Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

glaucoz

[Arquivado] &nbsp[Arquivado] &nbspautorun.inf e travamento

Recommended Posts

Meu log do hijack esta ai

espero que alguem possa me ajudar

meu pc começa a travar cerca de aproximadamente 3 horas depois que eu o ligo

nao sei porque acontece isso, meu explorer trava e tudo fica lerdo ai eu sou obrigado a reiniciar =S

 

 

----------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:05:20, on 26/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\HTR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\HTR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\HTR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\HTR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\HTR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\HTR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

D:\DOWNLOADS\Vector.NET-Free-Vector-Art-Pack-19-Nightlife\HiJackThis.exe

C:\Documents and Settings\HTR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD1.dll

O1 - Hosts: 63.134.212.20 www2.bancobrasil.com.br

O1 - Hosts: 63.134.212.21 www.realsecureweb.com.br

O1 - Hosts: 63.134.212.22 www2.realsecureweb.com.br

O1 - Hosts: 63.134.212.23 aapj.bb.com.br

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD1.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll (file missing)

O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)

O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD1.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /mim

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.e xe" -launchedbylogin

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\HTR\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/Messen....cab109791.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messen.../GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 12333 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá glaucoz

 

1.

*Baixe o HostsXpert e salve-o no desktop

*Extraia para o desktop

*Execute o HostsXpert

*Clique [Restore Microsoft's Hosts File]

 

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

 

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

fiz oque me pediu e ai esta o log

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 5194

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

26/11/2010 17:44:07

mbam-log-2010-11-26 (17-44-07).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 309905

Tempo decorrido: 1 hora(s), 12 minuto(s), 36 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 11

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 4

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Documents and Settings\HTR\Dados de aplicativos\Thinstall\Autodesk DWF Viewer\4000001600003i\AdskScSrv.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\HTR\Dados de aplicativos\Thinstall\Autodesk DWF Viewer\4000003000002i\WSCommCntr1.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\HTR\Dados de aplicativos\Thinstall\Autodesk DWF Viewer\400000f00002i\AdskCleanup.0001 (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do Avira ao lado do relógio

Clique na opção "Antivir Guard enable".

*Baixe o ComboFix e salve-o no desktop

 

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique [sIM] para instalar e depois [sIM] para continuar.

 

191d6c44ae.jpg

 

dd8ae98175.jpg

 

*Aguarde a conclusão de todas as etapas

 

etapas.jpg

 

*Não use o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER]

 

*Cole o relatório C:\combofix.txt

 

*Se for reiniciar o PC haverá uma opção, na inicialização, chamada Console de Recuperação. Não entre no Windows através da mesma desde que devidamente orientado(a)!

Compartilhar este post


Link para o post
Compartilhar em outros sites

aeee..axo qe agora ta bom =D

 

ComboFix 10-11-26.04 - HTR 27/11/2010 10:10.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.958.489 [GMT -2:00]

Executando de: d:\downloads\Vector.NET-Free-Vector-Art-Pack-19-Nightlife\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

C:\CFLog

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\HTR\Dados de aplicativos\inst.exe

c:\documents and settings\HTR\Dados de aplicativos\PriceGong

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\1.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\a.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\b.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\c.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\d.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\e.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\f.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\g.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\h.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\i.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\J.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\k.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\l.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\m.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\mru.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\n.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\o.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\p.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\q.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\r.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\s.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\t.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\u.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\v.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\w.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\x.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\y.xml

c:\documents and settings\HTR\Dados de aplicativos\PriceGong\Data\z.xml

c:\documents and settings\HTR\Meus documentos\New

c:\documents and settings\HTR\Meus documentos\New \livro 3d.veg

c:\documents and settings\HTR\Meus documentos\New \Thumbs.db

c:\documents and settings\HTR\Meus documentos\New \Untitled-1.jpg

c:\documents and settings\HTR\Meus documentos\New \Untitled-1.psd

c:\documents and settings\HTR\Meus documentos\New \Untitled-2.jpg

c:\documents and settings\HTR\Meus documentos\New \Untitled-2.psd

c:\documents and settings\HTR\Meus documentos\New \Untitled.veg

C:\MDXX2010.tmp

c:\windows\system32\images

c:\windows\system32\images\toolbar\calendar.gif

c:\windows\system32\images\toolbar\crlogo.gif

c:\windows\system32\images\toolbar\export.gif

c:\windows\system32\images\toolbar\export_over.gif

c:\windows\system32\images\toolbar\exportd.gif

c:\windows\system32\images\toolbar\First.gif

c:\windows\system32\images\toolbar\first_over.gif

c:\windows\system32\images\toolbar\Firstd.gif

c:\windows\system32\images\toolbar\gotopage.gif

c:\windows\system32\images\toolbar\gotopage_over.gif

c:\windows\system32\images\toolbar\gotopaged.gif

c:\windows\system32\images\toolbar\grouptree.gif

c:\windows\system32\images\toolbar\grouptree_over.gif

c:\windows\system32\images\toolbar\grouptreed.gif

c:\windows\system32\images\toolbar\grouptreepressed.gif

c:\windows\system32\images\toolbar\Last.gif

c:\windows\system32\images\toolbar\last_over.gif

c:\windows\system32\images\toolbar\Lastd.gif

c:\windows\system32\images\toolbar\Next.gif

c:\windows\system32\images\toolbar\next_over.gif

c:\windows\system32\images\toolbar\Nextd.gif

c:\windows\system32\images\toolbar\Prev.gif

c:\windows\system32\images\toolbar\prev_over.gif

c:\windows\system32\images\toolbar\Prevd.gif

c:\windows\system32\images\toolbar\print.gif

c:\windows\system32\images\toolbar\print_over.gif

c:\windows\system32\images\toolbar\printd.gif

c:\windows\system32\images\toolbar\Refresh.gif

c:\windows\system32\images\toolbar\refresh_over.gif

c:\windows\system32\images\toolbar\refreshd.gif

c:\windows\system32\images\toolbar\Search.gif

c:\windows\system32\images\toolbar\search_over.gif

c:\windows\system32\images\toolbar\searchd.gif

c:\windows\system32\images\toolbar\up.gif

c:\windows\system32\images\toolbar\up_over.gif

c:\windows\system32\images\toolbar\upd.gif

c:\windows\system32\images\tree\begindots.gif

c:\windows\system32\images\tree\beginminus.gif

c:\windows\system32\images\tree\beginplus.gif

c:\windows\system32\images\tree\blank.gif

c:\windows\system32\images\tree\blankdots.gif

c:\windows\system32\images\tree\dots.gif

c:\windows\system32\images\tree\lastdots.gif

c:\windows\system32\images\tree\lastminus.gif

c:\windows\system32\images\tree\lastplus.gif

c:\windows\system32\images\tree\Magnify.gif

c:\windows\system32\images\tree\minus.gif

c:\windows\system32\images\tree\minusbox.gif

c:\windows\system32\images\tree\plus.gif

c:\windows\system32\images\tree\plusbox.gif

c:\windows\system32\images\tree\singleminus.gif

c:\windows\system32\images\tree\singleplus.gif

D:\install.exe

 

----- BITS: Sites possivelmente infectados -----

 

hxxp://au.downloj+|Cv+@J:NGD_DQ{zcxLJS@

A cópia de c:\windows\system32\midimap.dll foi encontrada e desinfectada

Cópia restaurada de - c:\windows\VistaMizer\old\midimap.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-10-27 to 2010-11-27 ))))))))))))))))))))))))))))

.

 

2010-11-26 18:18 . 2010-11-26 18:18 -------- d-----w- c:\documents and settings\HTR\Dados de aplicativos\Malwarebytes

2010-11-26 18:18 . 2010-04-29 17:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-26 18:18 . 2010-11-26 18:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-11-26 18:18 . 2010-04-29 17:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-26 18:18 . 2010-11-26 18:18 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-11-24 12:34 . 2010-11-24 12:34 -------- d-----w- c:\documents and settings\HTR\Configurações locais\Dados de aplicativos\TechSmith

2010-11-24 12:33 . 2010-11-26 22:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TechSmith

2010-11-23 12:16 . 2010-11-23 12:16 -------- d-----w- c:\documents and settings\LocalService\Menu Iniciar

2010-11-21 21:25 . 2010-11-21 21:25 16384 ----a-w- c:\windows\system32\drivers\actusb.sys

2010-11-20 20:28 . 2010-11-20 20:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-11-20 20:28 . 2010-09-15 06:50 472808 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

2010-11-20 20:28 . 2010-09-15 06:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-15 03:13 . 2010-11-15 03:13 -------- d-----w- c:\documents and settings\HTR\Configurações locais\Dados de aplicativos\Unity

2010-11-13 15:41 . 2010-11-13 15:41 -------- d-----w- c:\documents and settings\HTR\Dados de aplicativos\Avira

2010-11-11 02:14 . 2010-11-11 02:14 -------- d-----w- c:\documents and settings\HTR\Dados de aplicativos\ManyCam

2010-11-11 02:13 . 2010-11-11 02:14 -------- d-----w- c:\documents and settings\HTR\Configurações locais\Dados de aplicativos\ManyCam

2010-11-11 02:13 . 2010-11-11 02:14 -------- d-----w- c:\arquivos de programas\ManyCam

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-23 12:16 . 2009-08-21 23:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-09-18 15:23 . 2007-04-02 23:14 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-04-13 22:20 974848 ------w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-04-13 22:20 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-18 06:53 . 2001-10-28 18:06 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-15 04:29 . 2009-09-05 19:27 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-14 08:00 . 2010-09-27 21:22 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-09-10 21:10 . 2010-09-10 21:10 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys

2010-09-10 05:51 . 2008-04-13 22:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:51 . 2008-04-13 22:21 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-10 05:51 . 2008-04-13 22:20 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-01 11:52 . 2008-04-13 22:18 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57 . 2008-04-13 21:54 1852928 ----a-w- c:\windows\system32\win32k.sys

.

 

------- Sigcheck -------

 

[-] 2008-04-13 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-13 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[7] 2008-04-13 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe

 

[-] 2008-04-13 . 7C0E5D593730414B5994A15A6D10C201 . 588288 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-04-13 . 7C0E5D593730414B5994A15A6D10C201 . 588288 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[7] 2008-04-13 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll

 

[-] 2008-04-13 . F1A3E95588DB92660C8C6DAA9101D49B . 1554432 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-13 . F1A3E95588DB92660C8C6DAA9101D49B . 1554432 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[7] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe

 

[-] 2008-04-13 . D67945A2290E98BB54D7792F09E7504E . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-13 . D67945A2290E98BB54D7792F09E7504E . 25088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[7] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe

 

[-] 2009-03-08 . C94590AF0DB0E97199688FF1A77037D2 . 727904 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\VistaMizer\old\iexplore.exe

[7] 2008-04-13 . 04CABAD69BE78EB9C03CD4346D776DA5 . 93184 . . [6.00.2900.5512] . . c:\windows\ie8\iexplore.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\arquivos de programas\DVDVideoSoftTB\tbDVD1.dll" [2010-10-24 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

2010-10-24 13:30 2735200 ----a-w- c:\arquivos de programas\DVDVideoSoftTB\tbDVD1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\arquivos de programas\DVDVideoSoftTB\tbDVD1.dll" [2010-10-24 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\arquivos de programas\DVDVideoSoftTB\tbDVD1.dll" [2010-10-24 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]

"Pando Media Booster"="c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe" [2010-02-02 2937528]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 25088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

"IntelliPoint"="c:\arquivos de programas\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]

"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-05-26 413696]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]

"ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2010-06-03 1753192]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]

"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 25088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 10:58 611712 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-11-16 22:04 139264 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-04-23 13:51 691656 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 14:44 31072 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-15 00:17 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2007-08-22 19:31 80896 ----a-w- c:\arquivos de programas\HP\Digital Imaging\bin\HpqSRmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]

2010-03-30 14:16 1820040 ----a-w- c:\arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 18:40 155648 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"d:\\Arquivos de programas\\Avid\\Avid Liquid 7\\Program\\RM.exe"=

"d:\\Arquivos de programas\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"=

"d:\\Steam\\SteamApps\\alison782\\counter-strike source\\hl2.exe"=

"d:\\Steam\\SteamApps\\25628125\\counter-strike source\\hl2.exe"=

"d:\\Steam\\SteamApps\\rflx1\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Documents and Settings\\HTR\\Desktop\\snes\\kaillerasrv-0.86-win32\\kaillerasrv.exe"=

"c:\\Documents and Settings\\HTR\\Desktop\\snes\\snes9k009z\\Snes9K.exe"=

"c:\\zsnesw142\\zsnesw.exe"=

"c:\\zsneswv1.36\\ZSNESW.EXE"=

"c:\\Fusion36\\Fusion.exe"=

"c:\\Documents and Settings\\HTR\\Desktop\\dream\\kaillerasrv-0.86-win32\\kaillerasrv.exe"=

"d:\\Arquivos de programas\\Autodesk\\Backburner\\monitor.exe"=

"d:\\Arquivos de programas\\Autodesk\\Backburner\\manager.exe"=

"d:\\Arquivos de programas\\Autodesk\\Backburner\\server.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"d:\\Steam\\SteamApps\\angelis_rdx\\counter-strike source\\hl2.exe"=

"d:\\Arquivos de programas\\VertrigoServ\\Apache\\bin\\v_apache.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56806:TCP"= 56806:TCP:Pando Media Booster

"56806:UDP"= 56806:UDP:Pando Media Booster

"57663:TCP"= 57663:TCP:Pando Media Booster

"57663:UDP"= 57663:UDP:Pando Media Booster

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"2320:TCP"= 2320:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

"3306:TCP"= 3306:TCP:MySQL Server

 

R0 ActUsb;ActUsb;c:\windows\system32\drivers\actusb.sys [21/11/2010 19:25 16384]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/8/2009 23:10 721904]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [21/8/2009 21:37 135336]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\arquivos de programas\LogMeIn Hamachi\hamachi-2.exe [30/3/2010 12:16 1107336]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [10/9/2010 19:10 27632]

S0 usbdata10;usbdata10;c:\windows\system32\drivers\usbdata10.sys --> c:\windows\system32\drivers\usbdata10.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/3/2010 14:16 130384]

S3 extrem.sys;extrem;\??\c:\docume~1\HTR\CONFIG~1\Temp\extrem.sys --> c:\docume~1\HTR\CONFIG~1\Temp\extrem.sys [?]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [3/2/2010 19:23 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [3/2/2010 19:23 79104]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 TKFsAc;TKFsAc;\??\c:\windows\system32\TKFsAc2k.sys --> c:\windows\system32\TKFsAc2k.sys [?]

S3 TKFsAv;TKFsAv;\??\c:\windows\system32\TKFsAv2k.sys --> c:\windows\system32\TKFsAv2k.sys [?]

S3 TKFsFt;TKFsFt;\??\c:\windows\system32\TKFsFt2k.sys --> c:\windows\system32\TKFsFt2k.sys [?]

S3 TKRgAc;TKRgAc;\??\c:\windows\system32\TKRgAc2k.sys --> c:\windows\system32\TKRgAc2k.sys [?]

S3 TKRgFt;TKRgFt;\??\c:\windows\system32\TKRgFtXp.sys --> c:\windows\system32\TKRgFtXp.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/3/2010 14:16 753504]

S3 XDva286;XDva286;\??\c:\windows\system32\XDva286.sys --> c:\windows\system32\XDva286.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-11-27 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 17:07]

 

2010-11-27 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-08-22 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.orbitdownloader.com

uInternet Connection Wizard,ShellNext = iexplore

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\documents and settings\HTR\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

FF - ProfilePath - c:\documents and settings\HTR\Dados de aplicativos\Mozilla\Firefox\Profiles\g7b085sl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll

FF - component: c:\documents and settings\HTR\Dados de aplicativos\Mozilla\Firefox\Profiles\g7b085sl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\HTR\Dados de aplicativos\Mozilla\Firefox\Profiles\g7b085sl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\HTR\Dados de aplicativos\Mozilla\Firefox\Profiles\g7b085sl.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npganymedenet.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPNAVY.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npnul32.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPOFF12.DLL

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox 4.0 Beta 4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Módulo de Segurança - Banco do Brasil: {87F8774F-B485-47E2-A755-A40A8A5E886C} - c:\documents and settings\HTR\Dados de aplicativos\Mozilla\Firefox\Profiles\g7b085sl.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

FF - Extension: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

HKLM-Run-RDesc - (no file)

AddRemove-HP Solution Center & Imaging Support Tools - c:\arquivos de programas\HP\Digital Imaging\eSupport\hpzscr01.exe

AddRemove-HPExtendedCapabilities - c:\arquivos de programas\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe

AddRemove-Shop for HP Supplies - c:\arquivos de programas\HP\Digital Imaging\HPSSupply\hpzscr01.exe

AddRemove-{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2} - c:\arquivos de programas\HP\Digital Imaging\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}\setup\hpzscr01.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-27 01:39

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-854245398-796845957-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{276CEEBA-236E-E9C9-3547-63EDC5C02C0B}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"pamojnggjboolaefehkeimlfbjoikhkf"=hex:6a,61,68,63,6d,61,61,6a,6e,63,62,69,66,

70,66,67,61,69,6f,62,00,00

"oagpplepocnlhoinohkodndfpnjljg"=hex:69,61,62,64,70,63,6c,69,70,64,62,6a,65,68,

63,62,6c,70,00,00

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"AB141C35E9F4BF344B9FC010BB17F68A"=""

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(776)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(832)

c:\windows\system32\setupapi.dll

c:\windows\system32\psbase.dll

 

- - - - - - - > 'explorer.exe'(3180)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\WININET.dll

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\LINKINFO.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

c:\arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-11-27 01:45:34 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-11-27 03:45

 

Pré-execução: 2.839.015.424 bytes disponíveis

Pós execução: 4.593.278.976 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

 

- - End Of File - - 130DC8C6B432FF5F225B0087924E1C7A

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Abra o bloco de notas e cole nele o código abaixo:

 

File::

c:\windows\system32\drivers\actusb.sys

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

b2ea2c6367.gif

 

*Não use o mouse e o teclado enquanto o combofix estiver em execução!!

 

*Cole o relatório C:\combofix.txt e novo log do hijack

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.