service (gupdate1ca10daf10d31a);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [30/7/2009 02:53 133104]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-07-30 05:53]

 

2009-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-07-30 05:53]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Alan 1\Dados de aplicativos\Mozilla\Firefox\Profiles\c44nr2x7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://forum.imasters.com.br/index.php?/topic/359090-link-suspeitoavaliem-meu-log/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-22 16:07

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AudioDeck = c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???c:\documents???????|???|????????????ktop\Via686\vi

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(648)

c:\windows\system32\cscui.dll

 

- - - - - - - > 'explorer.exe'(3440)

c:\windows\System32\cscui.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-08-22 16:12 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-22 19:12

ComboFix2.txt 2009-08-22 02:13

 

Pré-execução: 8 pasta(s) 68.157.915.136 bytes disponíveis

Pós execução: 8 pasta(s) 68.101.558.272 bytes disponíveis

 

262 --- E O F --- 2009-07-26 00:43

 

 

 

Log do Hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:15:28, on 22/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Update Service (gupdate1ca10daf10d31a) (gupdate1ca10daf10d31a) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 5702 bytes

[DigRam 144]

Bom Dia! Magman

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><>

<!> Seus logs estão limpos!

 

Abraços!

[Magman 0]

Bom Dia! Magman

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><>

<!> Seus logs estão limpos!

 

Abraços!

 

Muito obrigado pela ajuda :joia:

 

Abraços

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.