Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
deodetss

PC infectado!Por favor, ajuda na analise!

Recommended Posts

Meu PC está infectado... abre janelas do navegador de um site Gladiatus, e de outros... como vi vários estão com esse problema.

Trava várias vezes, fica lento, etc.

Estão ai os logs do Hijack e do Combofix.

Agradeço a ajuda!

Logfile of HijackThis v1.99.1

Scan saved at 19:01:38, on 18/05/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\helppane.exe

C:\HiJack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4B6F45E1-90D1-47FE-AA6D-98107AA5A9A2} - C:\Windows\system32\tUlJCrrS.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\CONFLICT.1\gbiehabn.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iifebYSk.dll,#1

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [7c8d4574] rundll32.exe "C:\Windows\system32\sptyxbon.dll",b

O4 - HKLM\..\Run: [bM7fbe76e8] Rundll32.exe "C:\Windows\system32\yxovfhhq.dll",s

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

ComboFix 08-05-15.3 - Fausto 2008-05-18 18:49:00.1 - NTFSx86 MINIMAL

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1662 [GMT -3:00]

Running from: C:\Users\Fausto\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\laehpvgi.ini

C:\Windows\system32\nobxytps.ini

C:\Windows\System32\SrrCJlUt.ini

C:\Windows\System32\SrrCJlUt.ini2

C:\Windows\System32\urbdgyts.ini

C:\Windows\system32\x64

.

((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))

.

2008-05-18 18:27 . 2008-05-18 18:27 124,928 --a------ C:\Windows\System32\yxovfhhq.dll

2008-05-18 18:27 . 2008-05-18 18:27 117,248 --a------ C:\Windows\System32\sptyxbon.dll

2008-05-18 18:20 . 2008-05-18 18:20 124,928 --a------ C:\Windows\System32\vskvjrba.dll

2008-05-18 18:14 . 2008-05-16 14:06 59,392 --a------ C:\Windows\System32\byXPJDtq.dll

2008-05-18 12:46 . 2008-05-16 14:06 59,392 --a------ C:\Windows\System32\awtsssTk.dll

2008-05-17 11:15 . 2008-05-18 18:27 <DIR> d-------- C:\HiJack

2008-05-16 16:33 . 2008-05-16 16:33 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-05-16 15:30 . 2008-05-16 15:30 1,160 --a------ C:\Windows\mozver.dat

2008-05-16 15:18 . 2008-05-16 15:18 0 --a------ C:\Windows\nsreg.dat

2008-05-16 14:12 . 2008-05-16 14:12 370,688 --a------ C:\Windows\System32\tUlJCrrS.dll

2008-05-16 14:08 . 2008-05-16 14:08 <DIR> d-------- C:\Program Files\Google

2008-05-16 14:06 . 2008-05-16 14:06 20,913,576 --a------ C:\google.h.i.c.h.a.m.o.n.t.r.e.a..l.o.ll.exe

2008-05-16 14:06 . 2008-05-16 14:06 96,256 --------- C:\is154243.exe

2008-05-16 14:02 . 2008-05-18 18:14 54,156 --ah----- C:\Windows\QTFont.qfn

2008-05-16 14:02 . 2008-05-16 14:02 1,409 --a------ C:\Windows\QTFont.for

2008-05-16 14:01 . 2008-05-16 14:01 <DIR> d-------- C:\Users\Fausto\AppData\Roaming\Apple Computer

2008-05-16 14:01 . 2008-05-16 14:01 <DIR> d-------- C:\Program Files\iTunes

2008-05-16 14:01 . 2008-05-16 14:01 <DIR> d-------- C:\Program Files\iPod

2008-05-16 14:00 . 2008-05-16 14:01 <DIR> d-------- C:\Users\All Users\Apple Computer

2008-05-16 14:00 . 2008-05-16 14:01 <DIR> d-------- C:\ProgramData\Apple Computer

2008-05-16 14:00 . 2008-05-16 14:00 <DIR> d-------- C:\Program Files\Bonjour

2008-05-16 13:59 . 2008-05-16 13:59 <DIR> d-------- C:\Program Files\Apple Software Update

2008-05-16 13:58 . 2008-05-16 13:58 <DIR> d-------- C:\Users\All Users\Apple

2008-05-16 13:58 . 2008-05-16 13:58 <DIR> d-------- C:\ProgramData\Apple

2008-05-16 13:58 . 2008-05-16 13:58 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-05-16 13:01 . 2008-05-16 14:00 <DIR> d-------- C:\Program Files\QuickTime

2008-05-16 12:44 . 2008-05-16 14:14 <DIR> d-------- C:\Users\Fausto\AppData\Roaming\uTorrent

2008-05-16 06:23 . 2008-05-16 06:23 <DIR> d-------- C:\Program Files\Hewlett-Packard

2008-05-16 06:23 . 2005-02-17 14:38 12,658 --a------ C:\Windows\System32\drivers\HPx9G2k.sys

2008-05-15 10:29 . 2008-05-16 08:27 69 --a------ C:\Windows\NeroDigital.ini

2008-05-15 10:22 . 2008-05-15 10:22 <DIR> d-------- C:\Program Files\VistaCodecPack

2008-05-15 10:09 . 2008-05-15 10:09 <DIR> d-------- C:\Users\All Users\VistaCodecs

2008-05-15 10:09 . 2008-05-15 10:09 <DIR> d-------- C:\ProgramData\VistaCodecs

2008-05-13 20:13 . 2008-05-13 20:13 <DIR> d-------- C:\IDAPI

2008-05-13 20:13 . 1994-08-22 22:36 25,808 --a------ C:\Windows\system\CTL3DV2.DLL

2008-05-13 20:12 . 2008-05-13 20:12 <DIR> d-------- C:\1001

2008-05-13 20:12 . 2008-05-13 20:12 29 --a------ C:\Windows\1001.INI

2008-05-13 20:11 . 2008-05-13 20:11 <DIR> d-------- C:\ARQUIVOS

2008-05-13 19:00 . 2008-05-13 19:00 <DIR> d-------- C:\Program Files\Nuganics

2008-05-13 19:00 . 2008-05-13 19:00 1,807,938 --a------ C:\Windows\System32\Licking Dog Screen Clean.scr

2008-05-13 17:31 . 2008-05-18 18:51 504,988 --a------ C:\Windows\System32\prfh0416.dat

2008-05-13 17:31 . 2008-05-13 17:29 318,818 --a------ C:\Windows\System32\prfi0416.dat

2008-05-13 17:31 . 2008-05-18 18:51 82,368 --a------ C:\Windows\System32\prfc0416.dat

2008-05-13 17:31 . 2008-05-13 17:29 37,412 --a------ C:\Windows\System32\prfd0416.dat

2008-05-13 17:30 . 2008-05-13 17:30 <DIR> d-------- C:\Windows\System32\drivers\pt-BR

2008-05-13 17:30 . 2008-05-13 17:30 <DIR> d-------- C:\Windows\System32\0416

2008-05-13 17:30 . 2008-05-13 17:30 <DIR> d-------- C:\Windows\pt-BR

2008-05-13 16:18 . 2008-05-13 16:18 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

2008-05-13 16:18 . 2008-05-13 16:18 41,984 --a------ C:\Windows\System32\drivers\monitor.sys

2008-05-13 16:17 . 2008-05-13 16:17 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll

2008-05-13 16:14 . 2008-05-13 16:14 944,184 --a------ C:\Windows\System32\winload.exe

2008-05-13 16:14 . 2008-05-13 16:14 620,088 --a------ C:\Windows\System32\ci.dll

2008-05-13 16:14 . 2008-05-13 16:14 371,712 --a------ C:\Windows\System32\srcore.dll

2008-05-13 16:14 . 2008-05-13 16:14 313,856 --a------ C:\Windows\System32\rstrui.exe

2008-05-13 16:14 . 2008-05-13 16:14 40,960 --a------ C:\Windows\System32\srclient.dll

2008-05-13 16:14 . 2008-05-13 16:14 19,000 --a------ C:\Windows\System32\kd1394.dll

2008-05-13 16:14 . 2008-05-13 16:14 16,384 --a------ C:\Windows\System32\srdelayed.exe

2008-05-13 16:14 . 2008-05-13 16:14 7,168 --a------ C:\Windows\System32\f3ahvoas.dll

2008-05-13 16:14 . 2008-05-13 16:14 6,656 --a------ C:\Windows\System32\kbd106n.dll

2008-05-13 16:13 . 2008-05-18 18:53 <DIR> d-------- C:\Users\All Users\GbPlugin

2008-05-13 16:13 . 2008-05-18 18:53 <DIR> d-------- C:\ProgramData\GbPlugin

2008-05-13 16:13 . 2008-05-13 16:13 <DIR> d-------- C:\Program Files\GbPlugin

2008-05-13 16:12 . 2008-05-13 16:12 2,027,008 --a------ C:\Windows\System32\win32k.sys

2008-05-13 16:12 . 2008-05-13 16:12 296,448 --a------ C:\Windows\System32\gdi32.dll

2008-05-13 16:11 . 2008-05-13 16:11 83,968 --a------ C:\Windows\System32\dnsrslvr.dll

2008-05-13 16:11 . 2008-05-13 16:11 53,760 --a------ C:\Windows\System32\drivers\hdaudbus.sys

2008-05-13 16:11 . 2008-05-13 16:11 24,576 --a------ C:\Windows\System32\dnscacheugc.exe

2008-05-13 16:07 . 2008-05-13 16:07 148,992 --a------ C:\Windows\System32\drivers\ks.sys

2008-05-13 16:04 . 2008-05-13 16:04 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-05-13 15:27 . 2008-05-13 15:44 <DIR> d-------- C:\Users\Fausto\Turbo Squid Tentacles

2008-05-13 15:18 . 2008-05-13 15:18 <DIR> d-------- C:\Windows\System32\Macromed

2008-05-13 15:18 . 2008-05-13 15:27 <DIR> d-------- C:\Program Files\turbo squid tentacles

2008-05-13 15:15 . 2008-05-13 15:15 231 --a------ C:\Windows\System32\3dsmax.ini

2008-05-13 15:15 . 2008-05-13 15:15 43 --a------ C:\Windows\System32\InstallSettings.ini

2008-05-13 15:13 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll

2008-05-13 15:13 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll

2008-05-13 15:13 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll

2008-05-13 15:13 . 2007-05-16 16:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll

2008-05-13 15:13 . 2007-05-16 16:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll

2008-05-13 15:13 . 2006-11-29 13:06 440,080 --a------ C:\Windows\System32\d3dx10.dll

2008-05-13 14:42 . 2008-05-13 14:42 1,712,984 --a------ C:\Windows\System32\wuaueng.dll

2008-05-13 14:42 . 2008-05-13 14:42 1,524,224 --a------ C:\Windows\System32\wucltux.dll

2008-05-13 14:42 . 2008-05-13 14:42 53,080 --a------ C:\Windows\System32\wuauclt.exe

2008-05-13 14:42 . 2008-05-13 14:42 43,352 --a------ C:\Windows\System32\wups2.dll

2008-05-13 14:41 . 2008-05-13 14:41 549,720 --a------ C:\Windows\System32\wuapi.dll

2008-05-13 14:41 . 2008-05-13 14:41 163,000 --a------ C:\Windows\System32\wuwebv.dll

2008-05-13 14:41 . 2008-05-13 14:41 80,896 --a------ C:\Windows\System32\wudriver.dll

2008-05-13 14:41 . 2008-05-13 14:41 33,624 --a------ C:\Windows\System32\wups.dll

2008-05-13 14:41 . 2008-05-13 14:41 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-05-13 07:49 . 2008-05-13 03:00 <DIR> d-------- C:\Windows\Panther

2008-05-13 07:49 . 2008-05-18 18:52 <DIR> d--hs---- C:\Boot

2008-05-13 07:49 . 2008-01-08 19:32 443,912 -rahs---- C:\bootmgr

2008-05-13 07:49 . 2008-05-13 07:49 8,192 -ra-s---- C:\BOOTSECT.BAK

2008-05-13 07:48 . 2008-05-13 07:48 <DIR> d-------- C:\Windows\System32\OEM

2008-05-13 07:48 . 2007-03-16 13:40 59 -ra------ C:\Windows\DELL_VERSION

2008-05-13 07:20 . 2008-05-13 05:09 <DIR> d-------- C:\Windows.old

2008-05-13 05:24 . 2008-05-16 16:33 <DIR> d-------- C:\Users\All Users\Adobe

2008-05-13 04:26 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll

2008-05-13 04:25 . 2008-05-13 04:25 <DIR> d-------- C:\Windows\PCHEALTH

2008-05-13 04:25 . 2008-05-13 04:25 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-05-13 04:25 . 2008-05-13 04:26 <DIR> d-------- C:\Program Files\Microsoft Works

2008-05-13 04:22 . 2008-05-13 04:22 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8

2008-05-13 04:21 . 2008-05-17 10:23 <DIR> d--hs---- C:\Windows\Installer

2008-05-13 04:21 . 2008-05-13 16:20 <DIR> d-------- C:\Users\All Users\Microsoft Help

2008-05-13 04:21 . 2008-05-13 16:20 <DIR> d-------- C:\ProgramData\Microsoft Help

2008-05-13 04:20 . 2008-05-13 04:20 <DIR> dr-h----- C:\MSOCache

2008-05-13 04:01 . 2008-05-13 04:01 <DIR> dr------- C:\Users\Fausto\Searches

2008-05-13 04:01 . 2008-05-13 04:01 <DIR> dr------- C:\Users\Fausto\Contacts

2008-05-13 04:00 . 2008-05-17 11:38 <DIR> dr------- C:\Users\Fausto\Videos

2008-05-13 04:00 . 2008-05-17 19:01 <DIR> dr------- C:\Users\Fausto\Saved Games

2008-05-13 04:00 . 2008-05-13 04:01 <DIR> dr------- C:\Users\Fausto\Pictures

2008-05-13 04:00 . 2008-05-16 14:02 <DIR> dr------- C:\Users\Fausto\Music

2008-05-13 04:00 . 2008-05-13 04:01 <DIR> dr------- C:\Users\Fausto\Links

2008-05-13 04:00 . 2008-05-16 12:55 <DIR> dr------- C:\Users\Fausto\Downloads

2008-05-13 04:00 . 2008-05-16 16:35 <DIR> dr------- C:\Users\Fausto\Documents

2008-05-13 04:00 . 2006-11-02 09:35 <DIR> d-------- C:\Users\Fausto\AppData\Roaming\Media Center Programs

2008-05-13 04:00 . 2008-05-13 15:05 <DIR> d--h----- C:\Users\Fausto\AppData

2008-05-13 04:00 . 2008-05-17 10:56 <DIR> d-------- C:\Users\Fausto

2008-05-13 04:00 . 2008-05-13 04:02 524,288 --ahs---- C:\Users\Fausto\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms

2008-05-13 04:00 . 2008-05-13 04:02 524,288 --ahs---- C:\Users\Fausto\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms

2008-05-13 04:00 . 2008-05-18 18:53 262,144 --ah----- C:\Users\Fausto\ntuser.dat.LOG1

2008-05-13 04:00 . 2008-05-13 04:02 65,536 --ahs---- C:\Users\Fausto\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf

2008-05-13 04:00 . 2008-05-13 04:00 0 --ah----- C:\Users\Fausto\ntuser.dat.LOG2

2008-05-13 03:59 . 2007-03-17 08:41 171,136 -rahs---- C:\grldr

2008-05-13 03:56 . 2008-05-13 03:56 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-16 17:06 59,392 ----a-w C:\Windows\System32\iifebYSk.dll

2008-05-13 20:30 --------- d-----w C:\Program Files\Windows Sidebar

2008-05-13 20:30 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-05-13 20:30 --------- d-----w C:\Program Files\Windows Mail

2008-05-13 20:30 --------- d-----w C:\Program Files\Windows Journal

2008-05-13 20:30 --------- d-----w C:\Program Files\Windows Defender

2008-05-13 20:30 --------- d-----w C:\Program Files\Windows Collaboration

2008-05-13 20:30 --------- d-----w C:\Program Files\Windows Calendar

2008-05-13 19:05 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-05-13 19:05 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-05-13 19:05 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-05-13 19:05 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-05-13 07:25 --------- d-----w C:\Program Files\MSBuild

2008-05-13 05:57 174 --sha-w C:\Program Files\desktop.ini

2008-05-12 08:31 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-05-12 08:31 315,392 ----a-w C:\Windows\HideWin.exe

2008-04-12 10:41 180,224 ----a-w C:\Windows\System32\xvidvfw.dll

2008-04-12 10:30 765,952 ----a-w C:\Windows\System32\xvidcore.dll

2008-03-06 21:29 966,656 ----a-w C:\Windows\System32\VSFilter.dll

2008-02-28 20:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe

2008-02-26 19:14 972,072 ----a-w C:\Windows\UNRecode.exe

2008-02-18 19:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll

.

------- Sigcheck -------

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1630D545-2D74-4231-BCBF-A0A4C786DC6E}]

2008-05-16 14:12 370688 --a------ C:\Windows\system32\tUlJCrrS.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 19:33 1232896]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-11 12:26 1006264]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

"RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 05:56 4702208 C:\Windows\RtHDVCpl.exe]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 05:55 102400]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 10:17 707080]

"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 13:47 45056]

"PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 10:56 200704]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-13 02:29 949376]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-16 13:01 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"MSServer"="C:\Windows\system32\iifebYSk.dll" [2008-05-16 14:06 59392]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]

"7c8d4574"="C:\Windows\system32\sptyxbon.dll" [2008-05-18 18:27 117248]

"BM7fbe76e8"="C:\Windows\system32\yxovfhhq.dll" [2008-05-18 18:27 124928]

C:\Users\Fausto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\Windows\Downloaded Program Files\CONFLICT.1\gbiehabn.dll [2008-05-18 18:25 367016]

"{36D9CB8D-B8CA-4A85-A879-06A71109F11E}"= C:\Windows\system32\iifebYSk.dll [2008-05-16 14:06 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{F2225180-0D4C-48E0-A00B-FFD7A021006D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{C70AD058-7978-4013-BE60-650C0B338C1F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{E0BFF397-FAE4-4495-A942-DD09F6C07801}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{05C7C16F-58B6-499E-AD27-2B278043D46E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{6B2058D7-8781-46A3-85F7-CACCB3B00776}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{51E43F64-A080-4ABA-929F-411E839427A4}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

"UDP Query User{E2107273-8F14-4769-B216-8A0DFC3B1906}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

"{D7AE48A8-BA13-4DE1-AD56-0E58640D8544}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor

"{8516E781-D26D-47D7-AB35-23A4EE24DFF1}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor

"{28AEE948-7F94-4A56-90EE-BD96DC3D0AA8}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager

"{9C511126-89A3-4DA1-8095-FFBE60D32CB3}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager

"{E3141858-4955-470D-A388-C51DF8AB5247}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server

"{E599A36B-9FEC-4858-AAA6-95CBA6D772BB}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server

"{125815E1-3FE1-4D7D-9389-89CF7D806763}"= UDP:C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit

"{5F54EE4E-D49F-4E6C-A496-FD135B1E7445}"= TCP:C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit

"{F619F0A2-5444-4963-8548-BF529E49B719}"= UDP:F:\Programas\utorrent-1.8-beta-10198.upx.exe:µTorrent (TCP-In)

"{4D18EDE8-E96D-4F92-AA25-FE8DE2554485}"= TCP:F:\Programas\utorrent-1.8-beta-10198.upx.exe:µTorrent (UDP-In)

"{CFB3D555-10E3-45B8-9B39-24B4E2255EC5}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{9350CDB3-DDC6-4161-9947-067857258314}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{8536E143-08F8-4229-A030-39227151F166}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{13D8CE4B-85CB-470F-B1EE-7D536A18B7F8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-12-14 05:56]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 15:03]

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 07:51]

S3 HPx9G+;HPx9G+ Device USB Driver;C:\Windows\system32\DRIVERS\HPx9G2k.sys [2005-02-17 14:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ee64890-20b0-11dd-9efa-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

\shell\inst1\command - AcrobatReader\setup.exe

\shell\inst2\command - ConnectiveKit\SETUP.EXE

\shell\inst3\command - E:\Manual\InstManu.exe

\shell\inst4\command - E:\UsbDriver\InstDrv.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-05-18 02:35:18 C:\Windows\Tasks\User_Feed_Synchronization-{92B14F2D-E35D-4C7E-B664-FF991006DC3B}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-18 18:54:01

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\system32\winlogon.exe

-> C:\Windows\system32\iifebYSk.dll

PROCESS: C:\Windows\Explorer.exe

-> C:\Windows\system32\sptyxbon.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\ESET\nod32krn.exe

C:\Windows\System32\IoctlSvc.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\conime.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\igfxsrvc.exe

C:\Windows\System32\igfxext.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Users\Fausto\AppData\Local\Temp\RtkBtMnt.exe

.

**************************************************************************

.

Completion time: 2008-05-18 18:56:55 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-18 21:56:49

O sistema não pode encontrar o texto correspondente à mensagem de número 0x2379 no arquivo de mensagens para Application.

Post-Run: 85,853,249,536 bytes dispon¡veis

293 --- E O F --- 2008-05-17 13:58:57

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×