Ir ao conteúdo
  • Cadastre-se
caioaugusto

acho q peguei um trojan?

Recommended Posts

eu cliquei num link do orkut...o link era aquele codigo pra ver fotos bloqueadas...ai depois vi na pagina de recados de um amigo meu, um scrap meu q eu não mandei e q é um virus!!!!

como faço para parar de mandar esses scrap???

Logfile of HijackThis v1.99.1

Scan saved at 17:59:49, on 23/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de Programas\CTBC\NetSuper\app\TangoService.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Turbo\Manager\desp2k.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de Programas\Windows Media Player\wmplayer.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de Programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\marcelo.m.a\Meus documentos\caio\Programas\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Disney] subst P: C:\ARQUIV~1\DEMODA~1

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTPreset] VTPreset.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [smart Start UP] C:\Arquivos de programas\NewSoft\Smart Start UP\PnPDetect.exe /Automation

O4 - HKLM\..\Run: [iPPDetect] C:\ARQUIV~1\NewSoft\PRESTO~1.PHO\MrPhoto3\MrPhoto3\IPP4Detect.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Turbo\Manager\desp2k.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: K-Lite2006.lnk = C:\Arquivos de Programas\K-Lite2006\klrun.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de programas\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BCDAF623-583C-450F-875F-18141B71C9F8}: NameServer = 200.225.197.34,200.225.197.37

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Arquivos de Programas\CTBC\NetSuper\app\TangoService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

esta ai o resultado do ComboFix.txt

ComboFix 08-03-24.1 - marcelo.m.a 2008-03-24 23:27:17.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.76 [GMT -3:00]Executando de: C:\Documents and Settings\marcelo.m.a\Configurações locais\Temporary Internet Files\Content.IE5\0C4DVOX2\ComboFix[1].exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

ADS - svchost.exe: deleted 68 bytes in 1 streams.

-- Script messages for sUBs --

CF2815.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\* >Windir.dat"

VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\*

CF2815.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Arquivos de programas\*" >progfile.dat"

VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Arquivos de programas\*"

CF2815.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\Arquivos comuns\winantivirus pro 2006

C:\Arquivos de programas\Arquivos comuns\winantivirus pro 2006\WapCHK.dll

C:\Arquivos de programas\instant access

C:\Arquivos de programas\instant access\Center\NoCreditCardGay.lnk

C:\Arquivos de programas\instant access\DesktopIcons\NoCreditCardGay.lnk

C:\Arquivos de programas\instant access\Multi\20060816200833\Common\module.php

C:\Arquivos de programas\instant access\Multi\20060816200833\dialerexe.ini

C:\Arquivos de programas\instant access\Multi\20060816200833\js\js_api_dialer.php

C:\Arquivos de programas\instant access\Multi\20060816200833\medias\button1.gif

C:\Arquivos de programas\instant access\Multi\20060816200833\medias\button2.gif

C:\Arquivos de programas\instant access\Multi\20060816200833\medias\button3.gif

C:\Arquivos de programas\instant access\Multi\20060816200833\medias\button4.gif

C:\Arquivos de programas\instant access\Multi\20060816200833\medias\dialer.ico

C:\Arquivos de programas\winantivirus pro 2006

C:\Arquivos de programas\winantivirus pro 2006\history.db

C:\Documents and Settings\All Users\Dados de aplicativos\WinAntiVirus Pro 2006

C:\WINDOWS\dialerexe.ini

C:\WINDOWS\system32\_000001_.tmp.dll

C:\WINDOWS\system32\_000003_.tmp.dll

C:\WINDOWS\system32\_000005_.tmp.dll

C:\WINDOWS\system32\_000008_.tmp.dll

C:\WINDOWS\system32\_000110_.tmp.dll

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\stera.job

C:\WINDOWS\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

-------\Service_vspf

-------\Service_vspf_hk

((((((((((((((((((((((( Ficheiros criados de 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))))

.

2008-03-20 22:33 . 2008-03-20 22:33 <DIR> d-------- C:\download

2008-03-20 18:12 . 2008-03-20 18:12 <DIR> d-------- C:\Documents and Settings\marcelo.m.a\Dados de aplicativos\AdobeUM

2008-03-20 17:39 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-20 17:39 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-20 17:39 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-20 13:32 . 2008-03-20 13:50 <DIR> d--hsc--- C:\Arquivos de Programas\Arquivos comuns\WindowsLiveInstaller

2008-03-20 13:30 . 2008-03-20 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-24 19:02 --------- d-----w C:\Documents and Settings\marcelo.m.a\Dados de aplicativos\LimeWire

2008-03-20 16:57 --------- d-----w C:\Arquivos de programas\Windows Live

2008-03-20 16:57 --------- d-----w C:\Arquivos de programas\DEMO DA DISNEY

2008-03-20 16:53 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-03-20 16:05 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-06-29 22:39 25,811,528 -c--a-w C:\Arquivos de programas\wmp11-windowsxp-x86-pt-br.exe

2007-06-01 18:16 1,358 -c--a-w C:\Arquivos de programas\PhotoClinic.ini

2007-06-01 17:55 1,147 -c--a-w C:\Arquivos de programas\Install.cfg

2007-06-01 17:41 662 ----a-w C:\Arquivos de programas\unwise.ini

2007-06-01 17:41 2,885 -c--a-w C:\Arquivos de programas\e-mode.ini

2007-06-01 17:41 140 -c--a-w C:\Arquivos de programas\Validation.ini

2006-08-18 20:02 37,518,744 -c--a-w C:\Arquivos de programas\iTunesSetup.exe

2006-07-26 19:45 51,200 -c--a-w C:\Arquivos de programas\palng.dll

2006-07-26 19:45 2,442,752 ----a-w C:\Arquivos de programas\PhotoClinic.exe

2006-07-26 19:29 46,080 -c--a-w C:\Arquivos de programas\zlib.dll

2006-07-26 19:29 18,432 -c--a-w C:\Arquivos de programas\ps8bf.dll

2006-07-26 19:29 100,352 -c--a-w C:\Arquivos de programas\libpng.dll

2006-07-26 17:50 139,264 -c--a-w C:\Arquivos de programas\UpgradeInfo.exe

2006-07-18 12:50 586,723 -c--a-w C:\Arquivos de programas\addoninstall.exe

2006-07-17 16:30 129,024 ----a-w C:\Arquivos de programas\uninstall.exe

2006-07-17 14:10 176,128 ----a-w C:\Arquivos de programas\unwise.exe

2006-07-17 13:58 184,320 ----a-w C:\Arquivos de programas\instslct.exe

2006-06-28 13:55 315,392 -c--a-w C:\Arquivos de programas\eModeUpgradeDlg.dll

2006-02-27 13:43 24,576 -c--a-w C:\Arquivos de programas\Validation.exe

2005-11-14 16:59 4,839 ----a-w C:\Arquivos de programas\uninstall.ini

2005-05-04 22:14 5,123 -c--a-w C:\Arquivos de programas\pa.cnt

2005-05-04 22:14 371,005 -c--a-w C:\Arquivos de programas\pa.hlp

2004-04-15 18:48 32,768 -c--a-w C:\Arquivos de programas\MagixUpdater.exe

2003-03-17 09:04 618,496 -c--a-w C:\Arquivos de programas\stlpmt45.dll

2003-03-17 09:04 1,500,160 -c--a-w C:\Arquivos de programas\cc3260mt.dll

2003-02-12 14:20 28,672 -c--a-w C:\Arquivos de programas\explore.exe

2002-02-13 11:00 22,016 -c--a-w C:\Arquivos de programas\borlndmm.dll

1999-12-10 16:00 431,376 ----a-w C:\Arquivos de programas\riched20.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-10-13 13:03 15360]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2008-03-20 14:06 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2005-03-08 02:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 16:33 147456 C:\WINDOWS\system32\VTTrayp.exe]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]

"Disney"="subst P: C:\ARQUIV~1\DEMODA~1" [ ]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"SoundMan"="SOUNDMAN.EXE" [2005-10-04 13:12 90112 C:\WINDOWS\SOUNDMAN.EXE]

"VTPreset"="VTPreset.exe" [2005-10-13 13:22 45056 C:\WINDOWS\system32\VTPreset.exe]

"SMSERIAL"="sm56hlpr.exe" [2005-07-06 04:47 544768 C:\WINDOWS\sm56hlpr.exe]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-06-18 01:15 77824]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

"Smart Start UP"="C:\Arquivos de programas\NewSoft\Smart Start UP\PnPDetect.exe" [2003-01-21 14:25 98304]

"IPPDetect"="C:\ARQUIV~1\NewSoft\PRESTO~1.PHO\MrPhoto3\MrPhoto3\IPP4Detect.exe" [ ]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]

"desp2k"="C:\Arquivos de programas\Turbo\Manager\desp2k.exe" [2005-03-16 16:41 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-10-13 13:03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^QuickTV.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\QuickTV.lnk

backup=C:\WINDOWS\pss\QuickTV.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

--a------ 2007-10-13 15:39 5808128 C:\Arquivos de Programas\eMule\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Arquivos de Programas\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TelExtreme]

C:\Arquivos de Programas\TelExtreme\TelExtreme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de Programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de Programas\\NetMeeting\\conf.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2005-05-13 15:07]

R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2005-05-13 15:07]

R3 Cap7134;AVerMedia, AVerTV WDM Video Capture (Silicon);C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2005-10-24 15:38]

R3 ENETNT5;Efficient Networks, tango Access PPPoE WAN Miniport;C:\WINDOWS\system32\DRIVERS\enetnt.sys [2004-02-16 10:09]

R3 PhTVTune;Cap7134 TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2005-10-24 15:38]

S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]

S3 DSCVc;Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 17:31]

S3 ENDETECT;ENDETECT;C:\ARQUIV~1\CTBC\NetSuper\app\ENDETECT.SYS [2004-04-29 10:41]

S3 L2XPSR;L2XPSR;C:\ARQUIV~1\CTBC\NetSuper\app\L2XPSR.SYS [2004-04-29 10:38]

S3 NTSTPL1;NTSTPL1;C:\ARQUIV~1\CTBC\NetSuper\app\NTSTPL1.SYS [2004-04-29 10:41]

S3 RAWESR;RAWESR;C:\ARQUIV~1\CTBC\NetSuper\app\RAWESR.SYS [2004-04-29 10:41]

S3 TAPBIND;TAPBIND;C:\ARQUIV~1\CTBC\NetSuper\app\TAPBIND1.SYS [2004-04-29 10:41]

S3 UXDCMN;UXDCMN;C:\SYSPREP\WST\UXDCMN.SYS []

S3 VIASens;Vinyl Sensaura WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\viasens.sys [2005-10-13 13:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]

\Shell\AutoRun\command - P:\Setup.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-24 23:35:56

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de Programas\CTBC\NetSuper\app\TangoService.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-03-24 23:40:41 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-25 02:40:36

.

2008-03-21 06:08:38 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

esta ai o resultado...

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Wednesday, March 26, 2008 5:08:59 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 26/03/2008

Kaspersky Anti-Virus database records: 664949

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

P:\

Scan Statistics:

Total number of scanned objects: 63936

Number of viruses found: 3

Number of infected objects: 5

Number of suspicious objects: 0

Duration of the scan process: 01:13:50

Infected Object Name / Virus Name / Last Action

C:\Arquivos de Programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Arquivos de Programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Arquivos de Programas\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Arquivos de Programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Arquivos de Programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Arquivos de Programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Arquivos de Programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\marcelo.m.a\Configurações locais\Dados de aplicativos\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\marcelo.m.a\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\marcelo.m.a\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\marcelo.m.a\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\marcelo.m.a\Configurações locais\Histórico\History.IE5\MSHist012008032620080327\index.dat Object is locked skipped

C:\Documents and Settings\marcelo.m.a\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\marcelo.m.a\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\marcelo.m.a\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\marcelo.m.a\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-57d94963-465ace0e.zip/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped

C:\Documents and Settings\marcelo.m.a\Dados de aplicativos\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-57d94963-465ace0e.zip ZIP: infected - 1 skipped

C:\Documents and Settings\marcelo.m.a\ntuser.dat Object is locked skipped

C:\Documents and Settings\marcelo.m.a\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\QooBox\Quarantine\C\Arquivos de Programas\Arquivos comuns\WinAntiVirus Pro 2006\WapCHK.dll.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{E999A55F-0EFF-4E0E-951D-7A059AB38698}\RP205\A0384458.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped

C:\System Volume Information\_restore{E999A55F-0EFF-4E0E-951D-7A059AB38698}\RP205\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wpmd.exe Infected: Trojan-Spy.Win32.Bancos.zm skipped

C:\WINDOWS\Temp\Perflib_Perfdata_4b0.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Compartilhar este post


Link para o post
Compartilhar em outros sites

o KASPERSKY acho o trojan q estava infectando o pc...e um tal de wpmd.exe, ele estava na pasta c:windows/system32/wpmd.exe...ai eu fui lá na pasta ai eu dei um clique sobre o arquivo e depois o avast o achou(wpmd.exe) e recomendou mover para a quarentena.Ai eu removi para quarentena.

queria saber se isso resolveu o meu problema???

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Apague a pasta em destaque:

C:\QooBox

- Desative e ative novamente a Restauração do Sistema

...ai eu fui lá na pasta ai eu dei um clique sobre o arquivo e depois o avast o achou(wpmd.exe) e recomendou mover para a quarentena.Ai eu removi para quarentena.

queria saber se isso resolveu o meu problema???

Sim.

- No mais, o log está limpo :)

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×