Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
killer_joe

Vírus no pc (ajudem por favor)

Recommended Posts

Olá amigos...

O meu problema é o seguinte:

Estou co mum vírus no pc, e gostava que me ajudassem a resolver o problema rapidamente...

m anexo envio o ComboFix.txt e hijackthis.log

-------------------------------------------------------

ComboFix.txt

ComboFix 08-06-01.6 - César Cardoso 2008-06-03 15:04:42.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.2070.18.879 [GMT 1:00]

Executando de: C:\Users\César Cardoso\Desktop\HijackThis\34657521.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))

.

2008-06-03 11:25 . 2008-06-03 11:50 96,966 --a------ C:\Windows\System32\drivers\klin.dat

2008-06-03 11:25 . 2008-06-03 11:50 88,774 --a------ C:\Windows\System32\drivers\klick.dat

2008-06-03 11:10 . 2008-06-03 14:56 <DIR> d-------- C:\Users\All Users\Kaspersky Lab

2008-06-03 11:10 . 2008-06-03 14:56 <DIR> d-------- C:\ProgramData\Kaspersky Lab

2008-06-03 11:10 . 2008-06-03 11:10 <DIR> d-------- C:\Program Files\Kaspersky Lab

2008-06-03 11:10 . 2008-06-03 15:13 23,080,992 --ahs---- C:\Windows\System32\drivers\fidbox.dat

2008-06-03 11:10 . 2008-06-03 14:52 303,680 --ahs---- C:\Windows\System32\drivers\fidbox.idx

2008-05-31 20:17 . 2008-05-31 20:17 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-05-29 20:09 . 2008-05-29 20:09 <DIR> d-------- C:\PerfLogs

2008-05-29 19:32 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll

2008-05-29 19:31 . 2008-01-19 08:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr

2008-05-29 19:30 . 2008-01-19 08:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll

2008-05-29 19:29 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL

2008-05-29 19:28 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll

2008-05-29 19:28 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll

2008-05-29 19:28 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll

2008-05-29 19:27 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll

2008-05-29 19:27 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe

2008-05-29 19:26 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll

2008-05-29 19:25 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll

2008-05-29 19:25 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll

2008-05-29 19:25 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

2008-05-23 12:20 . 2008-05-23 12:20 <DIR> d-------- C:\Users\César Cardoso\AppData\Roaming\Mozilla

2008-05-23 12:20 . 2008-05-23 12:20 0 --a------ C:\Windows\nsreg.dat

2008-05-13 11:39 . 2008-02-28 13:26 1,414,440 --a------ C:\Windows\System32\ShellManager310E2D762.dll

2008-05-13 11:39 . 2008-02-28 13:01 774,144 --a------ C:\Windows\System32\NEROINSTAEC43759.DB

2008-05-13 11:38 . 2008-05-13 11:38 0 --a------ C:\Windows\Irremote.ini

2008-05-05 10:01 . 2008-05-05 10:01 202,353,092 --a------ C:\Windows\MEMORY.DMP

2008-05-03 23:52 . 2008-05-03 23:52 <DIR> d-------- C:\Program Files\eMule

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-03 14:13 2,621,440 --sha-w C:\Users\César Cardoso\NTUSER.DAT

2008-06-03 14:13 2,621,440 --sha-w C:\Users\César Cardoso\NTUSER.DAT

2008-06-03 13:18 --------- d-----w C:\ProgramData\Avira

2008-06-03 10:51 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys

2008-05-30 18:30 45,056 ----a-w C:\Windows\System32\acovcnt.exe

2008-05-30 10:50 174 --sha-w C:\Program Files\desktop.ini

2008-05-29 19:12 --------- d-----w C:\Program Files\Windows Sidebar

2008-05-29 19:12 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-05-29 19:12 --------- d-----w C:\Program Files\Windows Mail

2008-05-29 19:12 --------- d-----w C:\Program Files\Windows Journal

2008-05-29 19:12 --------- d-----w C:\Program Files\Windows Defender

2008-05-29 19:12 --------- d-----w C:\Program Files\Windows Collaboration

2008-05-29 19:12 --------- d-----w C:\Program Files\Windows Calendar

2008-05-29 18:51 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-05-29 18:51 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-05-23 11:20 --------- d-----w C:\Users\César Cardoso\AppData\Roaming\Mozilla

2008-05-20 11:28 --------- d-s---w C:\Users\César Cardoso\AppData\Roaming\Microsoft

2008-05-15 10:13 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-13 10:39 --------- d-----w C:\ProgramData\Nero

2008-05-13 10:39 --------- d-----w C:\Program Files\Common Files\Nero

2008-05-03 22:53 --------- d-----w C:\ProgramData\eMule

2008-05-02 22:03 --------- d-----w C:\Program Files\Apple Software Update

2008-04-24 13:19 --------- d-----w C:\Users\César Cardoso\AppData\Roaming\Nero

2008-04-20 14:31 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-20 14:31 --------- d-----w C:\Program Files\Roland

2008-04-20 14:30 --------- d-----w C:\Program Files\PowerTracks DirectX Plugins

2008-04-14 11:19 --------- d-----w C:\Program Files\Common Files\Adobe

2008-04-10 12:11 988,216 ----a-w C:\Windows\System32\winload.exe

2008-04-10 12:11 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-04-10 12:11 615,992 ----a-w C:\Windows\System32\ci.dll

2008-04-10 12:11 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-04-10 12:11 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-04-10 12:11 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-04-10 12:11 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-04-10 12:11 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-04-10 12:11 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-04-10 12:11 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-04-10 12:10 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-04-10 12:09 295,936 ----a-w C:\Windows\System32\gdi32.dll

2008-04-10 12:04 --------- d-----w C:\Users\César Cardoso\AppData\Roaming\eMule

2008-04-10 11:55 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-04-10 11:49 --------- d-----w C:\Users\César Cardoso\AppData\Roaming\Adobe

2008-04-10 11:35 --------- d-----w C:\Users\César Cardoso\AppData\Roaming\DivX

2008-04-10 11:29 --------- d-----w C:\Program Files\DivX

2008-04-10 11:28 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-04-10 10:22 --------- d-----w C:\Program Files\iTunes

2008-04-10 10:22 --------- d-----w C:\Program Files\iPod

2008-04-10 10:19 --------- d-----w C:\Program Files\QuickTime

2008-04-10 10:14 --------- d-----w C:\Program Files\Windows Live

2008-04-10 10:05 --------- d-----w C:\ProgramData\WLInstaller

2008-04-08 10:58 --------- d-----w C:\ProgramData\Symantec

2008-04-08 10:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-08 10:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-04-08 10:12 --------- d-----w C:\Program Files\Symantec

2008-04-08 10:01 --------- d-----w C:\Users\César Cardoso\AppData\Roaming\Macrovision

2008-04-07 17:57 --------- d-----w C:\ProgramData\Macrovision

2008-04-07 17:57 --------- d-----w C:\Program Files\Vodafone

2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll

2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll

2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll

2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll

2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll

2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe

2008-03-24 18:37 604 ---ha-w C:\Program Files\STLL Notifier

2008-03-23 23:44 606,848 ----a-w C:\Windows\flashax.exe

2008-03-23 23:44 503,808 ----a-w C:\Windows\Asus_Camera_ScreenSaver.scr

2008-03-23 23:44 4,499,453 ----a-w C:\Windows\ASUS Camera ScreenSaver.exe

2008-03-23 23:44 37,232 ----a-w C:\Windows\ASScrProlog.exe

2008-03-23 23:44 33,136 ----a-w C:\Windows\ASScrPro.exe

2008-03-23 23:44 274,800 ----a-w C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe

2008-03-23 23:44 12,288 ----a-w C:\Windows\impborl.dll

2008-03-23 23:33 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-03-23 23:33 315,392 ----a-w C:\Windows\HideWin.exe

2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe

2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll

2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll

2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll

2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll

2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll

2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll

2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll

2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll

2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll

2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll

2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll

2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll

.

------- Sigcheck -------

.

((((((((((((((((((((((((((((( snapshot@2008-06-03_14.49.18,85 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-03 13:18:43 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-06-03 13:53:24 67,584 --s-a-w C:\Windows\bootstat.dat

- 2008-06-03 13:18:45 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-06-03 13:53:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-06-03 13:18:45 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-06-03 13:53:27 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-06-03 13:20:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-06-03 13:55:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2008-06-03 13:20:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-06-03 13:55:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2008-06-03 13:25:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-06-03 13:56:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-06-03 13:25:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-06-03 13:56:08 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-06-03 13:25:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-06-03 13:56:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-06-03 13:22:10 8,056 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1296259446-3784009860-3008530567-1000_UserData.bin

+ 2008-06-03 13:56:26 8,132 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1296259446-3784009860-3008530567-1000_UserData.bin

- 2008-06-03 13:22:08 65,816 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-06-03 13:56:25 65,982 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-06-03 13:21:56 40,970 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-06-03 13:56:12 41,290 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 20:35 90112]

"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 15:41 222128]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"VMCL"="C:\Program Files\vodafone\vmclite\DongleEnumerator.exe" [2007-10-17 13:07 131072]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 18:07 4390912 C:\Windows\RtHDVCpl.exe]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 14:32 630784]

"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 16:27 61440]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 14:27 815104]

"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2006-12-12 23:06 106496]

"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-03-24 00:44 37232]

"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-03-24 00:44 33136]

"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-06-26 18:10 778240]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{71ECBA15-4F4F-404B-8711-FE2740D5CA70}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{CADAEFC9-E5B5-494B-AACF-5A99623938A9}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{80D2A991-8E8C-4F94-9C79-E92D93EB70BB}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{51562EF0-066F-4968-AF5F-17E1A3430B24}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{45592F88-AC8E-4D11-93B2-C3AF1127D1BD}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{670793B1-22BA-4EE2-86B3-938330CDDE7D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{3D050BBC-BD8B-4568-A958-208ADE016E71}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{9BB02EB7-38F2-401C-B19E-59890FBF435D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{503CFB85-3133-4FF0-B858-D41A6819679B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{27D28123-E7B2-45ED-972E-EC444AFDBFFE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"TCP Query User{0A533C2C-1BE6-4594-B97C-67060F639870}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{92165041-933E-41DC-ACBF-6714CA359A93}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"{3EC57ED9-8F42-45C0-9BA9-A8B05CDB01C4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{6968B506-EA26-4403-9B3B-B70637BA6F35}C:\\users\\césar cardoso\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\h3uwuaml\\installer-70703-19en-nero-burning-rom-english[1].exe"= UDP:C:\users\césar cardoso\appdata\local\microsoft\windows\temporary internet files\content.ie5\h3uwuaml\installer-70703-19en-nero-burning-rom-english[1].exe:installer-70703-19en-nero-burning-rom-english[1].exe

"UDP Query User{F90549DB-A2B4-4E6E-8086-ACEC5F1BCF7F}C:\\users\\césar cardoso\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\h3uwuaml\\installer-70703-19en-nero-burning-rom-english[1].exe"= TCP:C:\users\césar cardoso\appdata\local\microsoft\windows\temporary internet files\content.ie5\h3uwuaml\installer-70703-19en-nero-burning-rom-english[1].exe:installer-70703-19en-nero-burning-rom-english[1].exe

"TCP Query User{D6BAED55-9AE9-45AC-B555-7E4F79897CE2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{F5417F3B-30E4-490B-8B1E-0D55C9029819}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]

R2 RVIEG01;VSC Engine;C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [2001-04-13 19:16]

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-04-19 07:42]

R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\l260x86.sys [2007-08-17 15:01]

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-03-01 02:04]

R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 16:09]

R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 02:18]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-06-06 11:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\shell\AutoRun\command - H:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f346966-04cb-11dd-8c19-001e8c28c118}]

\shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f346979-04cb-11dd-8c19-001e8c28c118}]

\shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f346980-04cb-11dd-8c19-001e8c28c118}]

\shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f346982-04cb-11dd-8c19-001e8c28c118}]

\shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78fc729a-0552-11dd-aaa2-001e8c28c118}]

\shell\AutoRun\command - H:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78fc72a7-0552-11dd-aaa2-001e8c28c118}]

\shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-03 15:13:38

Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

C:\Windows\System32\Ati2evxx.exe [10484] 0x8426E998

C:\Windows\System32\Ati2evxx.exe [10448] 0x840FED90

C:\Windows\System32\Ati2evxx.exe [10536] 0x83F58D90

C:\Windows\System32\Ati2evxx.exe [10356] 0x840C0368

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-06-03 15:15:19

ComboFix-quarantined-files.txt 2008-06-03 14:15:07

ComboFix2.txt 2008-06-03 13:50:57

Pre-Run: 22,696,296,448 bytes livres

Post-Run: 22,657,036,288 bytes livres

264 --- E O F --- 2008-06-02 17:53:47

--------------------------------------------------------------------------

hijackthis.log

Logfile of HijackThis v1.99.1

Scan saved at 14:28:48, on 03-06-2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\ASUSTPE.exe

C:\Windows\ASScrPro.exe

C:\Program Files\PowerForPhone\PowerForPhone.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Windows\ehome\ehmsas.exe

G:\PhoneConnectorVMC.exe

C:\Program Files\vodafone\vmclite\vmc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\PrevxCSI\prevxcsi.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Users\César Cardoso\Desktop\HijackThis\HijackThis.exe

Muito obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe e execute BankerFix & ComboFix, que parte de seus problemas serão resolvidos.

Também utilize o Ad-aware personal edition http://superdownloads.com.br/download/83/ad-aware/ atualize e faça um arrastão.

Download ComboFix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe (Obs. Depois do download siga as instruções do link abaixo)

http://forum.clubedohardware.com.br/tr-crypt-xpack/533940?p=2788885

Download BankerFix

http://linhadefensiva.uol.com.br/dl/bankerfix

Depois poste novamente o resultado do Hijack.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Muito Obrigado.. Então vou fazer isso.. Mas eu ja tinha utilizado o ComboFix..

    Achas que tenho algum malware por esse log que mandei?

    Abraço

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×