Ir para conteúdo
Entre para seguir isso  
..AMCN..

Análise de log (''nao é um aplicativo win32 valido'')

Mensagem Recomendada

Boa Noite!

Esta semana meu antivírus (avast) passou a nao abrir mais e sempre q eu clicava para abrí-lo era exibida a mensagem ''não é um aplicativo win32 válido'', assim como spyboot, e o PC ficou extremamente lento.

Andei lendo alguns topicos a respeito disso por aqui e fiz o indicado:

1º)Passei o Elibagle, 2º) Combofix, 3º) HiJackThis.

Seguem abaixo os respectivos logs:

1º) EliBagle (tirei a 'restauraçao do sistema' pois o vírus sempre voltava ao reiniciar, rodei o mesmo no modo se segurança, segue o log do Elibagle):

Fri May 09 18:24:41 2008

EliBagle v11.33 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Fri May 09 18:27:16 2008

EliBagle v11.33 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\USER\DADOS DE APLICATIVOS\M\FLEC006.EXE --> Bagle Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\USER\DADOS DE APLICATIVOS\M\LIST.OCT --> Eliminado Bagle

Fri May 09 19:58:32 2008

EliBagle v11.33 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\USER\DADOS DE APLICATIVOS\M\FLEC006.EXE --> Bagle Acceso Denegado.

Restaurada Clave: "SafeBoot\Minimal y Network"

Reinicie para Completar la Limpieza.

Fri May 09 20:22:31 2008

EliBagle v11.33 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

C:\Arquivos de programas\LClock\LCLOCK.EXE --> Eliminado Bagle.dldr

C:\System Volume Information\_restore{F6A7E8DA-DC80-4D5C-81D4-F60B5ECA429E}\RP819\A0426992.SYS --> Eliminado Bagle (rootkit)

C:\System Volume Information\_restore{F6A7E8DA-DC80-4D5C-81D4-F60B5ECA429E}\RP819\A0427014.EXE --> Eliminado Bagle

C:\System Volume Information\_restore{F6A7E8DA-DC80-4D5C-81D4-F60B5ECA429E}\RP819\A0427265.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 6683

Nº Total de Ficheros: 76160

Nº de Ficheros Analizados: 11013

Nº de Ficheros Infectados: 5

Nº de Ficheros Limpiados: 5

Fri May 09 23:40:49 2008

EliBagle v11.33 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\USER\DADOS DE APLICATIVOS\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

Reinicie para Completar la Limpieza.

Fri May 09 23:41:49 2008

EliBagle v11.33 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

C:\System Volume Information\_restore{F6A7E8DA-DC80-4D5C-81D4-F60B5ECA429E}\RP819\A0427266.EXE --> Eliminado Bagle

Nº Total de Directorios: 6664

Nº Total de Ficheros: 76508

Nº de Ficheros Analizados: 10917

Nº de Ficheros Infectados: 2

Nº de Ficheros Limpiados: 2

Sat May 10 00:00:02 2008

EliBagle v11.33 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\USER\DADOS DE APLICATIVOS\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

Reinicie para Completar la Limpieza.

Sat May 10 00:00:45 2008

EliBagle v11.33 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

C:\System Volume Information\_restore{F6A7E8DA-DC80-4D5C-81D4-F60B5ECA429E}\RP819\A0428112.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 6664

Nº Total de Ficheros: 76514

Nº de Ficheros Analizados: 10919

Nº de Ficheros Infectados: 2

Nº de Ficheros Limpiados: 2

Sat May 10 02:35:28 2008

EliBagle v11.33 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\USER\DADOS DE APLICATIVOS\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

Reinicie para Completar la Limpieza.

Sat May 10 02:36:04 2008

EliBagle v11.33 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 44

Nº Total de Ficheros: 1827

Nº de Ficheros Analizados: 673

Nº de Ficheros Infectados: 1

Nº de Ficheros Limpiados: 1

Exploración Detenida por el Usuario.

Sat May 10 07:05:06 2008

EliBagle v11.33 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\USER\DADOS DE APLICATIVOS\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

Reinicie para Completar la Limpieza.

Sat May 10 12:31:20 2008

EliBagle v11.33 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

C:\DOCUMENTS AND SETTINGS\USER\DADOS DE APLICATIVOS\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

Reinicie para Completar la Limpieza.

Sat May 10 12:32:26 2008

EliBagle v11.33 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 6666

Nº Total de Ficheros: 76465

Nº de Ficheros Analizados: 10664

Nº de Ficheros Infectados: 1

Nº de Ficheros Limpiados: 1

Sat May 10 12:47:24 2008

EliBagle v11.33 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr

C:\DOCUMENTS AND SETTINGS\USER\DADOS DE APLICATIVOS\M\FLEC006.EXE --> Eliminado Bagle.dldr

Sat May 10 12:47:30 2008

EliBagle v11.33 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\MDELK.EXE --> Eliminado Bagle.dldr

C:\WINDOWS\system32\drivers\downld\50389578.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\downld\394031.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\downld\732468.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\downld\2181375.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\downld\2249687.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\downld\3048859.EXE --> Eliminado Bagle

Nº Total de Directorios: 6682

Nº Total de Ficheros: 77145

Nº de Ficheros Analizados: 10690

Nº de Ficheros Infectados: 8

Nº de Ficheros Limpiados: 8

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::::::::

2º) - Rodei o ComboFix, e obtive o seguinte log:

ComboFix 08-05-09.1 - user 2008-05-10 13:11:11.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.145 [GMT -3:00]

Executando de: C:\Documents and Settings\user\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\Arquivos comuns\system\update.dat

C:\Arquivos de programas\coolsign

C:\WINDOWS\recover.reg

C:\WINDOWS\system32\drivers\downld

C:\WINDOWS\system32\drivers\downld\1009921.exe

C:\WINDOWS\system32\drivers\downld\1044062.exe

C:\WINDOWS\system32\drivers\downld\1051500.exe

C:\WINDOWS\system32\drivers\downld\1058859.exe

C:\WINDOWS\system32\drivers\downld\1091984.exe

C:\WINDOWS\system32\drivers\downld\1116359.exe

C:\WINDOWS\system32\drivers\downld\1170921.exe

C:\WINDOWS\system32\drivers\downld\1190000.exe

C:\WINDOWS\system32\drivers\downld\1208281.exe

C:\WINDOWS\system32\drivers\downld\1239906.exe

C:\WINDOWS\system32\drivers\downld\1326265.exe

C:\WINDOWS\system32\drivers\downld\1333062.exe

C:\WINDOWS\system32\drivers\downld\1418312.exe

C:\WINDOWS\system32\drivers\downld\1425390.exe

C:\WINDOWS\system32\drivers\downld\1464078.exe

C:\WINDOWS\system32\drivers\downld\1485281.exe

C:\WINDOWS\system32\drivers\downld\1511109.exe

C:\WINDOWS\system32\drivers\downld\1563453.exe

C:\WINDOWS\system32\drivers\downld\1568437.exe

C:\WINDOWS\system32\drivers\downld\1606375.exe

C:\WINDOWS\system32\drivers\downld\1694218.exe

C:\WINDOWS\system32\drivers\downld\1747812.exe

C:\WINDOWS\system32\drivers\downld\1764906.exe

C:\WINDOWS\system32\drivers\downld\1782687.exe

C:\WINDOWS\system32\drivers\downld\1814984.exe

C:\WINDOWS\system32\drivers\downld\1850546.exe

C:\WINDOWS\system32\drivers\downld\1940484.exe

C:\WINDOWS\system32\drivers\downld\200296.exe

C:\WINDOWS\system32\drivers\downld\2046046.exe

C:\WINDOWS\system32\drivers\downld\2057828.exe

C:\WINDOWS\system32\drivers\downld\2144250.exe

C:\WINDOWS\system32\drivers\downld\2158968.exe

C:\WINDOWS\system32\drivers\downld\2216656.exe

C:\WINDOWS\system32\drivers\downld\2242359.exe

C:\WINDOWS\system32\drivers\downld\2279656.exe

C:\WINDOWS\system32\drivers\downld\2369218.exe

C:\WINDOWS\system32\drivers\downld\2384765.exe

C:\WINDOWS\system32\drivers\downld\2448453.exe

C:\WINDOWS\system32\drivers\downld\2500125.exe

C:\WINDOWS\system32\drivers\downld\2526640.exe

C:\WINDOWS\system32\drivers\downld\2563296.exe

C:\WINDOWS\system32\drivers\downld\2690718.exe

C:\WINDOWS\system32\drivers\downld\2818390.exe

C:\WINDOWS\system32\drivers\downld\2950406.exe

C:\WINDOWS\system32\drivers\downld\2961921.exe

C:\WINDOWS\system32\drivers\downld\3025765.exe

C:\WINDOWS\system32\drivers\downld\3078171.exe

C:\WINDOWS\system32\drivers\downld\3191343.exe

C:\WINDOWS\system32\drivers\downld\3250531.exe

C:\WINDOWS\system32\drivers\downld\3294218.exe

C:\WINDOWS\system32\drivers\downld\3330093.exe

C:\WINDOWS\system32\drivers\downld\3468546.exe

C:\WINDOWS\system32\drivers\downld\3527703.exe

C:\WINDOWS\system32\drivers\downld\4040015.exe

C:\WINDOWS\system32\drivers\downld\4095484.exe

C:\WINDOWS\system32\drivers\downld\4141937.exe

C:\WINDOWS\system32\drivers\downld\4856015.exe

C:\WINDOWS\system32\drivers\downld\4962859.exe

C:\WINDOWS\system32\drivers\downld\50233562.exe

C:\WINDOWS\system32\drivers\downld\5024953.exe

C:\WINDOWS\system32\drivers\downld\50427968.exe

C:\WINDOWS\system32\drivers\downld\50475750.exe

C:\WINDOWS\system32\drivers\downld\506500.exe

C:\WINDOWS\system32\drivers\downld\5078453.exe

C:\WINDOWS\system32\drivers\downld\50801281.exe

C:\WINDOWS\system32\drivers\downld\50894718.exe

C:\WINDOWS\system32\drivers\downld\50965687.exe

C:\WINDOWS\system32\drivers\downld\51021937.exe

C:\WINDOWS\system32\drivers\downld\561562.exe

C:\WINDOWS\system32\drivers\downld\695734.exe

C:\WINDOWS\system32\drivers\downld\721156.exe

C:\WINDOWS\system32\drivers\downld\729296.exe

C:\WINDOWS\system32\drivers\downld\765515.exe

C:\WINDOWS\system32\drivers\downld\790328.exe

C:\WINDOWS\system32\drivers\downld\823015.exe

C:\WINDOWS\system32\drivers\downld\856937.exe

C:\WINDOWS\system32\drivers\downld\883140.exe

C:\WINDOWS\system32\drivers\downld\895593.exe

C:\WINDOWS\system32\drivers\downld\905859.exe

C:\WINDOWS\system32\drivers\downld\938203.exe

C:\WINDOWS\system32\drivers\downld\941500.exe

C:\WINDOWS\system32\drivers\downld\980609.exe

C:\WINDOWS\system32\drivers\downld\986890.exe

C:\WINDOWS\system32\systeminfo.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Legacy_PARAUDIO

-------\Legacy_SROSA

-------\Service_NPF

-------\Service_paraudio

((((((((((((((((((((((( Ficheiros criados de 2008-04-10 to 2008-05-10 ))))))))))))))))))))))))))))))))

.

2008-05-10 13:04 . 2008-05-10 13:04 <DIR> d-------- C:\teste1

2008-05-10 02:33 . 2008-05-10 02:33 <DIR> d--hs---- C:\FOUND.009

2008-05-10 00:19 . 2008-05-10 00:19 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-05-10 00:12 . 2008-05-10 00:12 78,415 --a------ C:\WINDOWS\system32\drivers\klif.cab

2008-05-09 23:39 . 2008-05-09 23:39 <DIR> d--hs---- C:\FOUND.008

2008-05-09 18:42 . 2008-05-09 18:42 <DIR> d-------- C:\LinhaDefensiva

2008-05-09 11:40 . 2008-05-09 11:40 <DIR> d--hs---- C:\FOUND.007

2008-05-08 22:06 . 2008-05-08 22:06 <DIR> d--hs---- C:\FOUND.006

2008-05-08 14:16 . 2008-05-08 14:16 <DIR> d--hs---- C:\FOUND.005

2008-05-07 23:50 . 2008-05-07 23:50 <DIR> d--hs---- C:\FOUND.004

2008-05-07 22:42 . 2008-05-07 22:42 <DIR> d--hs---- C:\FOUND.003

2008-05-07 18:56 . 2008-05-07 18:56 <DIR> d--hs---- C:\FOUND.002

2008-05-06 17:57 . 2008-05-06 17:57 <DIR> d--hs---- C:\FOUND.001

2008-05-05 23:57 . 2008-05-05 23:57 <DIR> d--hs---- C:\FOUND.000

2008-04-30 18:59 . 2008-04-30 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SRS Labs

2008-04-30 18:56 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys

2008-04-30 18:55 . 2008-04-30 18:55 <DIR> d-------- C:\Arquivos de programas\SRS Labs

2008-04-30 18:38 . 2008-04-30 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DFX

2008-04-28 01:49 . 2008-05-05 10:24 38 --a------ C:\WINDOWS\avisplitter.INI

2008-04-25 18:53 . 2008-04-25 18:53 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-04-25 18:53 . 2008-03-21 17:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-04-25 18:53 . 2008-01-10 09:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-04-25 18:53 . 2008-03-31 18:25 682,496 --a------ C:\WINDOWS\system32\divx.dll

2008-04-25 18:53 . 2004-01-25 13:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-04-25 18:53 . 2008-01-10 09:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-04-25 18:53 . 2007-09-20 21:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-04-25 18:53 . 2008-03-21 17:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-04-25 18:53 . 2008-03-28 14:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-04-25 18:53 . 2007-07-10 13:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-04-25 18:53 . 2007-10-03 12:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-04-23 22:09 . 2008-04-23 22:10 <DIR> d-------- C:\Documents and Settings\user\Dados de aplicativos\MoviesApp

2008-04-23 22:09 . 2008-04-23 22:09 <DIR> d-------- C:\Arquivos de programas\SATVOD

2008-04-21 18:43 . 2008-04-21 18:43 <DIR> d--hs---- C:\FOUND.049

2008-04-21 03:28 . 2008-04-21 03:28 <DIR> d-------- C:\Documents and Settings\user\Dados de aplicativos\UnH Solutions

2008-04-16 14:59 . 2008-04-16 14:59 <DIR> d--hs---- C:\FOUND.048

2008-04-12 17:46 . 2008-04-12 17:46 <DIR> d-------- C:\Arquivos de programas\Cakewalk

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-10 03:33 69,632 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe

2008-05-10 03:33 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe

2008-04-07 20:38 --------- d-----w C:\Arquivos de programas\Total Video Converter

2008-04-03 00:40 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE

2008-03-23 20:09 --------- d-----w C:\Arquivos de programas\Activision

2008-03-20 13:50 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\FileZilla

2008-03-20 13:33 --------- d-----w C:\Arquivos de programas\FileZilla FTP Client

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-19 18:38 --------- d-----w C:\Arquivos de programas\SmartFTP Client 2.5 Setup Files

2008-03-18 15:54 --------- d-----w C:\Arquivos de programas\DVD X Studios

2008-03-01 21:32 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 09:00 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-29 08:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-08-10 03:59 55,024 ----a-w C:\Documents and Settings\user\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2004-08-04 06:45 25 --sh--w C:\WINDOWS\system32\stroncdigest.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Cmos]

@={8A4DE897-E609-4670-8E8F-B813B8DF31A3}

[HKEY_CLASSES_ROOT\CLSID\{8A4DE897-E609-4670-8E8F-B813B8DF31A3}]

C:\WINDOWS\system32\avwmdm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WebCam Monitor"="" []

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]

"WinLogT"="C:\WINDOWS\WinLogT.exe" [2006-03-30 15:45 500224]

"PCTVOICE"="pctspk.exe" [2001-09-05 23:50 86016 C:\WINDOWS\system32\pctspk.exe]

"Cmaudio"="cmicnfg.cpl" []

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2006-02-05 03:01 180269]

C:\Documents and Settings\user\Menu Iniciar\Programas\Inicializar\

Last.fm Helper.lnk - C:\Arquivos de programas\Last.fm\LastFMHelper.exe [2007-09-03 15:01:52 106496]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^GetRight.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\GetRight.lnk

backup=C:\WINDOWS\pss\GetRight.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hp psc 1000 series.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\hp psc 1000 series.lnk

backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hpoddt01.exe.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\hpoddt01.exe.lnk

backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Iniciar^Programas^Inicializar^Last.fm Helper.lnk]

path=C:\Documents and Settings\user\Menu Iniciar\Programas\Inicializar\Last.fm Helper.lnk

backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\BitTorrent]

C:\Arquivos de programas\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\BlazeServoTool]

C:\Arquivos de programas\BlazeVideo\BlazeDVD 5 Professional\MediaDetector.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2005-12-10 11:57 133016 C:\Arquivos de programas\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3500 Series]

--a------ 2004-03-03 23:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BL.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 02:41 49152 C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\Ink Monitor]

--------- 2004-05-05 12:54 262210 C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\LClock]

C:\Arquivos de programas\LClock\lclock.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 14:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-09-10 11:19 282624 C:\Arquivos de programas\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]

--------- 2007-10-26 16:04 4354048 C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2006-02-05 03:01 180269 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-05-14 19:22 35328 C:\Arquivos de programas\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"C:\\Arquivos de programas\\DC++\\DCPlusPlus.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\OnGame\\GunboundWC\\GunBound.gme"=

"C:\\mirc\\mirc.exe"=

"C:\\Documents and Settings\\USER\\Dados de aplicativos\\SopCast\\adv\\SopAdver.exe"=

"C:\\Arquivos de programas\\Real\\RealPlayer\\RealPlay.exe"=

"C:\\Arquivos de programas\\BitTornado\\btdownloadgui.exe"=

"C:\\Arquivos de programas\\LevelUpGames\\TheDuel\\theduel.exe"=

"C:\\Arquivos de programas\\Last.fm\\LastFM.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"%windir%\\explorer.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\bmoworld\\BomberMan.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"32422:TCP"= 32422:TCP:Ares Porta

"8080:TCP"= 8080:TCP:@xpsp2res.dll,-22008

R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 08:11]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

S3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 08:11]

S3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys []

S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []

S3 XDva019;XDva019;C:\WINDOWS\system32\XDva019.sys []

S3 XDva074;XDva074;C:\WINDOWS\system32\XDva074.sys []

S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys []

[HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{14196346-04e1-11dd-bcb2-00115b041fb0}]

\Shell\AutoRun\command - nideiect.com

\Shell\explore\Command - nideiect.com

\Shell\open\Command - nideiect.com

[HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{4c6a31e4-860b-11dc-bbd5-00115b041fb0}]

\Shell\AutoRun\command - fooool.exe

\Shell\explore\Command - fooool.exe

\Shell\open\Command - fooool.exe

.

Conte£do da pasta 'Tarefas Agendadas'

"2007-02-12 18:08:42 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1163255777.job"

- C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-10 13:17:59

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AutoDial]

"ImagePath"="rasphone -d Conexão Velox"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\InterBaseGuardian]

"ImagePath"="-s\bin\ibguard -s"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\InterBaseServer]

"ImagePath"="-s\bin\ibserver -s"

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\SYSTEM32\SAVEDUMP.EXE

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-05-10 13:21:48 - machine was rebooted [user]

ComboFix-quarantined-files.txt 2008-05-10 16:21:40

Pre-Run: 318,537,728 bytes disponíveis

Post-Run: 249,397,248 bytes dispon¡veis

322 --- E O F --- 2008-04-25 22:48:10

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::

3º) Após isso, rodei o HijackThis dando no seguinte log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:23:07, on 10/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\user\Desktop\teste.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O23 - Service: Discador automático (AutoDial) - Unknown owner - rasphone.exe (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - -s\bin\ibguard.exe (file missing)

O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - -s\bin\ibserver.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

--

End of file - 4614 bytes

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

;

Após isso, o vírus sumiu, o computador voltou a velocidade normal, porem a mensagem 'não é um aplicativo win32 válido' continua aparecendo quando tento instalar algum antivírus, antispyware etc.

Peço ajuda na análise dos logs para q eu consiga me livrar deste erro e voltar a ter um antivírus protegendo meu computador.

Muito obrigado desde já.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Delete a pasta qoobox que está localizada em C:\, delete também o Log ComboFix.txt também localizado em C:\.

Sugiro que imprima ou salve os procedimentos abaixo, e não use a Internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na Área de Trabalho ( Desktop), com o nome de CFScript.txt.

File::

C:\FOUND.009

C:\WINDOWS\system32\drivers\klif.cab

C:\FOUND.008

C:\FOUND.007

C:\FOUND.006

C:\FOUND.005

C:\FOUND.004

C:\FOUND.003

C:\FOUND.002

C:\FOUND.001

C:\FOUND.000

C:\FOUND.049

C:\FOUND.048

C:\WINDOWS\system32\avwmdm.dll

Registry::

[-HKEY_CLASSES_ROOT\CLSID\{8A4DE897-E609-4670-8E8F-B813B8DF31A3}]

[-HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{14196346-04e1-11dd-bcb2-00115b041fb0}]

[-HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{4c6a31e4-860b-11dc-bbd5-00115b041fb0}]

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.

Faça um novo Log com o HijackThis em modo normal e poste + o ComboFix.txt.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mr.Million, fiz o que voce indicou, seguem os novos logs::

COMBOFIX:

ComboFix 08-05-15.2 - user 2008-05-15 20:39:30.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.179 [GMT -3:00]

Executando de: C:\Documents and Settings\user\Desktop\CF.exe

Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\FOUND.000

C:\FOUND.001

C:\FOUND.002

C:\FOUND.003

C:\FOUND.004

C:\FOUND.005

C:\FOUND.006

C:\FOUND.007

C:\FOUND.008

C:\FOUND.009

C:\FOUND.048

C:\FOUND.049

C:\WINDOWS\system32\avwmdm.dll

C:\WINDOWS\system32\drivers\klif.cab

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\drivers\downld

C:\WINDOWS\system32\drivers\klif.cab

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SROSA

((((((((((((((((((((((( Ficheiros criados de 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))

.

2008-05-14 20:31 . 2008-05-14 20:31 <DIR> d--hs---- C:\FOUND.000

2008-05-11 00:04 . 2008-05-11 00:04 <DIR> d-------- C:\Arquivos de programas\Intelore

2008-05-10 13:21 . 2008-05-10 13:21 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-05-10 13:21 . 2008-05-10 13:21 <DIR> d-------- C:\Documents and Settings\user\Configurações locais

2008-05-10 13:21 . 2008-05-10 13:21 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-05-10 13:21 . 2008-05-10 13:21 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-05-10 13:21 . 2008-05-10 13:21 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais

2008-05-10 13:04 . 2008-05-10 13:04 <DIR> d-------- C:\teste1

2008-05-10 00:19 . 2008-05-10 00:19 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-04-30 18:59 . 2008-04-30 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SRS Labs

2008-04-30 18:56 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys

2008-04-30 18:55 . 2008-04-30 18:55 <DIR> d-------- C:\Arquivos de programas\SRS Labs

2008-04-30 18:38 . 2008-04-30 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DFX

2008-04-28 01:49 . 2008-05-13 15:36 38 --a------ C:\WINDOWS\avisplitter.INI

2008-04-25 18:53 . 2008-04-25 18:53 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-04-25 18:53 . 2008-03-21 17:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-04-25 18:53 . 2008-01-10 09:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-04-25 18:53 . 2008-03-31 18:25 682,496 --a------ C:\WINDOWS\system32\divx.dll

2008-04-25 18:53 . 2004-01-25 13:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-04-25 18:53 . 2008-01-10 09:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-04-25 18:53 . 2007-09-20 21:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-04-25 18:53 . 2008-03-21 17:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-04-25 18:53 . 2008-03-28 14:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-04-25 18:53 . 2007-07-10 13:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-04-25 18:53 . 2007-10-03 12:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-04-23 22:09 . 2008-04-23 22:09 <DIR> d-------- C:\Arquivos de programas\SATVOD

2008-04-21 18:43 . 2008-04-21 18:43 <DIR> d--hs---- C:\FOUND.049

2008-04-21 03:28 . 2008-04-21 03:28 <DIR> d-------- C:\Documents and Settings\user\Dados de aplicativos\UnH Solutions

2008-04-16 14:59 . 2008-04-16 14:59 <DIR> d--hs---- C:\FOUND.048

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-10 03:33 69,632 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe

2008-05-10 03:33 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe

2008-04-12 20:46 --------- d-----w C:\Arquivos de programas\Cakewalk

2008-04-07 20:38 --------- d-----w C:\Arquivos de programas\Total Video Converter

2008-04-03 00:40 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE

2008-03-23 20:09 --------- d-----w C:\Arquivos de programas\Activision

2008-03-20 13:50 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\FileZilla

2008-03-20 13:33 --------- d-----w C:\Arquivos de programas\FileZilla FTP Client

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-19 18:38 --------- d-----w C:\Arquivos de programas\SmartFTP Client 2.5 Setup Files

2008-03-18 15:54 --------- d-----w C:\Arquivos de programas\DVD X Studios

2008-03-01 21:32 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 09:00 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-29 08:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-08-10 03:59 55,024 ----a-w C:\Documents and Settings\user\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2004-08-04 06:45 25 --sh--w C:\WINDOWS\system32\stroncdigest.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Cmos]

@={8A4DE897-E609-4670-8E8F-B813B8DF31A3}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WebCam Monitor"="" []

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [ ]

"WinLogT"="C:\WINDOWS\WinLogT.exe" [2006-03-30 15:45 500224]

"PCTVOICE"="pctspk.exe" [2001-09-05 23:50 86016 C:\WINDOWS\system32\pctspk.exe]

"Cmaudio"="cmicnfg.cpl" []

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2006-02-05 03:01 180269]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^GetRight.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\GetRight.lnk

backup=C:\WINDOWS\pss\GetRight.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hp psc 1000 series.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\hp psc 1000 series.lnk

backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hpoddt01.exe.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\hpoddt01.exe.lnk

backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Iniciar^Programas^Inicializar^Last.fm Helper.lnk]

path=C:\Documents and Settings\user\Menu Iniciar\Programas\Inicializar\Last.fm Helper.lnk

backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\BitTorrent]

C:\Arquivos de programas\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\BlazeServoTool]

C:\Arquivos de programas\BlazeVideo\BlazeDVD 5 Professional\MediaDetector.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2005-12-10 11:57 133016 C:\Arquivos de programas\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3500 Series]

--a------ 2004-03-03 23:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BL.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 02:41 49152 C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\Ink Monitor]

--------- 2004-05-05 12:54 262210 C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\LClock]

C:\Arquivos de programas\LClock\lclock.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 14:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-09-10 11:19 282624 C:\Arquivos de programas\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]

--------- 2007-10-26 16:04 4354048 C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2006-02-05 03:01 180269 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-05-14 19:22 35328 C:\Arquivos de programas\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"C:\\Arquivos de programas\\DC++\\DCPlusPlus.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\OnGame\\GunboundWC\\GunBound.gme"=

"C:\\mirc\\mirc.exe"=

"C:\\Documents and Settings\\USER\\Dados de aplicativos\\SopCast\\adv\\SopAdver.exe"=

"C:\\Arquivos de programas\\Real\\RealPlayer\\RealPlay.exe"=

"C:\\Arquivos de programas\\BitTornado\\btdownloadgui.exe"=

"C:\\Arquivos de programas\\LevelUpGames\\TheDuel\\theduel.exe"=

"C:\\Arquivos de programas\\Last.fm\\LastFM.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"%windir%\\explorer.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\bmoworld\\BomberMan.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"32422:TCP"= 32422:TCP:Ares Porta

"8080:TCP"= 8080:TCP:@xpsp2res.dll,-22008

R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 08:11]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

S3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 08:11]

S3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys []

S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []

S3 XDva019;XDva019;C:\WINDOWS\system32\XDva019.sys []

S3 XDva074;XDva074;C:\WINDOWS\system32\XDva074.sys []

S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys []

.

Conte£do da pasta 'Tarefas Agendadas'

"2007-02-12 18:08:42 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1163255777.job"

- C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-15 20:47:48

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AutoDial]

"ImagePath"="rasphone -d Conexão Velox"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\InterBaseGuardian]

"ImagePath"="-s\bin\ibguard -s"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\InterBaseServer]

"ImagePath"="-s\bin\ibserver -s"

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\SYSTEM32\SAVEDUMP.EXE

C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\Microsoft SHARED\VS7DEBUG\MDM.EXE

C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZIPM12.EXE

C:\WINDOWS\SYSTEM32\WDFMGR.EXE

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-05-15 20:51:22 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-15 23:51:16

Pre-Run: 117,342,208 bytes disponíveis

Post-Run: 153,583,616 bytes dispon¡veis

230 --- E O F --- 2008-04-25 22:48:10

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::;

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:52:10, on 15/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\user\Desktop\teste.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O23 - Service: Discador automático (AutoDial) - Unknown owner - rasphone.exe (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - -s\bin\ibguard.exe (file missing)

O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - -s\bin\ibserver.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

--

End of file - 4485 bytes

:::::

Obrigado pela atençao!

Compartilhar este post


Link para o post
Compartilhar em outros sites

O Log está limpo.

Clique em Iniciar -> Executar -> digite ou copie: combofix.exe /u -> dê Ok.

Aguarde a desinstalação

Faça download e execute

AVG Anti-Rootkit Free

Poste o resultado.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
O Log está limpo.

Clique em Iniciar -> Executar -> digite ou copie: combofix.exe /u -> dê Ok.

Aguarde a desinstalação

Faça download e execute

AVG Anti-Rootkit Free

Poste o resultado.

Mr.Million, fiz isso que voce indicou, mas quando fui rodar o AVG Anti-Rootkit Free apareceu a mensagem de que ele nao era um aplicativo win32 válido, ou seja, o erro continua.

Passei o combofix, e ao reiniciar o PC apareceu a seguinte msg (link para print screen da msg na foto abaixo:

http://img379.imageshack.us/img379/8128/msgerrotu4.jpg

Essa mesma msg apareceu quando o combofix reiniciou o PC depois daquilo q você me mandou fazer, mas como você pediu um novo log pensei q você podesse observar o isso.

Segue o novo log:

ComboFix 08-05-15.3 - user 2008-05-16 12:04:41.3 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.150 [GMT -3:00]

Executando de: C:\Documents and Settings\user\Desktop\CjF.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\drivers\downld

C:\WINDOWS\system32\drivers\mdelk.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SROSA

((((((((((((((((((((((( Ficheiros criados de 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))

.

2008-05-16 06:12 . 2008-05-16 06:12 <DIR> d--hs---- C:\FOUND.001

2008-05-15 21:29 . 2008-05-15 21:29 <DIR> d-------- C:\CF

2008-05-14 20:31 . 2008-05-14 20:31 <DIR> d--hs---- C:\FOUND.000

2008-05-11 00:04 . 2008-05-11 00:04 <DIR> d-------- C:\Arquivos de programas\Intelore

2008-05-10 13:21 . 2008-05-10 13:21 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-05-10 13:21 . 2008-05-10 13:21 <DIR> d-------- C:\Documents and Settings\user\Configurações locais

2008-05-10 13:21 . 2008-05-10 13:21 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-05-10 13:21 . 2008-05-10 13:21 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-05-10 13:21 . 2008-05-10 13:21 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais

2008-05-10 13:04 . 2008-05-10 13:04 <DIR> d-------- C:\teste1

2008-05-10 00:19 . 2008-05-10 00:19 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-04-30 18:59 . 2008-04-30 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SRS Labs

2008-04-30 18:56 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys

2008-04-30 18:55 . 2008-04-30 18:55 <DIR> d-------- C:\Arquivos de programas\SRS Labs

2008-04-30 18:38 . 2008-04-30 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DFX

2008-04-28 01:49 . 2008-05-13 15:36 38 --a------ C:\WINDOWS\avisplitter.INI

2008-04-25 18:53 . 2008-04-25 18:53 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-04-25 18:53 . 2008-03-21 17:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-04-25 18:53 . 2008-01-10 09:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-04-25 18:53 . 2008-03-31 18:25 682,496 --a------ C:\WINDOWS\system32\divx.dll

2008-04-25 18:53 . 2004-01-25 13:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-04-25 18:53 . 2008-01-10 09:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-04-25 18:53 . 2007-09-20 21:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-04-25 18:53 . 2008-03-21 17:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-04-25 18:53 . 2008-03-28 14:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-04-25 18:53 . 2007-07-10 13:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-04-25 18:53 . 2007-10-03 12:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-04-23 22:09 . 2008-04-23 22:09 <DIR> d-------- C:\Arquivos de programas\SATVOD

2008-04-21 18:43 . 2008-04-21 18:43 <DIR> d--hs---- C:\FOUND.049

2008-04-21 03:28 . 2008-04-21 03:28 <DIR> d-------- C:\Documents and Settings\user\Dados de aplicativos\UnH Solutions

2008-04-16 14:59 . 2008-04-16 14:59 <DIR> d--hs---- C:\FOUND.048

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-16 14:37 69,632 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe

2008-05-16 14:37 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe

2008-04-12 20:46 --------- d-----w C:\Arquivos de programas\Cakewalk

2008-04-07 20:38 --------- d-----w C:\Arquivos de programas\Total Video Converter

2008-04-03 00:40 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE

2008-03-23 20:09 --------- d-----w C:\Arquivos de programas\Activision

2008-03-20 13:50 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\FileZilla

2008-03-20 13:33 --------- d-----w C:\Arquivos de programas\FileZilla FTP Client

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-19 18:38 --------- d-----w C:\Arquivos de programas\SmartFTP Client 2.5 Setup Files

2008-03-18 15:54 --------- d-----w C:\Arquivos de programas\DVD X Studios

2008-03-01 21:32 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 09:00 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-29 08:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2007-08-10 03:59 55,024 ----a-w C:\Documents and Settings\user\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2004-08-04 06:45 25 --sh--w C:\WINDOWS\system32\stroncdigest.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Cmos]

@={8A4DE897-E609-4670-8E8F-B813B8DF31A3}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WebCam Monitor"="" []

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [ ]

"WinLogT"="C:\WINDOWS\WinLogT.exe" [2006-03-30 15:45 500224]

"PCTVOICE"="pctspk.exe" [2001-09-05 23:50 86016 C:\WINDOWS\system32\pctspk.exe]

"Cmaudio"="cmicnfg.cpl" []

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2006-02-05 03:01 180269]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^GetRight.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\GetRight.lnk

backup=C:\WINDOWS\pss\GetRight.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hp psc 1000 series.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\hp psc 1000 series.lnk

backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hpoddt01.exe.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\hpoddt01.exe.lnk

backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Iniciar^Programas^Inicializar^Last.fm Helper.lnk]

path=C:\Documents and Settings\user\Menu Iniciar\Programas\Inicializar\Last.fm Helper.lnk

backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\BitTorrent]

C:\Arquivos de programas\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\BlazeServoTool]

C:\Arquivos de programas\BlazeVideo\BlazeDVD 5 Professional\MediaDetector.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2005-12-10 11:57 133016 C:\Arquivos de programas\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3500 Series]

--a------ 2004-03-03 23:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BL.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 02:41 49152 C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\Ink Monitor]

--------- 2004-05-05 12:54 262210 C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\LClock]

C:\Arquivos de programas\LClock\lclock.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 14:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-09-10 11:19 282624 C:\Arquivos de programas\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]

--------- 2007-10-26 16:04 4354048 C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2006-02-05 03:01 180269 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-05-14 19:22 35328 C:\Arquivos de programas\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"C:\\Arquivos de programas\\DC++\\DCPlusPlus.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\OnGame\\GunboundWC\\GunBound.gme"=

"C:\\mirc\\mirc.exe"=

"C:\\Documents and Settings\\USER\\Dados de aplicativos\\SopCast\\adv\\SopAdver.exe"=

"C:\\Arquivos de programas\\Real\\RealPlayer\\RealPlay.exe"=

"C:\\Arquivos de programas\\BitTornado\\btdownloadgui.exe"=

"C:\\Arquivos de programas\\LevelUpGames\\TheDuel\\theduel.exe"=

"C:\\Arquivos de programas\\Last.fm\\LastFM.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"%windir%\\explorer.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\bmoworld\\BomberMan.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"32422:TCP"= 32422:TCP:Ares Porta

"8080:TCP"= 8080:TCP:@xpsp2res.dll,-22008

R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 08:11]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

S3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 08:11]

S3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys []

S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []

S3 XDva019;XDva019;C:\WINDOWS\system32\XDva019.sys []

S3 XDva074;XDva074;C:\WINDOWS\system32\XDva074.sys []

S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys []

[HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{14196346-04e1-11dd-bcb2-00115b041fb0}]

\Shell\AutoRun\command - G:\nideiect.com

\Shell\explore\Command - G:\nideiect.com

\Shell\open\Command - G:\nideiect.com

.

Conte£do da pasta 'Tarefas Agendadas'

"2007-02-12 18:08:42 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1163255777.job"

- C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-16 12:11:12

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AutoDial]

"ImagePath"="rasphone -d Conexão Velox"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\InterBaseGuardian]

"ImagePath"="-s\bin\ibguard -s"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\InterBaseServer]

"ImagePath"="-s\bin\ibserver -s"

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\SYSTEM32\SAVEDUMP.EXE

C:\DOCUMENTS AND SETTINGS\USER\DADOS DE APLICATIVOS\REAL\UPDATE\SETUP\SETUP.EXE

C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\Microsoft SHARED\VS7DEBUG\MDM.EXE

C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZIPM12.EXE

C:\WINDOWS\SYSTEM32\WDFMGR.EXE

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-05-16 12:14:42 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-16 15:14:36

Pre-Run: 295,731,200 bytes disponíveis

Post-Run: 250,544,128 bytes dispon¡veis

219 --- E O F --- 2008-04-25 22:48:10

::::::::::::::::::::::::::::

Novo HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:17:08, on 16/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\user\Desktop\teste.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O23 - Service: Discador automático (AutoDial) - Unknown owner - rasphone.exe (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - -s\bin\ibguard.exe (file missing)

O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - -s\bin\ibserver.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

--

End of file - 4451 bytes

:::

Aguardo ajuda para a possivel soluçao do problema.

Obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Delete a pasta qoobox que está localizada em C:\, delete também o Log ComboFix.txt também localizado em C:\.

Sugiro que imprima ou salve os procedimentos abaixo, e não use a Internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na Área de Trabalho ( Desktop), com o nome de CFScript.txt.

File::

C:\WINDOWS\WinLogT.exe

G:\nideiect.com

C:\FOUND.001

C:\FOUND.000

C:\FOUND.049

C:\FOUND.048

Registry::

[-HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{14196346-04e1-11dd-bcb2-00115b041fb0}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

WinLogT"=-

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.

Faça um novo Log com o HijackThis em modo normal e poste + o ComboFix.txt.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seguem os novos logs Mr.Million:

COMBOFIX:

ComboFix 08-05-15.3 - user 2008-05-16 14:12:40.4 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.130 [GMT -3:00]

Executando de: C:\Documents and Settings\user\Desktop\CjF.exe

Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\FOUND.000

C:\FOUND.001

C:\FOUND.048

C:\FOUND.049

C:\WINDOWS\WinLogT.exe

G:\nideiect.com

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\WinLogT.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))

.

2008-05-16 06:12 . 2008-05-16 06:12 <DIR> d--hs---- C:\FOUND.001

2008-05-15 21:29 . 2008-05-15 21:29 <DIR> d-------- C:\CF

2008-05-14 20:31 . 2008-05-14 20:31 <DIR> d--hs---- C:\FOUND.000

2008-05-11 00:04 . 2008-05-11 00:04 <DIR> d-------- C:\Arquivos de programas\Intelore

2008-05-10 13:21 . 2008-05-10 13:21 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-05-10 13:21 . 2008-05-10 13:21 <DIR> d-------- C:\Documents and Settings\user\Configuraþ§es locais

2008-05-10 13:21 . 2008-05-10 13:21 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-05-10 13:21 . 2008-05-10 13:21 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-05-10 13:21 . 2008-05-10 13:21 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

2008-05-10 13:04 . 2008-05-10 13:04 <DIR> d-------- C:\teste1

2008-05-10 00:19 . 2008-05-10 00:19 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-04-30 18:59 . 2008-04-30 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SRS Labs

2008-04-30 18:56 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys

2008-04-30 18:56 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys

2008-04-30 18:55 . 2008-04-30 18:55 <DIR> d-------- C:\Arquivos de programas\SRS Labs

2008-04-30 18:38 . 2008-04-30 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DFX

2008-04-28 01:49 . 2008-05-13 15:36 38 --a------ C:\WINDOWS\avisplitter.INI

2008-04-25 18:53 . 2008-04-25 18:53 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-04-25 18:53 . 2008-03-21 17:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-04-25 18:53 . 2008-01-10 09:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-04-25 18:53 . 2008-03-31 18:25 682,496 --a------ C:\WINDOWS\system32\divx.dll

2008-04-25 18:53 . 2004-01-25 13:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-04-25 18:53 . 2008-01-10 09:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-04-25 18:53 . 2007-09-20 21:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-04-25 18:53 . 2008-03-21 17:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-04-25 18:53 . 2008-03-28 14:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-04-25 18:53 . 2007-07-10 13:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-04-25 18:53 . 2007-10-03 12:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-04-23 22:09 . 2008-04-23 22:09 <DIR> d-------- C:\Arquivos de programas\SATVOD

2008-04-21 18:43 . 2008-04-21 18:43 <DIR> d--hs---- C:\FOUND.049

2008-04-21 03:28 . 2008-04-21 03:28 <DIR> d-------- C:\Documents and Settings\user\Dados de aplicativos\UnH Solutions

2008-04-16 14:59 . 2008-04-16 14:59 <DIR> d--hs---- C:\FOUND.048

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-16 14:37 69,632 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe

2008-05-16 14:37 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe

2008-04-12 20:46 --------- d-----w C:\Arquivos de programas\Cakewalk

2008-04-07 20:38 --------- d-----w C:\Arquivos de programas\Total Video Converter

2008-04-03 00:40 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE

2008-03-23 20:09 --------- d-----w C:\Arquivos de programas\Activision

2008-03-20 13:50 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\FileZilla

2008-03-20 13:33 --------- d-----w C:\Arquivos de programas\FileZilla FTP Client

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-19 18:38 --------- d-----w C:\Arquivos de programas\SmartFTP Client 2.5 Setup Files

2008-03-18 15:54 --------- d-----w C:\Arquivos de programas\DVD X Studios

2008-03-01 21:32 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 09:00 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-29 08:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2007-08-10 03:59 55,024 ----a-w C:\Documents and Settings\user\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2004-08-04 06:45 25 --sh--w C:\WINDOWS\system32\stroncdigest.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Cmos]

@={8A4DE897-E609-4670-8E8F-B813B8DF31A3}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:45 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^GetRight.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\GetRight.lnk

backup=C:\WINDOWS\pss\GetRight.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hp psc 1000 series.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\hp psc 1000 series.lnk

backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hpoddt01.exe.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\hpoddt01.exe.lnk

backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Iniciar^Programas^Inicializar^Last.fm Helper.lnk]

path=C:\Documents and Settings\user\Menu Iniciar\Programas\Inicializar\Last.fm Helper.lnk

backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\BitTorrent]

C:\Arquivos de programas\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\BlazeServoTool]

C:\Arquivos de programas\BlazeVideo\BlazeDVD 5 Professional\MediaDetector.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2005-12-10 11:57 133016 C:\Arquivos de programas\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3500 Series]

--a------ 2004-03-03 23:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BL.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 02:41 49152 C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\Ink Monitor]

--------- 2004-05-05 12:54 262210 C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\LClock]

C:\Arquivos de programas\LClock\lclock.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 14:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-09-10 11:19 282624 C:\Arquivos de programas\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]

--------- 2007-10-26 16:04 4354048 C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2006-02-05 03:01 180269 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-05-14 19:22 35328 C:\Arquivos de programas\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"C:\\Arquivos de programas\\DC++\\DCPlusPlus.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\OnGame\\GunboundWC\\GunBound.gme"=

"C:\\mirc\\mirc.exe"=

"C:\\Documents and Settings\\USER\\Dados de aplicativos\\SopCast\\adv\\SopAdver.exe"=

"C:\\Arquivos de programas\\Real\\RealPlayer\\RealPlay.exe"=

"C:\\Arquivos de programas\\BitTornado\\btdownloadgui.exe"=

"C:\\Arquivos de programas\\LevelUpGames\\TheDuel\\theduel.exe"=

"C:\\Arquivos de programas\\Last.fm\\LastFM.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"%windir%\\explorer.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\bmoworld\\BomberMan.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"32422:TCP"= 32422:TCP:Ares Porta

"8080:TCP"= 8080:TCP:@xpsp2res.dll,-22008

R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 08:11]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

S3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 08:11]

S3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys []

S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []

S3 XDva019;XDva019;C:\WINDOWS\system32\XDva019.sys []

S3 XDva074;XDva074;C:\WINDOWS\system32\XDva074.sys []

S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys []

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-02-12 18:08:42 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1163255777.job"

- C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-16 14:15:22

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AutoDial]

"ImagePath"="rasphone -d Conexão Velox"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\InterBaseGuardian]

"ImagePath"="-s\bin\ibguard -s"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\InterBaseServer]

"ImagePath"="-s\bin\ibserver -s"

.

Tempo para conclusão: 2008-05-16 14:16:01

ComboFix-quarantined-files.txt 2008-05-16 17:15:58

Pre-Run: 155,615,232 bytes disponíveis

Post-Run: 144,277,504 bytes disponíveis

201 --- E O F --- 2008-04-25 22:48:10

::::::::::::::::::::::::::::::::::::

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:22:00, on 16/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\user\Desktop\teste.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{96A2116B-A4A4-4DE2-B82F-C693487154E6}: NameServer = 200.165.132.155 200.149.55.142

O23 - Service: Discador automático (AutoDial) - Unknown owner - rasphone.exe (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - -s\bin\ibguard.exe (file missing)

O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - -s\bin\ibserver.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

--

End of file - 4216 bytes

Aguardo resposta, obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Faça um Scan online : Kaspersky Free Online Virus Scanner .

Poste o Relatório

Segue o log do kaspersky online:

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Friday, May 16, 2008 10:15:41 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 16/05/2008

Kaspersky Anti-Virus database records: 779339

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivírus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

Scan Statistics:

Total number of scanned objects: 77848

Number of viruses found: 4

Number of infected objects: 7

Number of suspicious objects: 0

Duration of the scan process: 02:11:59

Infected Object Name / Virus Name / Last Action

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\drivers\sptddrv1.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\user\ntuser.dat Object is locked skipped

C:\Documents and Settings\user\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\Configurações locais\Histórico\History.IE5\MSHist012008051620080517\index.dat Object is locked skipped

C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped

C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Configurações locais\Temp\~DF60B3.tmp Object is locked skipped

C:\Documents and Settings\user\Meus documentos\ceb2006.exe/file001 Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\user\Meus documentos\ceb2006.exe Inno: infected - 1 skipped

C:\Documents and Settings\user\Desktop\Samuel Filho\Instaladores\scoop2004.exe/data0010 Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped

C:\Documents and Settings\user\Desktop\Samuel Filho\Instaladores\scoop2004.exe NSIS: infected - 1 skipped

C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped

C:\Arquivos de programas\BitComet\Downloads\Lost.4x12.Theres_No_Place_Like_Home.HDTV_XviD-FoV.avi.bc! Object is locked skipped

C:\Arquivos de programas\DreMule\incoming\.ZoomPlayer WMV Professional v5.01.rar/Installer-Crack-Keygen.exe Infected: P2P-Worm.Win32.Archivarius.a skipped

C:\Arquivos de programas\DreMule\incoming\.ZoomPlayer WMV Professional v5.01.rar CAB: infected - 1 skipped

C:\System Volume Information\_restore{F6A7E8DA-DC80-4D5C-81D4-F60B5ECA429E}\RP2\change.log Object is locked skipped

C:\mirc\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped

Scan process completed.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Limpe a Restauração do Sistema, criando um Ponto de Restauração do Sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR/ Propiedades/ Restauração do Sistema/ marque Desativar Restauração do Sistema/ Aplicar > OK.

Depois desmarque novamente. Aplicar > OK.

Faça um Scan online : BitDefender

Clique em BitDefender = Scan OnLine =.

Clique em I Agree.

Aceite a instalação do ActiveX .

Poste o Relatório.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

BitDefender Online Scanner Scan report generated at: Sat, May 17, 2008 - 14:44:08 Scan path: A:\;C:\;D:\;E:\;F:\; Statistics Time 01:42:19 Files 198473 Folders 6754 Boot Sectors 2 Archives 2182 Packed Files 10090 Results Identified Viruses 4 Infected Files 7 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 7 Engines Info Virus Definitions 1194985 Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36) Scan plugins 16 Archive plugins 42 Unpack plugins 7 E-mail plugins 6 System plugins 5 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File

Status

C:\Documents and Settings\user\Meus documentos\ceb2006.exe=>(Instyler o)=>(Instyler Module 159) Detected with: Application.Irc.Flood.Tool.E C:\Documents and Settings\user\Meus documentos\ceb2006.exe=>(Instyler o)=>(Instyler Module 159) Disinfection failed C:\Documents and Settings\user\Meus documentos\ceb2006.exe=>(Instyler o)=>(Instyler Module 159) Deleted C:\Documents and Settings\user\Meus documentos\ceb2006.exe=>(Instyler o) Update failed C:\Documents and Settings\user\Desktop\Samuel Filho\Instaladores\scoop2004.exe=>(NSIS o)=>zlib_nsis0009 Infected with: Backdoor.Mircbased.X C:\Documents and Settings\user\Desktop\Samuel Filho\Instaladores\scoop2004.exe=>(NSIS o)=>zlib_nsis0009 Deleted C:\Documents and Settings\user\Desktop\Samuel Filho\Instaladores\scoop2004.exe=>(NSIS o) Update failed C:\Arquivos de programas\DreMule\incoming\.ZoomPlayer WMV Professional v5.01.rar=>Installer-Crack-Keygen.exe Infected with: Worm.P2P.Agent.N C:\Arquivos de programas\DreMule\incoming\.ZoomPlayer WMV Professional v5.01.rar=>Installer-Crack-Keygen.exe Deleted C:\Arquivos de programas\DreMule\incoming\.ZoomPlayer WMV Professional v5.01.rar Update failed C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0005 Detected with: Adware.CDN.E C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0005 Deleted C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o) Update failed C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0006 Detected with: Adware.CDN.E C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0006 Deleted C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o) Update failed C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0007 Detected with: Adware.CDN.E C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0007 Deleted C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o) Update failed C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0009 Detected with: Adware.CDN.E C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o)=>lzma_solid_nsis0009 Deleted C:\Program Files\CNNIC\Cdn\cdn_pack.exe=>(NSIS o) Update failedHijackThis atual (n sei se pode ser util para algo, mas ta aí) =]Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:21:49, on 17/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\Arquivos de programas\Windows Media Player\wmplayer.exeC:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\Arquivos de programas\Guitar Pro 5\GP5.exeC:\Documents and Settings\user\Desktop\teste.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.aspO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{96A2116B-A4A4-4DE2-B82F-C693487154E6}: NameServer = 200.165.132.155 200.149.55.142O23 - Service: Discador automático (AutoDial) - Unknown owner - rasphone.exe (file missing)O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXEO23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - -s\bin\ibguard.exe (file missing)O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - -s\bin\ibserver.exe (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE--End of file - 4659 bytesHijackThis atualizado:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:21:49, on 17/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\Arquivos de programas\Windows Media Player\wmplayer.exeC:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\Arquivos de programas\Guitar Pro 5\GP5.exeC:\Documents and Settings\user\Desktop\teste.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.aspO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{96A2116B-A4A4-4DE2-B82F-C693487154E6}: NameServer = 200.165.132.155 200.149.55.142O23 - Service: Discador automático (AutoDial) - Unknown owner - rasphone.exe (file missing)O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXEO23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - -s\bin\ibguard.exe (file missing)O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - -s\bin\ibserver.exe (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE--End of file - 4659 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Entre para seguir isso  

×