Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
samuenjr

Conexão com a internet interrompida do nada!

Recommended Posts

Bom galera

to com um problemão

uso internet Oi Velox e quando estou conectado, do nada paro de receber pacotes de dados e a conexão é encerrada...

já liguei pra operadora, fiz todos os procedimentos solicitados, testei todos os hardwares e tudo está ok... isso me leva a crer que algum malware está fazendo isso em minha máquina

abaixo, segue o log do hijackthis para analise...

desde já agradeço pela ajuda

Logfile of HijackThis v1.99.1

Scan saved at 20:34:30, on 22/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\TrayMon.exe

C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Hijackthis\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [smartSync - ScheduleSync] C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LightDialer] C:\Arquivos de programas\Velox\Discador\DISCADOR.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162933096718

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{90B17189-4C99-40A8-9495-5EDE5402D596}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: MySql - Unknown owner - c:/mysql/bin/mysqld-nt.exe (file missing)

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

adiciono ainda um fato estranho que acabou de acontecer:

tentando assistir um video no dominio globoesporte.com, recebi um erro que dizia

"Acesso internacional" O conteúdo a seguir é protegido e pode ser assistido somente em território nacional, o que me leva a crer que algo está modificando minhas informações de localização...

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Agradeço pela ajuda josemelo!

Saiba desde já que admiro sua iniciativa de ajudar os outros e pretendo um dia me tornar um profissional de segurança da informação tão competente quanto você!

Abaixo segue o log do combofix:

ComboFix 08-03-22.3 - Samuel 2008-03-23 5:47:32.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.187 [GMT -3:00]

Executando de: C:\Documents and Settings\Samuel\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

-- Other TimeOuts --

VFind -td "C:\WINDOWS\system32\baiso*"

CF4540.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\* >Windir.dat"

VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\*

CF4540.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Arquivos de programas\*" >progfile.dat"

VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Arquivos de programas\*"

CF4540.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

pv -kf -l"* pid.bat *"

CF4540.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\* >Windir.dat"

VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\*

CF4540.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Arquivos de programas\*" >progfile.dat"

VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Arquivos de programas\*"

CF4540.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"

GREP -i "C:\\Arquivos de programas\\[^\\]*\\[^\\]*$"

VFind -tf -s282624 "C:\Arquivos de programas\????????*[0-9].dll"

CF4540.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Arquivos de programas\*" >progfile.dat"

VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Arquivos de programas\*"

CF4540.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\_000005_.tmp.dll

C:\WINDOWS\system32\commandx32.dll

C:\WINDOWS\system32\dados32x.dll

C:\WINDOWS\system32\hfd67x.dll

C:\WINDOWS\system32\newdog32xy.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))

.

2008-03-20 12:01 . 2008-03-20 12:01 65,537 --a------ C:\WINDOWS\system32\log32xy.dll

2008-03-17 08:37 . 1998-06-24 00:00 166,200 --a------ C:\WINDOWS\system32\MSMASK32.OCX

2008-03-17 08:37 . 2008-03-17 08:37 145,920 --a------ C:\WINDOWS\system32\xky9052.exe

2008-03-17 08:37 . 2008-03-17 08:37 145,920 --a------ C:\WINDOWS\system32\sgu3033.exe

2008-03-17 08:37 . 2008-03-17 08:37 145,920 --a------ C:\WINDOWS\system32\qva2266.exe

2008-03-17 08:37 . 2008-03-17 08:37 145,920 --a------ C:\WINDOWS\system32\dea344.exe

2008-03-17 08:37 . 2008-03-04 09:44 16,781 --a------ C:\WINDOWS\system32\tok32x.dll

2008-03-16 02:31 . 2008-03-16 02:31 <DIR> d-------- C:\Arquivos de programas\Marcos Velasco Security

2008-03-02 02:40 . 2008-03-02 02:40 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-23 06:45 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-23 06:03 --------- d-----w C:\Documents and Settings\Samuel\Dados de aplicativos\AVG7

2008-03-23 04:11 --------- d-----w C:\Arquivos de programas\CyberScript31

2008-03-22 06:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-03-22 01:51 --------- d-----w C:\Arquivos de programas\Azureus

2008-03-22 01:50 --------- d-----w C:\Documents and Settings\Samuel\Dados de aplicativos\Azureus

2008-03-21 21:48 --------- d-----w C:\Arquivos de programas\TibiaBot NG

2008-03-21 03:23 --------- d-----w C:\Arquivos de programas\Java

2008-03-17 11:16 1,491,968 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp

2008-03-03 04:34 2,471,424 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp

2008-03-03 04:34 1,474,560 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp

2008-03-02 22:00 --------- d-----w C:\Documents and Settings\Samuel\Dados de aplicativos\LimeWire

2008-02-25 06:11 2,782,208 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp

2008-02-24 02:02 --------- d-----w C:\Arquivos de programas\Warcraft III

2008-02-17 22:04 34,264 ----a-w C:\Documents and Settings\Samuel\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-02-11 20:53 2,927,104 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp

2008-02-11 13:18 615,936 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp

2008-02-10 03:12 --------- d-----w C:\Arquivos de programas\MSECache

2008-02-06 18:26 2,245,632 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp

2008-02-06 18:26 1,441,792 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp

2008-02-06 05:52 --------- d-----w C:\Arquivos de programas\Tecla Certa 5.0

2008-02-06 05:47 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-02-06 05:47 253,952 ------w C:\WINDOWS\Setup1.exe

2008-01-27 20:44 --------- d-----w C:\Arquivos de programas\Real Alternative

2008-01-04 12:54 18,717,341 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_03_13_23_58_full.dmp.zip

2007-12-31 14:13 15,135,282 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_30_10_10_08_full.dmp.zip

2007-12-30 12:10 84,992 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp

2007-12-30 12:10 1,405,440 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp

2007-12-26 12:27 18,693,514 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_25_06_00_24_full.dmp.zip

2007-12-21 15:00 17,578,704 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_18_21_49_47_full.dmp.zip

2007-12-18 23:49 619,520 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp

2007-12-18 02:26 2,758,437 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_18_00_25_23_full.dmp.zip

2007-12-18 02:25 369,664 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp

2007-12-17 17:44 18,774,040 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_17_15_42_03_full.dmp.zip

2007-12-17 11:56 2,987,520 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp

2007-12-17 11:56 1,390,592 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp

2007-12-01 16:45 1,370,624 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp

2007-11-29 17:08 425,472 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp

2007-11-29 17:08 1,358,848 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp

2007-11-24 07:27 3,030,528 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp

2007-11-24 07:27 1,350,656 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp

2007-11-15 21:10 429,412 ----a-w C:\Arquivos de programas\Hijackthis.rar

2007-10-17 15:31 2,892,288 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp

2007-10-17 15:31 1,305,600 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp

2007-10-16 20:26 2,891,264 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp

2007-10-16 20:26 1,304,576 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp

2007-10-04 19:20 1,288,192 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp

2007-09-30 02:03 1,285,120 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp

2007-09-10 18:49 2,665,495 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2007-08-30 18:46 2,938,368 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp

2007-08-30 18:46 1,254,912 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp

2007-08-16 18:07 2,699,776 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp

2007-08-16 18:07 1,233,408 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp

2007-07-26 13:23 1,915,392 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp

2007-07-26 13:23 1,287,680 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp

2007-07-26 13:22 1,287,680 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp

2007-07-12 22:47 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\VYAAUFMZPWPP.SYS

2007-06-28 17:07 339,456 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp

2007-06-24 02:05 92,064 ----a-w C:\Documents and Settings\Samuel\mqdmmdm.sys

2007-06-24 02:05 9,232 ----a-w C:\Documents and Settings\Samuel\mqdmmdfl.sys

2007-06-24 02:05 79,328 ----a-w C:\Documents and Settings\Samuel\mqdmserd.sys

2007-06-24 02:05 66,656 ----a-w C:\Documents and Settings\Samuel\mqdmbus.sys

2007-06-24 02:05 6,208 ----a-w C:\Documents and Settings\Samuel\mqdmcmnt.sys

2007-06-24 02:05 5,936 ----a-w C:\Documents and Settings\Samuel\mqdmwhnt.sys

2007-06-24 02:05 4,048 ----a-w C:\Documents and Settings\Samuel\mqdmcr.sys

2007-06-24 02:05 25,600 ----a-w C:\Documents and Settings\Samuel\usbsermptxp.sys

2007-06-24 02:05 22,768 ----a-w C:\Documents and Settings\Samuel\usbsermpt.sys

2007-06-17 14:14 52,224 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp

2007-06-17 14:14 1,238,528 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp

2007-06-16 15:51 348,160 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp

2007-06-07 13:24 1,443,328 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp

2007-05-26 15:58 3,043,328 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp

2007-05-26 15:58 1,589,760 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp

2007-05-26 15:57 1,589,760 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp

2007-05-02 18:44 1,556,480 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp

2007-04-29 02:11 1,550,336 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp

2007-04-25 16:51 1,541,120 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp

2007-04-04 17:57 3,049,984 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp

2007-04-04 17:57 1,515,520 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp

2007-03-15 18:35 1,490,944 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp

2007-03-14 16:28 1,489,920 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp

2007-03-14 15:49 1,489,408 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp

2007-03-12 18:10 1,487,360 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp

2007-03-08 17:57 1,484,288 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp

2007-03-02 14:51 1,475,584 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp

2007-02-17 22:03 1,457,664 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp

2007-02-15 18:25 1,440,256 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp

2007-02-08 14:55 1,418,752 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp

2007-01-21 13:06 1,386,496 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2006-12-27 20:47 113,206 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_27_16_51_18_small.dmp.zip

2006-12-27 18:24 112,093 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_27_13_06_38_small.dmp.zip

2006-12-26 16:11 114,203 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_26_12_13_14_small.dmp.zip

2006-12-18 17:12 114,099 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_18_13_41_21_small.dmp.zip

.

------- Sigcheck -------

2001-10-28 15:07 12800 979f27f95f9a60ad6292b803aee12de5 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

2004-08-04 00:45 14336 5de3e7b6f7624552f2f06664f110820d C:\WINDOWS\ServicePackFiles\i386\svchost.exe

2004-08-04 00:45 14336 5de3e7b6f7624552f2f06664f110820d C:\WINDOWS\system32\svchost.exe

2001-10-28 15:07 75264 4a95e7320199ec0e3a695494f140c69f C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

2004-08-04 00:45 82944 a5163442377d3c305bbff612f80047d7 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll

2004-08-04 00:45 82944 a5163442377d3c305bbff612f80047d7 C:\WINDOWS\system32\ws2_32.dll

2001-10-28 15:07 432128 4bbd085f3684a4dbebc7c291bd3d9f94 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\system32\winlogon.exe

2001-10-28 15:07 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19 5728112]

"LightDialer"="C:\Arquivos de programas\Velox\Discador\DISCADOR.EXE" [2005-03-18 09:11 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-31 06:22 4616192]

"nwiz"="nwiz.exe" [2003-07-31 06:22 323584 C:\WINDOWS\system32\nwiz.exe]

"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 10:40 49152]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 07:08 172032]

"MULTIMEDIA KEYBOARD"="C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-06-19 09:50 180224]

"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 07:50 155648]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"UnlockerAssistant"="C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-11-11 17:38 282624]

"Zone Labs Client"="C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 22:38 968696]

"SmartSync - ScheduleSync"="C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" [2006-08-31 08:41 45056]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-05-14 19:22 35328]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-03-22 03:34 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-03-22 03:16 219136]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-20 14:21:17 113664]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

Monitor Apache Servers.lnk - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2007-01-09 23:20:44 41041]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\WINDOWS\\system32\\xky9052.exe"=

"C:\\WINDOWS\\system32\\dea344.exe"=

"C:\\WINDOWS\\system32\\sgu3033.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"18238:TCP"= 18238:TCP:NortonAV

"14888:TCP"= 14888:TCP:NortonAV

"12333:TCP"= 12333:TCP:NortonAV

"12727:TCP"= 12727:TCP:NortonAV

"16959:TCP"= 16959:TCP:NortonAV

"6201:TCP"= 6201:TCP:npx32

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02]

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-08-11 21:40]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys []

S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]

S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2004-10-07 14:37]

S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys []

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-23 05:51:56

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]

"ImagePath"="c:/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]

"ImagePath"="c:/mysql/bin/mysqld-nt.exe"

.

Tempo para conclusão: 2008-03-23 5:53:51

ComboFix-quarantined-files.txt 2008-03-23 08:53:36

.

2008-03-16 06:40:38 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

File::
C:\WINDOWS\system32\log32xy.dll
C:\WINDOWS\system32\xky9052.exe
C:\WINDOWS\system32\sgu3033.exe
C:\WINDOWS\system32\qva2266.exe
C:\WINDOWS\system32\dea344.exe
C:\WINDOWS\system32\tok32x.dll

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-03-22.3 - Samuel 2008-03-23 20:46:47.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.244 [GMT -3:00]

Executando de: F:\Ferramentas de Remoção de Malware\ComboFix.exe

Command switches used :: F:\Ferramentas de Remoção de Malware\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

-- Other TimeOuts --

VFind -td "C:\WINDOWS\system32\baiso*"

CF16927.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\* >Windir.dat"

VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\*

CF16927.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Arquivos de programas\*" >progfile.dat"

VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Arquivos de programas\*"

CF16927.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"

GREP -i "C:\\Arquivos de programas\\[^\\]*\\[^\\]*$"

VFind -tf -s282624 "C:\Arquivos de programas\????????*[0-9].dll"

CF16927.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Arquivos de programas\*" >progfile.dat"

VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Arquivos de programas\*"

CF16927.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

pv -kf -l"* pid.bat *"

CF16927.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Arquivos de programas\*" >progfile.dat"

VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Arquivos de programas\*"

CF16927.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((( Ficheiros criados de 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))

.

2008-03-20 12:01 . 2008-03-20 12:01 65,537 --a------ C:\WINDOWS\system32\log32xy.dll

2008-03-17 08:37 . 1998-06-24 00:00 166,200 --a------ C:\WINDOWS\system32\MSMASK32.OCX

2008-03-17 08:37 . 2008-03-17 08:37 145,920 --a------ C:\WINDOWS\system32\xky9052.exe

2008-03-17 08:37 . 2008-03-17 08:37 145,920 --a------ C:\WINDOWS\system32\sgu3033.exe

2008-03-17 08:37 . 2008-03-17 08:37 145,920 --a------ C:\WINDOWS\system32\qva2266.exe

2008-03-17 08:37 . 2008-03-17 08:37 145,920 --a------ C:\WINDOWS\system32\dea344.exe

2008-03-17 08:37 . 2008-03-04 09:44 16,781 --a------ C:\WINDOWS\system32\tok32x.dll

2008-03-16 02:31 . 2008-03-23 13:02 <DIR> d-------- C:\Arquivos de programas\Marcos Velasco Security

2008-03-02 02:40 . 2008-03-02 02:40 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-23 18:49 --------- d-----w C:\Arquivos de programas\Warcraft III

2008-03-23 16:06 --------- d-----w C:\Documents and Settings\Samuel\Dados de aplicativos\AVG7

2008-03-23 06:45 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-23 04:11 --------- d-----w C:\Arquivos de programas\CyberScript31

2008-03-22 06:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-03-22 01:51 --------- d-----w C:\Arquivos de programas\Azureus

2008-03-22 01:50 --------- d-----w C:\Documents and Settings\Samuel\Dados de aplicativos\Azureus

2008-03-21 21:48 --------- d-----w C:\Arquivos de programas\TibiaBot NG

2008-03-21 03:23 --------- d-----w C:\Arquivos de programas\Java

2008-03-17 11:16 1,491,968 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp

2008-03-03 04:34 2,471,424 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp

2008-03-03 04:34 1,474,560 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp

2008-03-02 22:00 --------- d-----w C:\Documents and Settings\Samuel\Dados de aplicativos\LimeWire

2008-02-25 06:11 2,782,208 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp

2008-02-17 22:04 34,264 ----a-w C:\Documents and Settings\Samuel\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-02-11 20:53 2,927,104 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp

2008-02-11 13:18 615,936 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp

2008-02-10 03:12 --------- d-----w C:\Arquivos de programas\MSECache

2008-02-06 18:26 2,245,632 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp

2008-02-06 18:26 1,441,792 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp

2008-02-06 05:47 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-02-06 05:47 253,952 ------w C:\WINDOWS\Setup1.exe

2008-01-27 20:44 --------- d-----w C:\Arquivos de programas\Real Alternative

2008-01-04 12:54 18,717,341 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_03_13_23_58_full.dmp.zip

2007-12-31 14:13 15,135,282 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_30_10_10_08_full.dmp.zip

2007-12-30 12:10 84,992 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp

2007-12-30 12:10 1,405,440 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp

2007-12-26 12:27 18,693,514 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_25_06_00_24_full.dmp.zip

2007-12-21 15:00 17,578,704 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_18_21_49_47_full.dmp.zip

2007-12-18 23:49 619,520 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp

2007-12-18 02:26 2,758,437 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_18_00_25_23_full.dmp.zip

2007-12-18 02:25 369,664 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp

2007-12-17 17:44 18,774,040 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_17_15_42_03_full.dmp.zip

2007-12-17 11:56 2,987,520 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp

2007-12-17 11:56 1,390,592 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp

2007-12-01 16:45 1,370,624 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp

2007-11-29 17:08 425,472 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp

2007-11-29 17:08 1,358,848 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp

2007-11-24 07:27 3,030,528 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp

2007-11-24 07:27 1,350,656 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp

2007-10-17 15:31 2,892,288 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp

2007-10-17 15:31 1,305,600 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp

2007-10-16 20:26 2,891,264 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp

2007-10-16 20:26 1,304,576 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp

2007-10-04 19:20 1,288,192 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp

2007-09-30 02:03 1,285,120 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp

2007-09-10 18:49 2,665,495 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2007-08-30 18:46 2,938,368 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp

2007-08-30 18:46 1,254,912 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp

2007-08-16 18:07 2,699,776 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp

2007-08-16 18:07 1,233,408 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp

2007-07-26 13:23 1,915,392 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp

2007-07-26 13:23 1,287,680 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp

2007-07-26 13:22 1,287,680 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp

2007-07-12 22:47 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\VYAAUFMZPWPP.SYS

2007-06-28 17:07 339,456 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp

2007-06-24 02:05 92,064 ----a-w C:\Documents and Settings\Samuel\mqdmmdm.sys

2007-06-24 02:05 9,232 ----a-w C:\Documents and Settings\Samuel\mqdmmdfl.sys

2007-06-24 02:05 79,328 ----a-w C:\Documents and Settings\Samuel\mqdmserd.sys

2007-06-24 02:05 66,656 ----a-w C:\Documents and Settings\Samuel\mqdmbus.sys

2007-06-24 02:05 6,208 ----a-w C:\Documents and Settings\Samuel\mqdmcmnt.sys

2007-06-24 02:05 5,936 ----a-w C:\Documents and Settings\Samuel\mqdmwhnt.sys

2007-06-24 02:05 4,048 ----a-w C:\Documents and Settings\Samuel\mqdmcr.sys

2007-06-24 02:05 25,600 ----a-w C:\Documents and Settings\Samuel\usbsermptxp.sys

2007-06-24 02:05 22,768 ----a-w C:\Documents and Settings\Samuel\usbsermpt.sys

2007-06-17 14:14 52,224 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp

2007-06-17 14:14 1,238,528 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp

2007-06-16 15:51 348,160 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp

2007-06-07 13:24 1,443,328 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp

2007-05-26 15:58 3,043,328 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp

2007-05-26 15:58 1,589,760 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp

2007-05-26 15:57 1,589,760 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp

2007-05-02 18:44 1,556,480 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp

2007-04-29 02:11 1,550,336 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp

2007-04-25 16:51 1,541,120 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp

2007-04-04 17:57 3,049,984 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp

2007-04-04 17:57 1,515,520 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp

2007-03-15 18:35 1,490,944 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp

2007-03-14 16:28 1,489,920 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp

2007-03-14 15:49 1,489,408 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp

2007-03-12 18:10 1,487,360 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp

2007-03-08 17:57 1,484,288 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp

2007-03-02 14:51 1,475,584 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp

2007-02-17 22:03 1,457,664 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp

2007-02-15 18:25 1,440,256 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp

2007-02-08 14:55 1,418,752 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp

2007-01-21 13:06 1,386,496 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2006-12-27 20:47 113,206 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_27_16_51_18_small.dmp.zip

2006-12-27 18:24 112,093 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_27_13_06_38_small.dmp.zip

2006-12-26 16:11 114,203 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_26_12_13_14_small.dmp.zip

2006-12-18 17:12 114,099 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_18_13_41_21_small.dmp.zip

.

------- Sigcheck -------

2001-10-28 15:07 12800 979f27f95f9a60ad6292b803aee12de5 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

2004-08-04 00:45 14336 5de3e7b6f7624552f2f06664f110820d C:\WINDOWS\ServicePackFiles\i386\svchost.exe

2004-08-04 00:45 14336 5de3e7b6f7624552f2f06664f110820d C:\WINDOWS\system32\svchost.exe

2001-10-28 15:07 75264 4a95e7320199ec0e3a695494f140c69f C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

2004-08-04 00:45 82944 a5163442377d3c305bbff612f80047d7 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll

2004-08-04 00:45 82944 a5163442377d3c305bbff612f80047d7 C:\WINDOWS\system32\ws2_32.dll

2001-10-28 15:07 432128 4bbd085f3684a4dbebc7c291bd3d9f94 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\system32\winlogon.exe

2001-10-28 15:07 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19 5728112]

"LightDialer"="C:\Arquivos de programas\Velox\Discador\DISCADOR.EXE" [2005-03-18 09:11 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-31 06:22 4616192]

"nwiz"="nwiz.exe" [2003-07-31 06:22 323584 C:\WINDOWS\system32\nwiz.exe]

"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 10:40 49152]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 07:08 172032]

"MULTIMEDIA KEYBOARD"="C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-06-19 09:50 180224]

"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 07:50 155648]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"UnlockerAssistant"="C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-11-11 17:38 282624]

"Zone Labs Client"="C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 22:38 968696]

"SmartSync - ScheduleSync"="C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" [2006-08-31 08:41 45056]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-05-14 19:22 35328]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-03-22 03:34 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-03-22 03:16 219136]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-20 14:21:17 113664]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

Monitor Apache Servers.lnk - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2007-01-09 23:20:44 41041]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\WINDOWS\\system32\\xky9052.exe"=

"C:\\WINDOWS\\system32\\dea344.exe"=

"C:\\WINDOWS\\system32\\sgu3033.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"18238:TCP"= 18238:TCP:NortonAV

"14888:TCP"= 14888:TCP:NortonAV

"12333:TCP"= 12333:TCP:NortonAV

"12727:TCP"= 12727:TCP:NortonAV

"16959:TCP"= 16959:TCP:NortonAV

"6201:TCP"= 6201:TCP:npx32

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02]

R2 nhksrv;Netropa NHK Server;C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 05:41]

R2 SQLWriter;Escritor VSS do SQL Server;"c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-08-11 21:40]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys []

S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]

S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2004-10-07 14:37]

S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys []

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-23 20:52:02

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]

"ImagePath"="c:/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]

"ImagePath"="c:/mysql/bin/mysqld-nt.exe"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Arquivos de programas\Unlocker\UnlockerHook.dll

.

Tempo para conclusão: 2008-03-23 20:55:00

ComboFix-quarantined-files.txt 2008-03-23 23:54:51

ComboFix2.txt 2008-03-23 08:53:52

.

2008-03-16 06:40:38 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 21:30:17, on 23/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\TrayMon.exe

C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Hijackthis\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [smartSync - ScheduleSync] C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LightDialer] C:\Arquivos de programas\Velox\Discador\DISCADOR.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\ocean technology\gg e-sports platform\gfilter.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\ocean technology\gg e-sports platform\gfilter.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\ocean technology\gg e-sports platform\gfilter.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162933096718

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{90B17189-4C99-40A8-9495-5EDE5402D596}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: MySql - Unknown owner - c:/mysql/bin/mysqld-nt.exe (file missing)

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
Executando de: F:\Ferramentas de Remoção de Malware\ComboFix.exe

Command switches used :: F:\Ferramentas de Remoção de Malware\CFScript.txt

Mova o ComboFix e o CFScript para o desktop em C:\ e repitao procedimento.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Peço desculpa pela demora na resposta, pois estava fora de casa essa semana...

eis o log do combofix, gerado a partir da execução na area de trabalho

ComboFix 08-03-22.3 - Samuel 2008-03-29 18:06:15.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.192 [GMT -3:00]

Executando de: C:\Documents and Settings\Samuel\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Samuel\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\WINDOWS\system32\dea344.exe

C:\WINDOWS\system32\log32xy.dll

C:\WINDOWS\system32\qva2266.exe

C:\WINDOWS\system32\sgu3033.exe

C:\WINDOWS\system32\tok32x.dll

C:\WINDOWS\system32\xky9052.exe

.

-- Other TimeOuts --

Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"

GREP -i "C:\\Arquivos de programas\\[^\\]*\\[^\\]*$"

VFind -tf -s282624 "C:\Arquivos de programas\????????*[0-9].dll"

CF7224.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-28 "C:\Arquivos de programas\*" >progfile.dat"

VFind.exe -ltf -s-1000000 -d+2007-12-28 "C:\Arquivos de programas\*"

CF7224.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\dea344.exe

C:\WINDOWS\system32\log32xy.dll

C:\WINDOWS\system32\qva2266.exe

C:\WINDOWS\system32\sgu3033.exe

C:\WINDOWS\system32\tok32x.dll

C:\WINDOWS\system32\xky9052.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))))

.

2008-03-24 09:39 . 2008-03-24 09:40 <DIR> d-------- C:\Recnet

2008-03-24 09:39 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

2008-03-24 09:39 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

2008-03-24 09:39 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

2008-03-24 09:39 . 2008-03-24 09:39 127 --a------ C:\WINDOWS\REC-NET.INI

2008-03-24 08:38 . 2008-03-24 08:38 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-03-17 08:37 . 1998-06-24 00:00 166,200 --a------ C:\WINDOWS\system32\MSMASK32.OCX

2008-03-16 02:31 . 2008-03-23 13:02 <DIR> d-------- C:\Arquivos de programas\Marcos Velasco Security

2008-03-02 02:40 . 2008-03-02 02:40 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-24 11:00 --------- d-----w C:\Documents and Settings\Samuel\Dados de aplicativos\AVG7

2008-03-24 03:27 --------- d-----w C:\Arquivos de programas\Warcraft III

2008-03-23 06:45 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-23 04:11 --------- d-----w C:\Arquivos de programas\CyberScript31

2008-03-22 06:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-03-22 01:51 --------- d-----w C:\Arquivos de programas\Azureus

2008-03-22 01:50 --------- d-----w C:\Documents and Settings\Samuel\Dados de aplicativos\Azureus

2008-03-21 21:48 --------- d-----w C:\Arquivos de programas\TibiaBot NG

2008-03-21 03:23 --------- d-----w C:\Arquivos de programas\Java

2008-03-17 11:16 1,491,968 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp

2008-03-03 04:34 2,471,424 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp

2008-03-03 04:34 1,474,560 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp

2008-03-02 22:00 --------- d-----w C:\Documents and Settings\Samuel\Dados de aplicativos\LimeWire

2008-02-25 06:11 2,782,208 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp

2008-02-17 22:04 34,264 ----a-w C:\Documents and Settings\Samuel\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-02-11 20:53 2,927,104 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp

2008-02-11 13:18 615,936 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp

2008-02-10 03:12 --------- d-----w C:\Arquivos de programas\MSECache

2008-02-06 18:26 2,245,632 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp

2008-02-06 18:26 1,441,792 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp

2008-02-06 05:47 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-02-06 05:47 253,952 ------w C:\WINDOWS\Setup1.exe

2008-01-04 12:54 18,717,341 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_03_13_23_58_full.dmp.zip

2007-12-31 14:13 15,135,282 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_30_10_10_08_full.dmp.zip

2007-12-30 12:10 84,992 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp

2007-12-30 12:10 1,405,440 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp

2007-12-26 12:27 18,693,514 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_25_06_00_24_full.dmp.zip

2007-12-21 15:00 17,578,704 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_18_21_49_47_full.dmp.zip

2007-12-18 23:49 619,520 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp

2007-12-18 02:26 2,758,437 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_18_00_25_23_full.dmp.zip

2007-12-18 02:25 369,664 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp

2007-12-17 17:44 18,774,040 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_17_15_42_03_full.dmp.zip

2007-12-17 11:56 2,987,520 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp

2007-12-17 11:56 1,390,592 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp

2007-12-01 16:45 1,370,624 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp

2007-11-29 17:08 425,472 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp

2007-11-29 17:08 1,358,848 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp

2007-11-24 07:27 3,030,528 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp

2007-11-24 07:27 1,350,656 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp

2007-10-17 15:31 2,892,288 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp

2007-10-17 15:31 1,305,600 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp

2007-10-16 20:26 2,891,264 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp

2007-10-16 20:26 1,304,576 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp

2007-10-04 19:20 1,288,192 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp

2007-09-30 02:03 1,285,120 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp

2007-09-10 18:49 2,665,495 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2007-08-30 18:46 2,938,368 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp

2007-08-30 18:46 1,254,912 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp

2007-08-16 18:07 2,699,776 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp

2007-08-16 18:07 1,233,408 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp

2007-07-26 13:23 1,915,392 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp

2007-07-26 13:23 1,287,680 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp

2007-07-26 13:22 1,287,680 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp

2007-07-12 22:47 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\VYAAUFMZPWPP.SYS

2007-06-28 17:07 339,456 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp

2007-06-24 02:05 92,064 ----a-w C:\Documents and Settings\Samuel\mqdmmdm.sys

2007-06-24 02:05 9,232 ----a-w C:\Documents and Settings\Samuel\mqdmmdfl.sys

2007-06-24 02:05 79,328 ----a-w C:\Documents and Settings\Samuel\mqdmserd.sys

2007-06-24 02:05 66,656 ----a-w C:\Documents and Settings\Samuel\mqdmbus.sys

2007-06-24 02:05 6,208 ----a-w C:\Documents and Settings\Samuel\mqdmcmnt.sys

2007-06-24 02:05 5,936 ----a-w C:\Documents and Settings\Samuel\mqdmwhnt.sys

2007-06-24 02:05 4,048 ----a-w C:\Documents and Settings\Samuel\mqdmcr.sys

2007-06-24 02:05 25,600 ----a-w C:\Documents and Settings\Samuel\usbsermptxp.sys

2007-06-24 02:05 22,768 ----a-w C:\Documents and Settings\Samuel\usbsermpt.sys

2007-06-17 14:14 52,224 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp

2007-06-17 14:14 1,238,528 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp

2007-06-16 15:51 348,160 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp

2007-06-07 13:24 1,443,328 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp

2007-05-26 15:58 3,043,328 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp

2007-05-26 15:58 1,589,760 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp

2007-05-26 15:57 1,589,760 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp

2007-05-02 18:44 1,556,480 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp

2007-04-29 02:11 1,550,336 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp

2007-04-25 16:51 1,541,120 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp

2007-04-04 17:57 3,049,984 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp

2007-04-04 17:57 1,515,520 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp

2007-03-15 18:35 1,490,944 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp

2007-03-14 16:28 1,489,920 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp

2007-03-14 15:49 1,489,408 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp

2007-03-12 18:10 1,487,360 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp

2007-03-08 17:57 1,484,288 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp

2007-03-02 14:51 1,475,584 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp

2007-02-17 22:03 1,457,664 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp

2007-02-15 18:25 1,440,256 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp

2007-02-08 14:55 1,418,752 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp

2007-01-21 13:06 1,386,496 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2006-12-27 20:47 113,206 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_27_16_51_18_small.dmp.zip

2006-12-27 18:24 112,093 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_27_13_06_38_small.dmp.zip

2006-12-26 16:11 114,203 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_26_12_13_14_small.dmp.zip

2006-12-18 17:12 114,099 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_18_13_41_21_small.dmp.zip

.

------- Sigcheck -------

2001-10-28 15:07 12800 979f27f95f9a60ad6292b803aee12de5 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

2004-08-04 00:45 14336 5de3e7b6f7624552f2f06664f110820d C:\WINDOWS\ServicePackFiles\i386\svchost.exe

2004-08-04 00:45 14336 5de3e7b6f7624552f2f06664f110820d C:\WINDOWS\system32\svchost.exe

2001-10-28 15:07 75264 4a95e7320199ec0e3a695494f140c69f C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

2004-08-04 00:45 82944 a5163442377d3c305bbff612f80047d7 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll

2004-08-04 00:45 82944 a5163442377d3c305bbff612f80047d7 C:\WINDOWS\system32\ws2_32.dll

2001-10-28 15:07 432128 4bbd085f3684a4dbebc7c291bd3d9f94 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\system32\winlogon.exe

2001-10-28 15:07 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19 5728112]

"LightDialer"="C:\Arquivos de programas\Velox\Discador\DISCADOR.EXE" [2005-03-18 09:11 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-31 06:22 4616192]

"nwiz"="nwiz.exe" [2003-07-31 06:22 323584 C:\WINDOWS\system32\nwiz.exe]

"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 10:40 49152]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 07:08 172032]

"MULTIMEDIA KEYBOARD"="C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-06-19 09:50 180224]

"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 07:50 155648]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"UnlockerAssistant"="C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-11-11 17:38 282624]

"Zone Labs Client"="C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 22:38 968696]

"SmartSync - ScheduleSync"="C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" [2006-08-31 08:41 45056]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-05-14 19:22 35328]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-03-22 03:34 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-03-22 03:16 219136]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-20 14:21:17 113664]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

Monitor Apache Servers.lnk - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2007-01-09 23:20:44 41041]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"18238:TCP"= 18238:TCP:NortonAV

"14888:TCP"= 14888:TCP:NortonAV

"12333:TCP"= 12333:TCP:NortonAV

"12727:TCP"= 12727:TCP:NortonAV

"16959:TCP"= 16959:TCP:NortonAV

"6201:TCP"= 6201:TCP:npx32

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02]

R2 nhksrv;Netropa NHK Server;C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 05:41]

R2 SQLWriter;Escritor VSS do SQL Server;"c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-08-11 21:40]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys []

S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]

S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2004-10-07 14:37]

S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys []

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-29 18:09:35

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]

"ImagePath"="c:/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]

"ImagePath"="c:/mysql/bin/mysqld-nt.exe"

.

Tempo para conclusão: 2008-03-29 18:11:53

ComboFix-quarantined-files.txt 2008-03-29 21:11:43

ComboFix2.txt 2008-03-23 23:55:01

ComboFix3.txt 2008-03-23 08:53:52

.

2008-03-16 06:40:38 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 18:17:59, on 29/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\TrayMon.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Hijackthis\Hijackthis\HijackThis.exe

C:\DOCUME~1\Samuel\CONFIG~1\Temp\Setup_1813.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [smartSync - ScheduleSync] C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LightDialer] C:\Arquivos de programas\Velox\Discador\DISCADOR.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\ocean technology\gg e-sports platform\gfilter.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\ocean technology\gg e-sports platform\gfilter.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\ocean technology\gg e-sports platform\gfilter.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162933096718

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{90B17189-4C99-40A8-9495-5EDE5402D596}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: MySql - Unknown owner - c:/mysql/bin/mysqld-nt.exe (file missing)

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×