Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
jeavalto

Hacktool.Rootkit, srosa.sys , Bifrosse, packed.generic.99 - help!!!

Recommended Posts

Gente

Por favor veja se podem me ajudar?

Hacktool.Rootkit, srosa.sys, Bifrosse, packed.generic.99

Estas pragas entrarm em minha máquina, travaram meu Antivirus e meu antispayware, o micro ficou lento, não consigo trabalhar. Tentei usar o combofix...mas nos outros lugares que procurei a ajuda ninguém me explicou...o combofix não rolou, a máquina reeniciou, como faço para deletar o comfix e reinstala-lo para tentar tirar esta pragas?

:wacko:

Obrigado

Jeavalto

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Pessoal segue meu log feito pelo hijack

    Logfile of HijackThis v1.99.1

    Scan saved at 17:53, on 2008-05-23

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Unable to get Internet Explorer version!

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

    C:\WINDOWS\system32\crypserv.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    C:\Arquivos de programas\uTorrent\uTorrent.exe

    C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE

    C:\WINDOWS\system32\notepad.exe

    C:\WINDOWS\ServicePackFiles\i386\iexplore.exe

    C:\Arquivos de programas\DreMule\emule.exe

    C:\WINDOWS\ServicePackFiles\i386\iexplore.exe

    C:\ARQUIV~1\DAP\DAP.EXE

    C:\downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.shareazaweb.com/sidebar.html?src=ssb

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

    R3 - Default URLSearchHook is missing

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Arquivos de programas\eread7.0\IEeREAD.dll (file missing)

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARQUIV~1\SPYWAR~1\tools\iesdsg.dll (file missing)

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll (file missing)

    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe

    O4 - HKLM\..\Run: [Win Sync montr] winsyncupx.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [TrojanScanner] C:\Arquivos de programas\Trojan Remover\Trjscan.exe

    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

    O4 - HKLM\..\Run: [Power Scan] C:\Arquivos de programas\Power Scan\powerscan.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [Emurayden PSX Emulator] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon.exe -AutoStart

    O4 - HKLM\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

    O4 - HKLM\..\RunServices: [Win Sync montr] winsyncupx.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe

    O4 - HKCU\..\Run: [WhenUSave] "C:\Arquivos de programas\Save\Save.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares Galaxy P2P Plus\Ares.exe" -h

    O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Startup: Atalho para xampp-control.lnk = C:\xampp\xampp-control.exe

    O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Speed Agenda.lnk = C:\Speedagenda\SpeedAgenda.exe

    O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

    O8 - Extra context menu item: Download &all with DAP - C:\ARQUIV~1\DAP\dapextie2.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - C:\Arquivos de programas\WinSysClean 2008 Trial\UDManager\UDManager.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BCL Technologies\easyPDF 5\bepldr.exe

    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Faça o download do ComboFix (Quando salvar renomeie o programa para Combo-Fix.exe

    É importante que o salve no seu desktop (ambiente de trabalho)

    • Feche todas as janelas e programas.
    • Dê um duplo-clique no combofix.exe, marque 1 e dê o enter.
    • É um pouco demorado, por favor seja paciente.
    • Quando a ferramenta terminar de rodar, gerará um log. Poste o arquivo C:\ComboFix.txt.
    • Faça também um novo log do HijackThis para colocar na sua resposta.

    Atenção: Não clique com o mouse enquanto a ferramenta estiver rodando, isso pode fazer com que o PC pare.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 08-05-21.3 - Jeovan 2008-05-24 22:29:06.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.352 [GMT -3:00]

    Executando de: C:\Documents and Settings\Jeovan\Desktop\Combo-Fix.exe

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Arquivos de programas\Google\googletoolbar1.dll

    C:\Arquivos de programas\inetget2

    C:\Arquivos de programas\ipwindows

    C:\Arquivos de programas\myglobalsearch

    C:\Arquivos de programas\MyWay

    C:\Arquivos de programas\MyWay\myBar\1.bin\MYBAR.DLL

    C:\Arquivos de programas\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL

    C:\WINDOWS\system32\Cache

    C:\WINDOWS\system32\drivers\downld

    C:\WINDOWS\system32\drivers\downld\1039546.exe

    C:\WINDOWS\system32\drivers\downld\1148546.exe

    C:\WINDOWS\system32\drivers\downld\1243906.exe

    C:\WINDOWS\system32\drivers\downld\1260250.exe

    C:\WINDOWS\system32\drivers\downld\1282359.exe

    C:\WINDOWS\system32\drivers\downld\1308437.exe

    C:\WINDOWS\system32\drivers\downld\1324656.exe

    C:\WINDOWS\system32\drivers\downld\1422125.exe

    C:\WINDOWS\system32\drivers\downld\1430953.exe

    C:\WINDOWS\system32\drivers\downld\1528843.exe

    C:\WINDOWS\system32\drivers\downld\1819328.exe

    C:\WINDOWS\system32\drivers\downld\1972671.exe

    C:\WINDOWS\system32\drivers\downld\2123171.exe

    C:\WINDOWS\system32\drivers\downld\256765.exe

    C:\WINDOWS\system32\drivers\downld\260078.exe

    C:\WINDOWS\system32\drivers\downld\266671.exe

    C:\WINDOWS\system32\drivers\downld\271906.exe

    C:\WINDOWS\system32\drivers\downld\285109.exe

    C:\WINDOWS\system32\drivers\downld\285562.exe

    C:\WINDOWS\system32\drivers\downld\292468.exe

    C:\WINDOWS\system32\drivers\downld\305015.exe

    C:\WINDOWS\system32\drivers\downld\305546.exe

    C:\WINDOWS\system32\drivers\downld\311968.exe

    C:\WINDOWS\system32\drivers\downld\317468.exe

    C:\WINDOWS\system32\drivers\downld\326765.exe

    C:\WINDOWS\system32\drivers\downld\329609.exe

    C:\WINDOWS\system32\drivers\downld\337171.exe

    C:\WINDOWS\system32\drivers\downld\337890.exe

    C:\WINDOWS\system32\drivers\downld\345500.exe

    C:\WINDOWS\system32\drivers\downld\346328.exe

    C:\WINDOWS\system32\drivers\downld\346875.exe

    C:\WINDOWS\system32\drivers\downld\364015.exe

    C:\WINDOWS\system32\drivers\downld\366453.exe

    C:\WINDOWS\system32\drivers\downld\377781.exe

    C:\WINDOWS\system32\drivers\downld\377796.exe

    C:\WINDOWS\system32\drivers\downld\391375.exe

    C:\WINDOWS\system32\drivers\downld\405406.exe

    C:\WINDOWS\system32\drivers\downld\405546.exe

    C:\WINDOWS\system32\drivers\downld\420953.exe

    C:\WINDOWS\system32\drivers\downld\422171.exe

    C:\WINDOWS\system32\drivers\downld\422218.exe

    C:\WINDOWS\system32\drivers\downld\444156.exe

    C:\WINDOWS\system32\drivers\downld\450500.exe

    C:\WINDOWS\system32\drivers\downld\474109.exe

    C:\WINDOWS\system32\drivers\downld\474250.exe

    C:\WINDOWS\system32\drivers\downld\479203.exe

    C:\WINDOWS\system32\drivers\downld\486171.exe

    C:\WINDOWS\system32\drivers\downld\489718.exe

    C:\WINDOWS\system32\drivers\downld\499859.exe

    C:\WINDOWS\system32\drivers\downld\508281.exe

    C:\WINDOWS\system32\drivers\downld\512218.exe

    C:\WINDOWS\system32\drivers\downld\544906.exe

    C:\WINDOWS\system32\drivers\downld\561062.exe

    C:\WINDOWS\system32\drivers\downld\577734.exe

    C:\WINDOWS\system32\drivers\downld\585921.exe

    C:\WINDOWS\system32\drivers\downld\596578.exe

    C:\WINDOWS\system32\drivers\downld\598421.exe

    C:\WINDOWS\system32\drivers\downld\621062.exe

    C:\WINDOWS\system32\drivers\downld\642234.exe

    C:\WINDOWS\system32\drivers\downld\648140.exe

    C:\WINDOWS\system32\drivers\downld\648187.exe

    C:\WINDOWS\system32\drivers\downld\649734.exe

    C:\WINDOWS\system32\drivers\downld\660406.exe

    C:\WINDOWS\system32\drivers\downld\676093.exe

    C:\WINDOWS\system32\drivers\downld\682484.exe

    C:\WINDOWS\system32\drivers\downld\703468.exe

    C:\WINDOWS\system32\drivers\downld\711140.exe

    C:\WINDOWS\system32\drivers\downld\713343.exe

    C:\WINDOWS\system32\drivers\downld\728296.exe

    C:\WINDOWS\system32\drivers\downld\738171.exe

    C:\WINDOWS\system32\drivers\downld\743359.exe

    C:\WINDOWS\system32\drivers\downld\760328.exe

    C:\WINDOWS\system32\drivers\downld\816078.exe

    C:\WINDOWS\system32\drivers\downld\830875.exe

    C:\WINDOWS\system32\drivers\downld\845343.exe

    C:\WINDOWS\system32\drivers\downld\864531.exe

    C:\WINDOWS\system32\drivers\downld\894750.exe

    C:\WINDOWS\system32\drivers\downld\902546.exe

    C:\WINDOWS\system32\drivers\downld\925734.exe

    C:\WINDOWS\system32\drivers\downld\926359.exe

    C:\WINDOWS\system32\drivers\downld\941890.exe

    C:\WINDOWS\system32\drivers\downld\970906.exe

    C:\WINDOWS\system32\drivers\downld\974296.exe

    C:\WINDOWS\system32\drivers\downld\992593.exe

    C:\WINDOWS\system32\drivers\hldrrr.exe

    C:\WINDOWS\system32\drivers\mdelk.exe

    C:\WINDOWS\system32\oledb32.dll

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Service_srosa

    ((((((((((((((((((((((( Ficheiros criados de 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))))

    .

    2008-05-24 22:39 . 2008-05-24 22:39 <DIR> d-------- C:\WINDOWS\system32\drivers\downld

    2008-05-24 00:57 . 2008-05-22 11:25 <DIR> d-------- C:\Arquivos de programas\Direct MIDI to MP3 Converter

    2008-05-23 22:24 . 2008-05-23 22:30 <DIR> d-------- C:\Arquivos de programas\ISDecisions

    2008-05-23 15:34 . 2008-05-23 15:34 <DIR> d-------- C:\Documents and Settings\Jeovan\Dados de aplicativos\Simply Super Software

    2008-05-23 15:34 . 2008-05-23 15:34 <DIR> d-------- C:\Documents and Settings\Jeovan\Dados de aplicativos\PC Tools

    2008-05-23 15:34 . 2008-05-23 15:35 <DIR> d-------- C:\Arquivos de programas\Astyle CSS editor

    2008-05-23 13:33 . 2008-05-23 13:33 <DIR> d-------- C:\Arquivos de programas\real

    2008-05-23 13:33 . 2008-05-23 15:47 <DIR> d-------- C:\Arquivos de programas\eread7.0

    2008-05-22 22:28 . 2008-05-23 17:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn

    2008-05-22 22:28 . 2008-05-22 22:29 1,409 --a------ C:\WINDOWS\QTFont.for

    2008-05-22 11:26 . 2008-05-22 11:26 <DIR> d-------- C:\WINDOWS\system32\Logfiles

    2008-05-14 18:58 . 2008-05-14 18:58 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db

    2008-05-12 12:58 . 2008-05-23 15:34 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

    2008-05-12 12:58 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

    2008-05-12 12:58 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

    2008-05-12 12:58 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

    2008-05-12 12:58 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

    2008-05-11 11:05 . 2008-05-11 11:05 2,887,680 --a------ C:\WINDOWS\system32\VagalumePluginWMP.dll

    2008-05-07 18:43 . 2008-05-23 17:09 <DIR> d-------- C:\SUD_IGREJA

    2008-04-29 22:40 . 2008-04-29 22:40 <DIR> d-------- C:\Documents and Settings\Jeovan\Dados de aplicativos\Nitro PDF

    2008-04-29 22:35 . 2008-04-29 22:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\BCL Technologies

    2008-04-29 22:34 . 2008-04-29 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nitro PDF

    2008-04-29 22:34 . 2008-04-29 22:34 <DIR> d-------- C:\Arquivos de programas\Nitro PDF

    2008-04-29 19:03 . 2008-04-29 19:08 <DIR> d-------- C:\Arquivos de programas\VirtualDJ

    2008-04-25 13:15 . 2008-04-25 13:15 <DIR> d--hs---- C:\WINDOWS\ftpcache

    2008-04-25 13:15 . 2008-04-25 13:15 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX

    2008-04-25 12:16 . 2008-04-25 12:16 <DIR> d-------- C:\Viper Racing

    .

    ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-05-25 01:38 --------- d-----w C:\Arquivos de programas\Symantec AntiVirus

    2008-05-25 01:30 --------- d-----w C:\Arquivos de programas\Google

    2008-05-25 01:05 --------- d-----w C:\Arquivos de programas\DreMule

    2008-05-24 13:36 --------- d-----w C:\Arquivos de programas\Trojan Remover

    2008-05-23 18:34 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

    2008-05-23 18:34 --------- d-----w C:\Arquivos de programas\Orkut Lite

    2008-05-23 18:13 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    2008-05-23 01:28 --------- d-----w C:\Arquivos de programas\QuickTime

    2008-05-22 14:26 --------- d-----w C:\Documents and Settings\Jeovan\Dados de aplicativos\uTorrent

    2008-05-17 01:50 --------- d-----w C:\Arquivos de programas\Rockstar Games

    2008-05-08 20:17 --------- d-----w C:\Documents and Settings\Jeovan\Dados de aplicativos\Skype

    2008-05-02 20:35 --------- d-----w C:\Arquivos de programas\Babylon

    2008-04-23 04:08 --------- d-----w C:\Arquivos de programas\MadCars_at

    2008-04-22 14:52 --------- d-----w C:\Arquivos de programas\Gercli

    2008-04-03 19:45 --------- d-----w C:\Arquivos de programas\WinUHA

    2008-04-03 00:33 291,968 ----a-w C:\Documents and Settings\Jeovan\Dados de aplicativos\GDIPFONTCACHEV1.DAT

    2008-03-30 16:24 --------- d--h--w C:\Documents and Settings\All Users\Dados de aplicativos\{004D2F01-7C4F-4B48-AB03-8679ED5D1F61}

    2008-03-30 16:24 --------- d-----w C:\Arquivos de programas\WinSysClean 2008 Trial

    2006-06-14 02:15 104 --sh--r C:\WINDOWS\system32\436C017DF3.sys

    2006-06-14 02:15 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]

    C:\Arquivos de programas\eread7.0\IEeREAD.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2004-02-29 16:44 66680]

    "vptray"="C:\ARQUIV~1\SYMANT~1\VPTray.exe" [2004-09-17 06:01 708608]

    "Win Sync montr"="winsyncupx.exe" []

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

    "NaturalPoint"="" []

    "ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]

    "GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

    "ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]

    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 15:16 5562368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    "Win Sync montr"="winsyncupx.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:45 15360]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

    Acrobat Assistant.lnk - C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-04-07 00:42:52 217190]

    Adobe Gamma Loader.exe.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

    Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableLUA"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoStartMenuPinnedList"= 0 (0x0)

    "NoStartMenuMFUprogramsList"= 0 (0x0)

    "NoUserNameInStartMenu"= 0 (0x0)

    "NoStartMenuSubFolders"= 0 (0x0)

    "NoCommonGroups"= 0 (0x0)

    "NoPrinterTabs"= 0 (0x0)

    "NoDeletePrinter"= 0 (0x0)

    "NoAddPrinter"= 0 (0x0)

    "NoPrinters"= 0 (0x0)

    "NoFavoritesMenu"= 0 (0x0)

    "NoToolbarCustomize"= 0 (0x0)

    "NoRecentDocsNetHood"= 0 (0x0)

    "NoChangeAnimation"= 0 (0x0)

    "NoChangeKeyboardNavigationIndicators"= 0 (0x0)

    "NoLogoff"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "msacm.l3codec"= L3codecp.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Acrobat Assistant.lnk]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Acrobat Assistant.lnk

    backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.exe.lnk]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.exe.lnk

    backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Photosmart Premier.lnk]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Inicialização rápida do HP Photosmart Premier.lnk

    backup=C:\WINDOWS\pss\Inicialização rápida do HP Photosmart Premier.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^InterVideo WinCinema Manager.lnk]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\InterVideo WinCinema Manager.lnk

    backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Speed Agenda.lnk]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Speed Agenda.lnk

    backup=C:\WINDOWS\pss\Speed Agenda.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Jeovan^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

    path=C:\Documents and Settings\Jeovan\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Jeovan^Menu Iniciar^Programas^Inicializar^Atalho para xampp-control.lnk]

    path=C:\Documents and Settings\Jeovan\Menu Iniciar\Programas\Inicializar\Atalho para xampp-control.lnk

    backup=C:\WINDOWS\pss\Atalho para xampp-control.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Jeovan^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

    path=C:\Documents and Settings\Jeovan\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

    backup=C:\WINDOWS\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

    C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

    C:\Arquivos de programas\Ares Galaxy P2P Plus\Ares.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

    C:\Arquivos de programas\Babylon\Babylon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

    --a------ 2003-10-02 01:20 81920 C:\Arquivos de programas\D-Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]

    C:\WINDOWS\system32\drivers\hldrrr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Emurayden PSX Emulator]

    --a------ 2007-04-09 09:23 200704 C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

    --a------ 2006-02-19 01:41 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    ---hs---- 2004-10-13 13:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

    --a------ 2005-04-01 15:16 86016 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

    --a------ 2005-04-01 15:16 1495040 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan]

    C:\Arquivos de programas\Power Scan\powerscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

    --a------ 2007-04-09 09:23 200704 C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    --a------ 2008-05-22 22:28 413696 C:\Arquivos de programas\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

    --a------ 2007-09-17 17:53 483408 C:\Arquivos de programas\Trojan Remover\Trjscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

    C:\Arquivos de programas\Save\Save.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusDisableNotify"=dword:00000001

    "UpdatesDisableNotify"=dword:00000001

    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\Arquivos de programas\\Macromedia\\Flash MX\\Flash.exe"=

    "C:\\Arquivos de programas\\Electric Rain\\Swift 3D\\Version 4.00\\Program\\Swift3D.exe"=

    "C:\\Arquivos de programas\\Macromedia\\Fireworks MX\\Fireworks.exe"=

    "C:\\Arquivos de programas\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=

    "C:\\Arquivos de programas\\DAP\\DAP.exe"=

    "C:\\Arquivos de programas\\Crystal FTP Pro\\crystalftp.exe"=

    "C:\\Arquivos de programas\\ABC\\abc.exe"=

    "C:\\Arquivos de programas\\HarD4ce\\SuDiX\\SuDiX.exe"=

    "C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

    "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "80:TCP"= 80:TCP:HTTP

    R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 02:16]

    R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 13:37]

    S2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe [2007-02-23 13:58]

    S3 bepldr;BCL easyPDF SDK 5 Loader;"C:\Arquivos de programas\Arquivos comuns\BCL Technologies\easyPDF 5\bepldr.exe" [2007-02-21 17:26]

    S3 I2m_ama;I2m_ama;C:\WINDOWS\system32\drivers\nvapu.sys [2002-04-11 14:42]

    S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2006-06-02 12:14]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fe9c9ca-bff0-11d3-a145-00e01876d8e8}]

    \Shell\AutoRun\command - nideiect.com

    \Shell\explore\Command - nideiect.com

    \Shell\open\Command - nideiect.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{883cb230-0b19-11dd-a43e-00e01876d8e8}]

    \Shell\AutoRun\command - I:\nideiect.com

    \Shell\explore\Command - I:\nideiect.com

    \Shell\open\Command - I:\nideiect.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c50fccc0-fb76-11d9-9d3d-00e01876d8e8}]

    \Shell\AutoRun\command - F:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed885fab-25af-11dd-a47c-00e01876d8e8}]

    \Shell\AutoRun\command - I:\nideiect.com

    \Shell\explore\Command - I:\nideiect.com

    \Shell\open\Command - I:\nideiect.com

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{20063EB9-64D3-53D3-3AEB-E740124D7590}]

    C:\WINDOWS\wmp\wmp.exe s

    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-05-24 22:39:09

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializ*veis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    ------------------------ Other Running Processes ------------------------

    .

    C:\WINDOWS\system32\drivers\CDANTSRV.EXE

    C:\WINDOWS\system32\Crypserv.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\imapi.exe

    .

    **************************************************************************

    .

    Tempo para conclusÆo: 2008-05-24 22:52:33 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-05-25 01:52:21

    Pre-Run: 4,851,204,096 bytes disponíveis

    Post-Run: 4,760,576,000 bytes dispon¡veis

    345

    Logfile of HijackThis v1.99.1

    Scan saved at 22:57:55, on 24/5/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Unable to get Internet Explorer version!

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

    C:\WINDOWS\system32\crypserv.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

    C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\notepad.exe

    C:\WINDOWS\ServicePackFiles\i386\iexplore.exe

    C:\HIJACK\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Arquivos de programas\eread7.0\IEeREAD.dll (file missing)

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARQUIV~1\SPYWAR~1\tools\iesdsg.dll (file missing)

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll (file missing)

    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe

    O4 - HKLM\..\Run: [Win Sync montr] winsyncupx.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\RunServices: [Win Sync montr] winsyncupx.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

    O8 - Extra context menu item: Download &all with DAP - C:\ARQUIV~1\DAP\dapextie2.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - C:\Arquivos de programas\WinSysClean 2008 Trial\UDManager\UDManager.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BCL Technologies\easyPDF 5\bepldr.exe

    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

    Obrigado, fico aguardando novas orientações

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Faça o download do SDFix:

    http://linhadefensiva.uol.com.br/dl/sdfix

    Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix)

    Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

    1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
    2. Tecle Y para que a ferramenta inicie o processo de remoção
    3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
    4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
    5. Uma janela com o relatório do SDFix irá aparecer.
    6. Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • SDFix: Version 1.185

    Run by Jeovan on dom 25/05/2008 at 23:51

    Microsoft Windows XP [versÆo 5.1.2600]

    Running From: C:\SDFix

    Checking Services :

    Restoring Windows Registry Values

    Restoring Windows Default Hosts File

    Rebooting

    Checking Files :

    No Trojan Files Found

    Removing Temp Files

    ADS Check :

    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-05-26 00:14:50

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

    "s1"=dword:14f19b1a

    "s2"=dword:232d3ee3

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]

    "ujdew"=hex:20,02,00,00,d4,f8,4d,09,11,d9,92,bc,44,49,c0,93,06,04,b4,21,94,..

    "ljej40"=hex:6e,8f,f9,8e,fb,15,d6,e7,13,58,a3,55,00,6f,e1,7b,e8,48,5a,b0,fa,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]

    "DisplayName"="Alcohol 120%"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1742A07E-013D-9FE0-0FBF-AE4B18FAEE56}]

    "fadcmhcfcmbp"=hex:68,61,6a,6d,6a,64,66,70,69,70,65,6b,70,61,6d,66,00,ef

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2944B895-C553-0460-290B-AE6422492CFF}]

    "oalnphnjekcieoielhpkpljneboado"=hex:64,61,6c,68,70,6a,65,63,00,60

    "oapmhibapmchahdlcmncfiaofohldm"=hex:6a,61,6c,68,6b,6a,6c,61,67,62,63,6f,66,6e,69,6b,62,6f,6f,61,00,..

    "nafmjoaflmogikoinnobdmnhojea"=hex:6a,61,6c,68,6b,6a,6c,61,67,62,63,6f,66,6e,69,6b,62,6f,6f,61,00,..

    "eahmhnhphf"=hex:6c,61,6e,6c,64,69,69,6a,6f,6c,62,64,6c,62,6b,6a,63,6d,67,64,6f,..

    "camndo"=hex:6b,62,6e,68,69,69,6c,70,6e,66,6d,6c,63,6a,65,67,6f,67,64,6c,6b,..

    scanning hidden files ...

    scan completed successfully

    hidden processes: 0

    hidden services: 0

    hidden files: 0

    Remaining Services :

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "C:\\Arquivos de programas\\Macromedia\\Flash MX\\Flash.exe"="C:\\Arquivos de programas\\Macromedia\\Flash MX\\Flash.exe:*:Disabled:Flash 6.0 r25"

    "C:\\Arquivos de programas\\Electric Rain\\Swift 3D\\Version 4.00\\Program\\Swift3D.exe"="C:\\Arquivos de programas\\Electric Rain\\Swift 3D\\Version 4.00\\Program\\Swift3D.exe:*:Enabled:Swift 3D"

    "C:\\Arquivos de programas\\Macromedia\\Fireworks MX\\Fireworks.exe"="C:\\Arquivos de programas\\Macromedia\\Fireworks MX\\Fireworks.exe:*:Enabled:Fireworks MX"

    "C:\\Arquivos de programas\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"="C:\\Arquivos de programas\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe:*:Enabled:Dreamweaver MX"

    "C:\\Arquivos de programas\\DAP\\DAP.exe"="C:\\Arquivos de programas\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus"

    "C:\\Arquivos de programas\\Crystal FTP Pro\\crystalftp.exe"="C:\\Arquivos de programas\\Crystal FTP Pro\\crystalftp.exe:*:Enabled:crystalftp"

    "C:\\Arquivos de programas\\ABC\\abc.exe"="C:\\Arquivos de programas\\ABC\\abc.exe:*:Enabled:abc"

    "C:\\Arquivos de programas\\HarD4ce\\SuDiX\\SuDiX.exe"="C:\\Arquivos de programas\\HarD4ce\\SuDiX\\SuDiX.exe:*:Enabled:SuDiX Core (Subtitle Editor)"

    "C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="C:\\Arquivos de programas\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

    "C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

    "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

    "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

    "C:\\Arquivos de programas\\DreMule\\emule.exe"="C:\\Arquivos de programas\\DreMule\\emule.exe:*:Enabled:Dreamule"

    "C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Brazilian\\setup.exe"="C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Brazilian\\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "C:\\Arquivos de programas\\MSN Messenger\\msncall.exe"="C:\\Arquivos de programas\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

    "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

    "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files :

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"

    Tue 13 Jun 2006 104 ..SHR --- "C:\WINDOWS\system32\436C017DF3.sys"

    Tue 13 Jun 2006 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

    Thu 12 May 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

    Thu 15 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

    Fri 10 Nov 2006 20 A..H. --- "C:\Documents and Settings\Jeovan\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv1lic.bak"

    Finished!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Por gentileza, execute novamente o ComboFix e poste um novo log para análise.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×