Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
deodetss

PC infectado!Por favor, ajuda na analise!

Recommended Posts

Meu PC está infectado... abre janelas do navegador de um site Gladiatus, e de outros... como vi vários estão com esse problema.

Trava várias vezes, fica lento, etc.

Estão ai os logs do Hijack e do Combofix.

Agradeço a ajuda!

Logfile of HijackThis v1.99.1

Scan saved at 19:01:38, on 18/05/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\helppane.exe

C:\HiJack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4B6F45E1-90D1-47FE-AA6D-98107AA5A9A2} - C:\Windows\system32\tUlJCrrS.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\CONFLICT.1\gbiehabn.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iifebYSk.dll,#1

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [7c8d4574] rundll32.exe "C:\Windows\system32\sptyxbon.dll",b

O4 - HKLM\..\Run: [bM7fbe76e8] Rundll32.exe "C:\Windows\system32\yxovfhhq.dll",s

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

ComboFix 08-05-15.3 - Fausto 2008-05-18 18:49:00.1 - NTFSx86 MINIMAL

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1662 [GMT -3:00]

Running from: C:\Users\Fausto\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\laehpvgi.ini

C:\Windows\system32\nobxytps.ini

C:\Windows\System32\SrrCJlUt.ini

C:\Windows\System32\SrrCJlUt.ini2

C:\Windows\System32\urbdgyts.ini

C:\Windows\system32\x64

.

((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))

.

2008-05-18 18:27 . 2008-05-18 18:27 124,928 --a------ C:\Windows\System32\yxovfhhq.dll

2008-05-18 18:27 . 2008-05-18 18:27 117,248 --a------ C:\Windows\System32\sptyxbon.dll

2008-05-18 18:20 . 2008-05-18 18:20 124,928 --a------ C:\Windows\System32\vskvjrba.dll

2008-05-18 18:14 . 2008-05-16 14:06 59,392 --a------ C:\Windows\System32\byXPJDtq.dll

2008-05-18 12:46 . 2008-05-16 14:06 59,392 --a------ C:\Windows\System32\awtsssTk.dll

2008-05-17 11:15 . 2008-05-18 18:27 <DIR> d-------- C:\HiJack

2008-05-16 16:33 . 2008-05-16 16:33 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-05-16 15:30 . 2008-05-16 15:30 1,160 --a------ C:\Windows\mozver.dat

2008-05-16 15:18 . 2008-05-16 15:18 0 --a------ C:\Windows\nsreg.dat

2008-05-16 14:12 . 2008-05-16 14:12 370,688 --a------ C:\Windows\System32\tUlJCrrS.dll

2008-05-16 14:08 . 2008-05-16 14:08 <DIR> d-------- C:\Program Files\Google

2008-05-16 14:06 . 2008-05-16 14:06 20,913,576 --a------ C:\google.h.i.c.h.a.m.o.n.t.r.e.a..l.o.ll.exe

2008-05-16 14:06 . 2008-05-16 14:06 96,256 --------- C:\is154243.exe

2008-05-16 14:02 . 2008-05-18 18:14 54,156 --ah----- C:\Windows\QTFont.qfn

2008-05-16 14:02 . 2008-05-16 14:02 1,409 --a------ C:\Windows\QTFont.for

2008-05-16 14:01 . 2008-05-16 14:01 <DIR> d-------- C:\Users\Fausto\AppData\Roaming\Apple Computer

2008-05-16 14:01 . 2008-05-16 14:01 <DIR> d-------- C:\Program Files\iTunes

2008-05-16 14:01 . 2008-05-16 14:01 <DIR> d-------- C:\Program Files\iPod

2008-05-16 14:00 . 2008-05-16 14:01 <DIR> d-------- C:\Users\All Users\Apple Computer

2008-05-16 14:00 . 2008-05-16 14:01 <DIR> d-------- C:\ProgramData\Apple Computer

2008-05-16 14:00 . 2008-05-16 14:00 <DIR> d-------- C:\Program Files\Bonjour

2008-05-16 13:59 . 2008-05-16 13:59 <DIR> d-------- C:\Program Files\Apple Software Update

2008-05-16 13:58 . 2008-05-16 13:58 <DIR> d-------- C:\Users\All Users\Apple

2008-05-16 13:58 . 2008-05-16 13:58 <DIR> d-------- C:\ProgramData\Apple

2008-05-16 13:58 . 2008-05-16 13:58 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-05-16 13:01 . 2008-05-16 14:00 <DIR> d-------- C:\Program Files\QuickTime

2008-05-16 12:44 . 2008-05-16 14:14 <DIR> d-------- C:\Users\Fausto\AppData\Roaming\uTorrent

2008-05-16 06:23 . 2008-05-16 06:23 <DIR> d-------- C:\Program Files\Hewlett-Packard

2008-05-16 06:23 . 2005-02-17 14:38 12,658 --a------ C:\Windows\System32\drivers\HPx9G2k.sys

2008-05-15 10:29 . 2008-05-16 08:27 69 --a------ C:\Windows\NeroDigital.ini

2008-05-15 10:22 . 2008-05-15 10:22 <DIR> d-------- C:\Program Files\VistaCodecPack

2008-05-15 10:09 . 2008-05-15 10:09 <DIR> d-------- C:\Users\All Users\VistaCodecs

2008-05-15 10:09 . 2008-05-15 10:09 <DIR> d-------- C:\ProgramData\VistaCodecs

2008-05-13 20:13 . 2008-05-13 20:13 <DIR> d-------- C:\IDAPI

2008-05-13 20:13 . 1994-08-22 22:36 25,808 --a------ C:\Windows\system\CTL3DV2.DLL

2008-05-13 20:12 . 2008-05-13 20:12 <DIR> d-------- C:\1001

2008-05-13 20:12 . 2008-05-13 20:12 29 --a------ C:\Windows\1001.INI

2008-05-13 20:11 . 2008-05-13 20:11 <DIR> d-------- C:\ARQUIVOS

2008-05-13 19:00 . 2008-05-13 19:00 <DIR> d-------- C:\Program Files\Nuganics

2008-05-13 19:00 . 2008-05-13 19:00 1,807,938 --a------ C:\Windows\System32\Licking Dog Screen Clean.scr

2008-05-13 17:31 . 2008-05-18 18:51 504,988 --a------ C:\Windows\System32\prfh0416.dat

2008-05-13 17:31 . 2008-05-13 17:29 318,818 --a------ C:\Windows\System32\prfi0416.dat

2008-05-13 17:31 . 2008-05-18 18:51 82,368 --a------ C:\Windows\System32\prfc0416.dat

2008-05-13 17:31 . 2008-05-13 17:29 37,412 --a------ C:\Windows\System32\prfd0416.dat

2008-05-13 17:30 . 2008-05-13 17:30 <DIR> d-------- C:\Windows\System32\drivers\pt-BR

2008-05-13 17:30 . 2008-05-13 17:30 <DIR> d-------- C:\Windows\System32\0416

2008-05-13 17:30 . 2008-05-13 17:30 <DIR> d-------- C:\Windows\pt-BR

2008-05-13 16:18 . 2008-05-13 16:18 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

2008-05-13 16:18 . 2008-05-13 16:18 41,984 --a------ C:\Windows\System32\drivers\monitor.sys

2008-05-13 16:17 . 2008-05-13 16:17 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll

2008-05-13 16:14 . 2008-05-13 16:14 944,184 --a------ C:\Windows\System32\winload.exe

2008-05-13 16:14 . 2008-05-13 16:14 620,088 --a------ C:\Windows\System32\ci.dll

2008-05-13 16:14 . 2008-05-13 16:14 371,712 --a------ C:\Windows\System32\srcore.dll

2008-05-13 16:14 . 2008-05-13 16:14 313,856 --a------ C:\Windows\System32\rstrui.exe

2008-05-13 16:14 . 2008-05-13 16:14 40,960 --a------ C:\Windows\System32\srclient.dll

2008-05-13 16:14 . 2008-05-13 16:14 19,000 --a------ C:\Windows\System32\kd1394.dll

2008-05-13 16:14 . 2008-05-13 16:14 16,384 --a------ C:\Windows\System32\srdelayed.exe

2008-05-13 16:14 . 2008-05-13 16:14 7,168 --a------ C:\Windows\System32\f3ahvoas.dll

2008-05-13 16:14 . 2008-05-13 16:14 6,656 --a------ C:\Windows\System32\kbd106n.dll

2008-05-13 16:13 . 2008-05-18 18:53 <DIR> d-------- C:\Users\All Users\GbPlugin

2008-05-13 16:13 . 2008-05-18 18:53 <DIR> d-------- C:\ProgramData\GbPlugin

2008-05-13 16:13 . 2008-05-13 16:13 <DIR> d-------- C:\Program Files\GbPlugin

2008-05-13 16:12 . 2008-05-13 16:12 2,027,008 --a------ C:\Windows\System32\win32k.sys

2008-05-13 16:12 . 2008-05-13 16:12 296,448 --a------ C:\Windows\System32\gdi32.dll

2008-05-13 16:11 . 2008-05-13 16:11 83,968 --a------ C:\Windows\System32\dnsrslvr.dll

2008-05-13 16:11 . 2008-05-13 16:11 53,760 --a------ C:\Windows\System32\drivers\hdaudbus.sys

2008-05-13 16:11 . 2008-05-13 16:11 24,576 --a------ C:\Windows\System32\dnscacheugc.exe

2008-05-13 16:07 . 2008-05-13 16:07 148,992 --a------ C:\Windows\System32\drivers\ks.sys

2008-05-13 16:04 . 2008-05-13 16:04 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-05-13 15:27 . 2008-05-13 15:44 <DIR> d-------- C:\Users\Fausto\Turbo Squid Tentacles

2008-05-13 15:18 . 2008-05-13 15:18 <DIR> d-------- C:\Windows\System32\Macromed

2008-05-13 15:18 . 2008-05-13 15:27 <DIR> d-------- C:\Program Files\turbo squid tentacles

2008-05-13 15:15 . 2008-05-13 15:15 231 --a------ C:\Windows\System32\3dsmax.ini

2008-05-13 15:15 . 2008-05-13 15:15 43 --a------ C:\Windows\System32\InstallSettings.ini

2008-05-13 15:13 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll

2008-05-13 15:13 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll

2008-05-13 15:13 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll

2008-05-13 15:13 . 2007-05-16 16:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll

2008-05-13 15:13 . 2007-05-16 16:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll

2008-05-13 15:13 . 2006-11-29 13:06 440,080 --a------ C:\Windows\System32\d3dx10.dll

2008-05-13 14:42 . 2008-05-13 14:42 1,712,984 --a------ C:\Windows\System32\wuaueng.dll

2008-05-13 14:42 . 2008-05-13 14:42 1,524,224 --a------ C:\Windows\System32\wucltux.dll

2008-05-13 14:42 . 2008-05-13 14:42 53,080 --a------ C:\Windows\System32\wuauclt.exe

2008-05-13 14:42 . 2008-05-13 14:42 43,352 --a------ C:\Windows\System32\wups2.dll

2008-05-13 14:41 . 2008-05-13 14:41 549,720 --a------ C:\Windows\System32\wuapi.dll

2008-05-13 14:41 . 2008-05-13 14:41 163,000 --a------ C:\Windows\System32\wuwebv.dll

2008-05-13 14:41 . 2008-05-13 14:41 80,896 --a------ C:\Windows\System32\wudriver.dll

2008-05-13 14:41 . 2008-05-13 14:41 33,624 --a------ C:\Windows\System32\wups.dll

2008-05-13 14:41 . 2008-05-13 14:41 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-05-13 07:49 . 2008-05-13 03:00 <DIR> d-------- C:\Windows\Panther

2008-05-13 07:49 . 2008-05-18 18:52 <DIR> d--hs---- C:\Boot

2008-05-13 07:49 . 2008-01-08 19:32 443,912 -rahs---- C:\bootmgr

2008-05-13 07:49 . 2008-05-13 07:49 8,192 -ra-s---- C:\BOOTSECT.BAK

2008-05-13 07:48 . 2008-05-13 07:48 <DIR> d-------- C:\Windows\System32\OEM

2008-05-13 07:48 . 2007-03-16 13:40 59 -ra------ C:\Windows\DELL_VERSION

2008-05-13 07:20 . 2008-05-13 05:09 <DIR> d-------- C:\Windows.old

2008-05-13 05:24 . 2008-05-16 16:33 <DIR> d-------- C:\Users\All Users\Adobe

2008-05-13 04:26 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll

2008-05-13 04:25 . 2008-05-13 04:25 <DIR> d-------- C:\Windows\PCHEALTH

2008-05-13 04:25 . 2008-05-13 04:25 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-05-13 04:25 . 2008-05-13 04:26 <DIR> d-------- C:\Program Files\Microsoft Works

2008-05-13 04:22 . 2008-05-13 04:22 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8

2008-05-13 04:21 . 2008-05-17 10:23 <DIR> d--hs---- C:\Windows\Installer

2008-05-13 04:21 . 2008-05-13 16:20 <DIR> d-------- C:\Users\All Users\Microsoft Help

2008-05-13 04:21 . 2008-05-13 16:20 <DIR> d-------- C:\ProgramData\Microsoft Help

2008-05-13 04:20 . 2008-05-13 04:20 <DIR> dr-h----- C:\MSOCache

2008-05-13 04:01 . 2008-05-13 04:01 <DIR> dr------- C:\Users\Fausto\Searches

2008-05-13 04:01 . 2008-05-13 04:01 <DIR> dr------- C:\Users\Fausto\Contacts

2008-05-13 04:00 . 2008-05-17 11:38 <DIR> dr------- C:\Users\Fausto\Videos

2008-05-13 04:00 . 2008-05-17 19:01 <DIR> dr------- C:\Users\Fausto\Saved Games

2008-05-13 04:00 . 2008-05-13 04:01 <DIR> dr------- C:\Users\Fausto\Pictures

2008-05-13 04:00 . 2008-05-16 14:02 <DIR> dr------- C:\Users\Fausto\Music

2008-05-13 04:00 . 2008-05-13 04:01 <DIR> dr------- C:\Users\Fausto\Links

2008-05-13 04:00 . 2008-05-16 12:55 <DIR> dr------- C:\Users\Fausto\Downloads

2008-05-13 04:00 . 2008-05-16 16:35 <DIR> dr------- C:\Users\Fausto\Documents

2008-05-13 04:00 . 2006-11-02 09:35 <DIR> d-------- C:\Users\Fausto\AppData\Roaming\Media Center Programs

2008-05-13 04:00 . 2008-05-13 15:05 <DIR> d--h----- C:\Users\Fausto\AppData

2008-05-13 04:00 . 2008-05-17 10:56 <DIR> d-------- C:\Users\Fausto

2008-05-13 04:00 . 2008-05-13 04:02 524,288 --ahs---- C:\Users\Fausto\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms

2008-05-13 04:00 . 2008-05-13 04:02 524,288 --ahs---- C:\Users\Fausto\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms

2008-05-13 04:00 . 2008-05-18 18:53 262,144 --ah----- C:\Users\Fausto\ntuser.dat.LOG1

2008-05-13 04:00 . 2008-05-13 04:02 65,536 --ahs---- C:\Users\Fausto\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf

2008-05-13 04:00 . 2008-05-13 04:00 0 --ah----- C:\Users\Fausto\ntuser.dat.LOG2

2008-05-13 03:59 . 2007-03-17 08:41 171,136 -rahs---- C:\grldr

2008-05-13 03:56 . 2008-05-13 03:56 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-16 17:06 59,392 ----a-w C:\Windows\System32\iifebYSk.dll

2008-05-13 20:30 --------- d-----w C:\Program Files\Windows Sidebar

2008-05-13 20:30 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-05-13 20:30 --------- d-----w C:\Program Files\Windows Mail

2008-05-13 20:30 --------- d-----w C:\Program Files\Windows Journal

2008-05-13 20:30 --------- d-----w C:\Program Files\Windows Defender

2008-05-13 20:30 --------- d-----w C:\Program Files\Windows Collaboration

2008-05-13 20:30 --------- d-----w C:\Program Files\Windows Calendar

2008-05-13 19:05 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-05-13 19:05 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-05-13 19:05 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-05-13 19:05 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-05-13 07:25 --------- d-----w C:\Program Files\MSBuild

2008-05-13 05:57 174 --sha-w C:\Program Files\desktop.ini

2008-05-12 08:31 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-05-12 08:31 315,392 ----a-w C:\Windows\HideWin.exe

2008-04-12 10:41 180,224 ----a-w C:\Windows\System32\xvidvfw.dll

2008-04-12 10:30 765,952 ----a-w C:\Windows\System32\xvidcore.dll

2008-03-06 21:29 966,656 ----a-w C:\Windows\System32\VSFilter.dll

2008-02-28 20:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe

2008-02-26 19:14 972,072 ----a-w C:\Windows\UNRecode.exe

2008-02-18 19:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll

.

------- Sigcheck -------

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1630D545-2D74-4231-BCBF-A0A4C786DC6E}]

2008-05-16 14:12 370688 --a------ C:\Windows\system32\tUlJCrrS.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 19:33 1232896]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-11 12:26 1006264]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

"RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 05:56 4702208 C:\Windows\RtHDVCpl.exe]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 05:55 102400]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 10:17 707080]

"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 13:47 45056]

"PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 10:56 200704]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-13 02:29 949376]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-16 13:01 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"MSServer"="C:\Windows\system32\iifebYSk.dll" [2008-05-16 14:06 59392]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]

"7c8d4574"="C:\Windows\system32\sptyxbon.dll" [2008-05-18 18:27 117248]

"BM7fbe76e8"="C:\Windows\system32\yxovfhhq.dll" [2008-05-18 18:27 124928]

C:\Users\Fausto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\Windows\Downloaded Program Files\CONFLICT.1\gbiehabn.dll [2008-05-18 18:25 367016]

"{36D9CB8D-B8CA-4A85-A879-06A71109F11E}"= C:\Windows\system32\iifebYSk.dll [2008-05-16 14:06 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{F2225180-0D4C-48E0-A00B-FFD7A021006D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{C70AD058-7978-4013-BE60-650C0B338C1F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{E0BFF397-FAE4-4495-A942-DD09F6C07801}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{05C7C16F-58B6-499E-AD27-2B278043D46E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{6B2058D7-8781-46A3-85F7-CACCB3B00776}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{51E43F64-A080-4ABA-929F-411E839427A4}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

"UDP Query User{E2107273-8F14-4769-B216-8A0DFC3B1906}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

"{D7AE48A8-BA13-4DE1-AD56-0E58640D8544}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor

"{8516E781-D26D-47D7-AB35-23A4EE24DFF1}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor

"{28AEE948-7F94-4A56-90EE-BD96DC3D0AA8}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager

"{9C511126-89A3-4DA1-8095-FFBE60D32CB3}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager

"{E3141858-4955-470D-A388-C51DF8AB5247}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server

"{E599A36B-9FEC-4858-AAA6-95CBA6D772BB}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server

"{125815E1-3FE1-4D7D-9389-89CF7D806763}"= UDP:C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit

"{5F54EE4E-D49F-4E6C-A496-FD135B1E7445}"= TCP:C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit

"{F619F0A2-5444-4963-8548-BF529E49B719}"= UDP:F:\Programas\utorrent-1.8-beta-10198.upx.exe:µTorrent (TCP-In)

"{4D18EDE8-E96D-4F92-AA25-FE8DE2554485}"= TCP:F:\Programas\utorrent-1.8-beta-10198.upx.exe:µTorrent (UDP-In)

"{CFB3D555-10E3-45B8-9B39-24B4E2255EC5}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{9350CDB3-DDC6-4161-9947-067857258314}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{8536E143-08F8-4229-A030-39227151F166}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{13D8CE4B-85CB-470F-B1EE-7D536A18B7F8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-12-14 05:56]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 15:03]

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 07:51]

S3 HPx9G+;HPx9G+ Device USB Driver;C:\Windows\system32\DRIVERS\HPx9G2k.sys [2005-02-17 14:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ee64890-20b0-11dd-9efa-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

\shell\inst1\command - AcrobatReader\setup.exe

\shell\inst2\command - ConnectiveKit\SETUP.EXE

\shell\inst3\command - E:\Manual\InstManu.exe

\shell\inst4\command - E:\UsbDriver\InstDrv.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-05-18 02:35:18 C:\Windows\Tasks\User_Feed_Synchronization-{92B14F2D-E35D-4C7E-B664-FF991006DC3B}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-18 18:54:01

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\system32\winlogon.exe

-> C:\Windows\system32\iifebYSk.dll

PROCESS: C:\Windows\Explorer.exe

-> C:\Windows\system32\sptyxbon.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\ESET\nod32krn.exe

C:\Windows\System32\IoctlSvc.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\conime.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\igfxsrvc.exe

C:\Windows\System32\igfxext.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Users\Fausto\AppData\Local\Temp\RtkBtMnt.exe

.

**************************************************************************

.

Completion time: 2008-05-18 18:56:55 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-18 21:56:49

O sistema não pode encontrar o texto correspondente à mensagem de número 0x2379 no arquivo de mensagens para Application.

Post-Run: 85,853,249,536 bytes dispon¡veis

293 --- E O F --- 2008-05-17 13:58:57

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×