Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
rodrigoaliste

Pc lerdo (processos estranhos)

Recommended Posts

Meu pc ultimamente ta uma M... tive que formatar ele, e depois que instalei o XP, instalei o nod 32 ele detectou uns virus "virut.av trojan agbot, , mas travo o pc todo e eu exclui ele , pronto. pau de novo, corrompeu o hal.dll no boot! formatei de novo e continua lento e com virus (no processo ta cheio de coisa estranha q aparece, dps some e volta)... to tentando excluir mas parece que as pragas voltam! espero a ajuda de alguem.. segue o log do hijack this:

Logfile of HijackThis v1.99.1

Scan saved at 18:21:09, on 19/5/2008

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\System\MSASP32.exe

C:\Documents and Settings\Claudia\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\syom.exe

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\RunServices: [Windows Microsoft Services] wxaoktnv.exe

O4 - HKLM\..\RunServices: [Microsoft Windows Update] apps.exe

O4 - HKLM\..\RunServices: [windowsupdate] C:\WINDOWS\System32\windowsupdate.exe

O4 - HKLM\..\RunOnce: [Microsoft Windows Update] apps.exe

O4 - HKCU\..\RunOnce: [Microsoft Windows Update] apps.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Advance Service Process - Unknown owner - C:\Arquivos de programas\Arquivos comuns\System\MSASP32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: syom - Unknown owner - C:\WINDOWS\syom.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do SDFix:

http://linhadefensiva.uol.com.br/dl/sdfix

Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix)

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

  1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
  2. Tecle Y para que a ferramenta inicie o processo de remoção
  3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
  4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
  5. Uma janela com o relatório do SDFix irá aparecer.
  6. Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Obrigado pela ajuda!! ta ae o relatório que apareceu na pasta do programa:

    SDFix: Version 1.184

    Run by Claudia on ter 20/05/2008 at 15:26

    Microsoft Windows XP [versÆo 5.1.2600]

    Running From: C:\SDFix

    Checking Services :

    Name :

    syom

    Path :

    syom - Deleted

    Restoring Windows Registry Values

    Restoring Windows Default Hosts File

    Rebooting

    Checking Files :

    Trojan Files Found:

    C:\Arquivos de programas\Arquivos comuns\Carlson\carlton - Deleted

    C:\WINDOWS\syom.exe - Deleted

    C:\WINDOWS\system32\WindowsUpdate.exe - Deleted

    Removing Temp Files

    ADS Check :

    Final Check :

    catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-05-20 15:35:33

    Windows 5.1.2600 NTFS

    detected NTDLL code modification:

    ZwOpenFile

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

    "h0"=dword:00000000

    "hdf12"=hex:9c,0b,a9,c4,6e,e1,18,0b,51,c1,da,e2,27,14,0b,ad,cb,c1,1e,5d,86,..

    "p0"="C:\Arquivos de programas\DAEMON Tools Pro\"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]

    "a0"=hex:20,01,00,00,b5,98,7d,68,b8,15,2b,6d,7d,5f,16,7b,93,a7,db,9f,4b,..

    "hdf12"=hex:fd,8a,c1,ed,94,f6,34,62,1a,d9,dc,b2,40,40,26,77,59,01,a0,41,42,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]

    "hdf12"=hex:c1,da,d4,f9,79,31,1b,7e,de,2b,34,7d,27,a3,f1,c6,2f,86,33,3e,d8,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

    "h0"=dword:00000000

    "hdf12"=hex:9c,0b,a9,c4,6e,e1,18,0b,51,c1,da,e2,27,14,0b,ad,cb,c1,1e,5d,86,..

    "p0"="C:\Arquivos de programas\DAEMON Tools Pro\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]

    "a0"=hex:20,01,00,00,b5,98,7d,68,b8,15,2b,6d,7d,5f,16,7b,93,a7,db,9f,4b,..

    "hdf12"=hex:fd,8a,c1,ed,94,f6,34,62,1a,d9,dc,b2,40,40,26,77,59,01,a0,41,42,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]

    "hdf12"=hex:c1,da,d4,f9,79,31,1b,7e,de,2b,34,7d,27,a3,f1,c6,2f,86,33,3e,d8,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully

    hidden processes: 0

    hidden services: 0

    hidden files: 0

    Remaining Services :

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    "C:\\Arquivos de programas\\Arquivos comuns\\System\\MSASP32.exe"="C:\\Arquivos de programas\\Arquivos comuns\\System\\MSASP32.exe:*:Enabled:Microsoft ASP"

    "\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"

    "C:\\WINDOWS\\System32\\windowsupdate.exe"="C:\\WINDOWS\\System32\\windowsupdate.exe:*:Enabled:windowsupdate"

    Remaining Files :

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Mon 3 Mar 2008 572 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"

    Mon 3 Mar 2008 5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg"

    Sun 28 Oct 2001 67,584 ..SHR --- "C:\WINDOWS\system32\wxaoktnv.exe"

    Sun 18 May 2008 62,168 ..SHR --- "C:\Arquivos de programas\Arquivos comuns\System\MSASP32.exe"

    Finished!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Poste um novo log do Hijackthis por gentileza.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • beleza.. ta ae o log

    obs: agora começo a aparecer um arquivo shvhost.exe nos processos, mt loco

    Logfile of HijackThis v1.99.1

    Scan saved at 18:58:18, on 20/5/2008

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\dllcache\shvhost.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\Arquivos comuns\System\MSASP32.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Arquivos de programas\Hamachi\hamachi.exe

    C:\WINDOWS\System32\msiexec.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\WINDOWS\System32\windowsupdate.exe

    C:\Documents and Settings\Claudia\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O4 - HKLM\..\Run: [windowsupdate] C:\WINDOWS\System32\windowsupdate.exe

    O4 - HKLM\..\RunServices: [Windows Microsoft Services] wxaoktnv.exe

    O4 - HKLM\..\RunServices: [Microsoft Windows Update] apps.exe

    O4 - HKLM\..\RunServices: [windowsupdate] C:\WINDOWS\System32\windowsupdate.exe

    O4 - HKLM\..\RunOnce: [Microsoft Windows Update] apps.exe

    O4 - HKCU\..\RunOnce: [Microsoft Windows Update] apps.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: Advance Service Process - Unknown owner - C:\Arquivos de programas\Arquivos comuns\System\MSASP32.exe

    O23 - Service: Microsoft Windows Update (ffor.mylifez.net) - Unknown owner - C:\WINDOWS\System32\apps.exe" -netsvcs (file missing)

    O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\shvhost.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Faça o download do ComboFix

    É importante que o salve no seu desktop (ambiente de trabalho)

    • Feche todas as janelas e programas.
    • Dê um duplo-clique no combofix.exe, marque 1 e dê o enter.
    • É um pouco demorado, por favor seja paciente.
    • Quando a ferramenta terminar de rodar, gerará um log. Poste o arquivo C:\ComboFix.txt.
    • Faça também um novo log do HijackThis para colocar na sua resposta.

    Atenção: Não clique com o mouse enquanto a ferramenta estiver rodando, isso pode fazer com que o PC pare.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ok, nem demorou muito o log do combo fix, na primeira o pc reiniciou sozinho, mas na segunda deu! ta ae

    ComboFix 08-05-20.5 - Claudia 2008-05-21 17:06:00.1 - NTFSx86

    Executando de: C:\Documents and Settings\Claudia\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-04-21 to 2008-05-21 ))))))))))))))))))))))))))))))))

    .

    2008-05-20 22:48 . 2001-08-17 22:00 24,832 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

    2008-05-20 22:48 . 2008-05-20 22:50 1,324 --a------ C:\WINDOWS\system32\LexFiles.usr

    2008-05-20 22:48 . 2008-05-20 22:48 507 --a------ C:\WINDOWS\LMABB2DD.ini

    2008-05-20 22:47 . 2008-05-20 22:47 <DIR> d-------- C:\Arquivos de programas\Lexmark_HostCD

    2008-05-20 22:47 . 2008-05-20 22:47 <DIR> d-------- C:\Arquivos de programas\Lexmark

    2008-05-20 20:53 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

    2008-05-20 19:13 . 2002-12-12 00:14 284,160 --a------ C:\WINDOWS\system32\SET2D.tmp

    2008-05-20 19:13 . 2002-12-12 00:14 24,064 --a------ C:\WINDOWS\system32\SET30.tmp

    2008-05-20 18:56 . 2008-05-20 19:02 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

    2008-05-20 18:54 . 2008-05-20 21:07 1,956 --a------ C:\WINDOWS\system32\d3d8caps.dat

    2008-05-20 18:34 . 2008-05-20 18:34 <DIR> d-------- C:\Arquivos de programas\Microsoft Games

    2008-05-20 17:46 . 2008-05-20 21:33 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\Hamachi

    2008-05-20 17:44 . 2008-05-20 17:46 <DIR> d-------- C:\Arquivos de programas\Hamachi

    2008-05-20 17:44 . 2008-05-20 17:44 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

    2008-05-20 15:58 . 2008-05-20 15:58 910,336 -r-hsc--- C:\WINDOWS\system32\dllcache\shvhost.exe

    2008-05-20 13:14 . 2008-05-20 13:15 <DIR> d-------- C:\WINDOWS\ERUNT

    2008-05-20 13:09 . 2008-05-20 15:50 <DIR> d-------- C:\SDFix

    2008-05-19 21:44 . 2008-05-19 21:44 122 --a------ C:\WINDOWS\WA.INI

    2008-05-19 19:32 . 2008-05-19 19:32 <DIR> d---s---- C:\Documents and Settings\Claudia\UserData

    2008-05-19 18:43 . 2004-08-04 09:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll

    2008-05-19 18:36 . 2008-05-19 18:36 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\MSN6

    2008-05-19 18:36 . 2008-05-19 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\MSN6

    2008-05-19 18:11 . 2008-05-19 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

    2008-05-18 22:47 . 2008-05-18 22:48 1,601,711 --a------ C:\WINDOWS\WANEUninstaller.exe

    2008-05-18 22:41 . 2008-05-18 22:41 <DIR> d-------- C:\Games

    2008-05-18 22:35 . 2008-05-18 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Pro

    2008-05-18 22:30 . 2008-05-18 22:31 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\DAEMON Tools Pro

    2008-05-18 22:30 . 2008-05-18 22:40 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Pro

    2008-05-18 22:17 . 2008-05-20 16:35 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\BSplayer Pro

    2008-05-18 22:17 . 2008-05-20 16:35 <DIR> d-------- C:\Arquivos de programas\Webteh

    2008-05-18 22:14 . 2008-05-18 22:14 379 --a------ C:\WINDOWS\ODBC.INI

    2008-05-18 22:13 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

    2008-05-18 22:11 . 2008-05-18 22:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\L&H

    2008-05-18 22:10 . 2008-05-18 22:10 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

    2008-05-18 22:10 . 2008-05-18 22:10 <DIR> d-------- C:\Arquivos de programas\Microsoft ActiveSync

    2008-05-18 22:07 . 2008-05-18 22:07 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

    2008-05-18 22:06 . 2008-05-18 22:10 <DIR> d-------- C:\WINDOWS\SHELLNEW

    2008-05-18 22:00 . 2008-05-18 22:00 <DIR> dr-h----- C:\MSOCache

    2008-05-18 21:54 . 2008-05-18 21:54 <DIR> d-------- C:\IUware Online

    2008-05-18 21:26 . 2008-05-18 21:26 474,844 --a------ C:\WINDOWS\system32\apps.exe

    2008-05-18 21:24 . 2008-05-20 18:19 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    2008-05-18 21:23 . 2008-05-18 21:23 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\PC Tools

    2008-05-18 21:23 . 2008-05-18 21:32 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

    2008-05-18 21:23 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

    2008-05-18 21:23 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

    2008-05-18 21:23 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

    2008-05-18 21:23 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

    2008-05-18 20:31 . 2008-05-18 20:39 <DIR> d-------- C:\Arquivos de programas\LimeWire

    2008-05-18 20:20 . 2008-05-18 20:20 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

    2008-05-18 20:06 . 2008-05-18 20:07 <DIR> d-------- C:\Arquivos de programas\Guitar Pro 5

    2008-05-18 20:03 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg

    2008-05-18 20:03 . 2008-03-03 18:21 572 --ah----- C:\WINDOWS\nod32fixtemdono.reg

    2008-05-18 19:59 . 2008-05-18 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

    2008-05-18 19:59 . 2008-05-18 19:59 <DIR> d-------- C:\Arquivos de programas\ESET

    2008-05-18 19:30 . 2008-05-18 19:30 <DIR> d-------- C:\WINDOWS\WinRAR

    2008-05-18 19:20 . 2008-05-18 19:20 62,168 --a------ C:\WINDOWS\system32\qz.exe

    2008-05-18 19:19 . 2008-05-20 21:00 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\uTorrent

    2008-05-18 19:19 . 2008-05-18 19:19 <DIR> d-------- C:\Arquivos de programas\uTorrent

    2008-05-18 19:18 . 2008-05-18 19:18 62,168 --a------ C:\WINDOWS\system32\ux.exe

    2008-05-18 19:18 . 2008-05-18 19:18 58,804 --a------ C:\WINDOWS\system32\zp.exe

    2008-05-18 19:11 . 2008-05-20 22:24 <DIR> d--hs---- C:\WINDOWS\Installer

    2008-05-18 19:11 . 2008-05-18 18:53 <DIR> d--h----- C:\Documents and Settings\Claudia\Modelos

    2008-05-18 19:11 . 2008-05-20 22:50 <DIR> dr------- C:\Documents and Settings\Claudia\Meus documentos

    2008-05-18 19:11 . 2008-05-18 19:19 <DIR> dr------- C:\Documents and Settings\Claudia\Menu Iniciar

    2008-05-18 19:11 . 2008-05-19 18:34 <DIR> dr------- C:\Documents and Settings\Claudia\Favoritos

    2008-05-18 19:11 . 2008-05-20 17:46 <DIR> d--h----- C:\Documents and Settings\Claudia\Dados de aplicativos

    2008-05-18 19:11 . 2008-05-21 17:07 <DIR> d--h----- C:\Documents and Settings\Claudia\Configurações locais

    2008-05-18 19:11 . 2008-05-18 18:43 <DIR> d--h----- C:\Documents and Settings\Claudia\Ambiente de rede

    2008-05-18 19:11 . 2008-05-18 18:43 <DIR> d--h----- C:\Documents and Settings\Claudia\Ambiente de impressão

    2008-05-18 19:11 . 2008-05-19 19:32 <DIR> d-------- C:\Documents and Settings\Claudia

    2008-05-18 19:08 . 2008-05-18 19:08 <DIR> d-------- C:\Documents and Settings\NetworkService\Dados de aplicativos

    2008-05-18 19:08 . 2008-05-21 17:07 <DIR> d--h----- C:\Documents and Settings\NetworkService\Configurações locais

    2008-05-18 19:08 . 2008-05-18 19:08 <DIR> d--hs---- C:\Documents and Settings\NetworkService

    2008-05-18 19:08 . 2008-05-18 19:08 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos

    2008-05-18 19:08 . 2008-05-21 17:07 <DIR> d--h----- C:\Documents and Settings\LocalService\Configurações locais

    2008-05-18 19:08 . 2008-05-18 19:08 <DIR> d--hs---- C:\Documents and Settings\LocalService

    2008-05-18 19:08 . 2008-05-18 19:08 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

    2008-05-18 19:06 . 2008-05-18 18:53 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Modelos

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Meus documentos

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Menu Iniciar

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Favoritos

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Dados de aplicativos

    2008-05-18 19:06 . 2008-05-21 17:07 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Configurações locais

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Ambiente de rede

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Ambiente de impressão

    2008-05-18 19:05 . 2001-10-28 15:06 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex

    2008-05-18 19:04 . 2001-10-28 15:06 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

    2008-05-18 19:03 . 2001-10-28 15:06 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll

    2008-05-18 19:02 . 2008-05-18 19:02 <DIR> d-------- C:\WINDOWS\system32\xircom

    2008-05-18 19:02 . 2008-05-18 19:02 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

    2008-05-18 19:01 . 2008-05-18 19:01 2,969 --a------ C:\WINDOWS\system32\CONFIG.NT

    2008-05-18 19:01 . 2008-05-18 19:01 0 --a------ C:\WINDOWS\control.ini

    2008-05-18 19:00 . 2008-05-18 19:00 299,552 --a------ C:\WINDOWS\WMSysPrx.prx

    2008-05-18 19:00 . 2008-05-18 19:11 25,065 --a------ C:\WINDOWS\system32\wmpscheme.xml

    2008-05-18 19:00 . 2008-05-18 19:00 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

    2008-05-18 19:00 . 2008-05-18 19:00 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-05-20 16:05 50,176 ----a-w C:\WINDOWS\system32\ftp.exe

    2008-05-20 16:05 24,576 ----a-w C:\WINDOWS\system32\tftp.exe

    2008-05-19 01:56 133,632 ----a-w C:\WINDOWS\system32\sfc_os.dll

    2008-05-19 00:05 67,072 ----a-w C:\WINDOWS\NOTEPAD.EXE

    2008-05-18 23:26 387,584 ----a-w C:\WINDOWS\system32\cmd.exe

    2008-05-18 23:14 183,296 ----a-w C:\WINDOWS\system32\accwiz.exe

    2008-05-18 23:14 1,154,048 ----a-w C:\WINDOWS\system32\ntbackup.exe

    2008-05-18 23:02 504,832 ----a-w C:\WINDOWS\system32\logonui.exe

    2008-05-18 23:02 31,744 ----a-w C:\WINDOWS\system32\rundll32.exe

    2008-05-18 23:02 219,648 ----a-w C:\WINDOWS\system32\logon.scr

    2008-05-18 23:02 21,504 ----a-w C:\WINDOWS\system32\userinit.exe

    2008-05-18 23:02 146,944 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe

    2008-05-18 23:02 134,144 ----a-w C:\WINDOWS\system32\taskmgr.exe

    2008-05-18 23:01 67,072 ----a-w C:\WINDOWS\system32\notepad.exe

    2008-05-18 23:01 534,528 ----a-w C:\WINDOWS\system32\spider.exe

    2008-05-18 23:01 387,584 ----a-w C:\WINDOWS\system32\mstsc.exe

    2008-05-18 23:01 346,624 ----a-w C:\WINDOWS\system32\tourstart.exe

    2008-05-18 23:01 128,000 ----a-w C:\WINDOWS\system32\mshearts.exe

    2008-05-18 21:57 --------- d-----w C:\Arquivos de programas\Serviços on-line

    2008-05-18 21:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

    2001-10-28 18:06 950,784 --sh--r C:\WINDOWS\system32\windowsupdate.exe

    2001-10-28 18:06 67,584 --sh--r C:\WINDOWS\system32\wxaoktnv.exe

    .

    ------- Sigcheck -------

    2001-10-28 15:06 1010176 ffafc18920f513d37b875b1ab846b332 C:\WINDOWS\explorer.exe

    2001-10-28 15:06 1010176 8e3c79dd881a6203c789099b65c6a073 C:\WINDOWS\system32\dllcache\explorer.exe

    2001-10-28 15:06 20480 e1cb08c5d591ccd1c9d358c726deca7a C:\WINDOWS\system32\ctfmon.exe

    2001-10-28 15:06 20480 a8469736b1de1098166c7aa839c0bcc8 C:\WINDOWS\system32\dllcache\ctfmon.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-28 15:06 20480]

    "Microsoft Windows Update"="apps.exe" [2008-05-18 21:26 474844 C:\WINDOWS\system32\apps.exe]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    "Microsoft Windows Update"="apps.exe" [2008-05-18 21:26 474844 C:\WINDOWS\system32\apps.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    "Microsoft Windows Update"="apps.exe" [2008-05-18 21:26 474844 C:\WINDOWS\system32\apps.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    "Windows Microsoft Services"="wxaoktnv.exe" [2001-10-28 15:06 67584 C:\WINDOWS\system32\wxaoktnv.exe]

    "Microsoft Windows Update"="apps.exe" [2008-05-18 21:26 474844 C:\WINDOWS\system32\apps.exe]

    "windowsupdate"="C:\WINDOWS\System32\windowsupdate.exe" [2001-10-28 15:06 950784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-28 15:06 20480]

    "Windows Microsoft Services"="wxaoktnv.exe" [2001-10-28 15:06 67584 C:\WINDOWS\system32\wxaoktnv.exe]

    "Microsoft Windows Update"="apps.exe" [2008-05-18 21:26 474844 C:\WINDOWS\system32\apps.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "Microsoft Windows Update"="apps.exe" [2008-05-18 21:26 474844 C:\WINDOWS\system32\apps.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

    --a------ 2001-10-28 15:06 20480 C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

    --a------ 2007-09-06 10:08 136136 C:\Arquivos de programas\DAEMON Tools Pro\DTProAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

    --a------ 2008-02-01 12:55 1103240 C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Update]

    --a------ 2008-05-18 21:26 474844 C:\WINDOWS\system32\apps.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --a------ 2001-08-02 07:14 1085469 C:\Arquivos de programas\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Microsoft Services]

    -r-hs---- 2001-10-28 15:06 67584 C:\WINDOWS\system32\wxaoktnv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windowsupdate]

    -r-hs---- 2001-10-28 15:06 950784 C:\WINDOWS\System32\windowsupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "UpdatesDisableNotify"=dword:00000001

    "AntiVirusDisableNotify"=dword:00000001

    "AntiVirusOverride"=dword:00000001

    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "C:\\Arquivos de programas\\Arquivos comuns\\System\\MSASP32.exe"=

    "C:\\WINDOWS\\System32\\windowsupdate.exe"=

    R2 Advance Service Process;Advance Service Process;"C:\Arquivos de programas\Arquivos comuns\System\MSASP32.exe" [2008-05-18 21:24]

    R2 Microsoft Agent;Microsoft Agent;"C:\WINDOWS\System32\dllcache\shvhost.exe" [2008-05-20 15:58]

    R4 ffor.mylifez.net;Microsoft Windows Update;"C:\WINDOWS\System32\apps.exe" -netsvcs []

    S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\System32\regedt32.exe [2001-10-28 15:07]

    *Newly Created Service* - CATCHME

    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-05-21 17:08:47

    Windows 5.1.2600 NTFS

    detected NTDLL code modification:

    ZwOpenFile

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-05-21 17:11:42

    ComboFix-quarantined-files.txt 2008-05-21 20:11:33

    Pre-Run: 9,998,086,144 bytes disponíveis

    Post-Run: 10,081,107,968 bytes disponíveis

    205

    E o log do hijack this ta aqui:

    Logfile of HijackThis v1.99.1

    Scan saved at 17:27:29, on 21/5/2008

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Arquivos comuns\System\MSASP32.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\System32\dllcache\shvhost.exe

    C:\WINDOWS\System32\apps.exe

    C:\WINDOWS\System32\windowsupdate.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\WINDOWS\explorer.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Documents and Settings\Claudia\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\RunServices: [Windows Microsoft Services] wxaoktnv.exe

    O4 - HKLM\..\RunServices: [Microsoft Windows Update] apps.exe

    O4 - HKLM\..\RunServices: [windowsupdate] C:\WINDOWS\System32\windowsupdate.exe

    O4 - HKLM\..\RunOnce: [Microsoft Windows Update] apps.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [Microsoft Windows Update] apps.exe

    O4 - HKCU\..\RunOnce: [Microsoft Windows Update] apps.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O23 - Service: Advance Service Process - Unknown owner - C:\Arquivos de programas\Arquivos comuns\System\MSASP32.exe

    O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\System32\LMabcoms.exe

    O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\shvhost.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

    =D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Desative temporariamente seu antivírus ou qualquer outro software de segurança, tais como firewall, antispyware, etc.

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

    File::
    C:\WINDOWS\system32\apps.exe
    C:\WINDOWS\system32\wxaoktnv.exe
    C:\WINDOWS\System32\windowsupdate .exe
    C:\WINDOWS\System32\windowsupdate.exe

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Windows Update"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Microsoft Windows Update"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Windows Microsoft Services"=-
    "Microsoft Windows Update"=-
    "windowsupdate"=-

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Microsoft Services"=-
    "Microsoft Windows Update"=-

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Microsoft Windows Update"=-


    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Update]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Microsoft Services]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windowsupdate]

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\System32\\windowsupdate.exe"=-

    Driver::
    Microsoft Agent
    ffor.mylifez.net

    • Salve este arquivo como: CFScript.txt
      cfscriptuq2.gif
    • Tal como exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
    • Faça também um novo log do HijackThis para colocar na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Desculpe a demora para responder! aí esta o log do combofix e do hijack-this mais pra baixo

    ComboFix 08-05-20.5 - Claudia 2008-05-24 15:16:52.4 - NTFSx86

    Executando de: C:\Documents and Settings\Claudia\Desktop\ComboFix.exe

    Command switches used :: C:\Documents and Settings\Claudia\Desktop\CFScript.txt

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::

    C:\WINDOWS\system32\apps.exe

    C:\WINDOWS\System32\windowsupdate .exe

    C:\WINDOWS\System32\windowsupdate.exe

    C:\WINDOWS\system32\wxaoktnv.exe

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))

    .

    2008-05-23 20:02 . 2008-05-23 20:02 80,409 -r-hs---- C:\WINDOWS\slysom.exe

    2008-05-23 19:45 . 2008-05-23 19:45 80,409 --a------ C:\WINDOWS\system32\bnp.exe

    2008-05-23 13:02 . 2008-05-23 13:02 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

    2008-05-23 13:02 . 2008-05-23 13:02 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

    2008-05-23 13:02 . 2008-05-23 13:02 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

    2008-05-23 13:02 . 2008-05-23 13:02 <DIR> d-------- C:\Documents and Settings\Claudia\Configuraþ§es locais

    2008-05-23 11:18 . 2008-05-23 11:18 6,004,757 --a------ C:\WINDOWS\system32\qsmzxgfm.exe

    2008-05-23 11:18 . 2008-05-23 11:18 1,258,427 --a------ C:\WINDOWS\system32\xmvgvzh.exe

    2008-05-23 11:18 . 2008-05-23 11:18 36,864 --a------ C:\WINDOWS\system32\ixvnm.exe

    2008-05-23 11:12 . 2008-05-23 11:12 6,004,757 --a------ C:\WINDOWS\system32\gqqz.exe

    2008-05-23 11:12 . 2008-05-23 11:12 1,258,427 --a------ C:\WINDOWS\system32\tpdsscz.exe

    2008-05-23 11:12 . 2008-05-23 11:12 36,864 --a------ C:\WINDOWS\system32\dsqhro.exe

    2008-05-21 23:23 . 2008-05-21 23:23 6,004,757 --a------ C:\WINDOWS\system32\ffsfvnxf.exe

    2008-05-21 23:23 . 2008-05-21 23:23 1,258,427 --a------ C:\WINDOWS\system32\wyxtrm.exe

    2008-05-21 23:23 . 2008-05-21 23:23 83,968 --a------ C:\WINDOWS\system32\emopr.exe

    2008-05-21 23:23 . 2008-05-21 23:23 36,864 --a------ C:\WINDOWS\system32\shhmxe.exe

    2008-05-21 22:04 . 2008-05-21 22:05 <DIR> d-------- C:\WINDOWS\UbiSoft

    2008-05-21 22:04 . 2008-05-21 22:04 <DIR> d-------- C:\UbiSoft

    2008-05-20 22:48 . 2001-08-17 22:00 24,832 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

    2008-05-20 22:48 . 2008-05-20 22:50 1,324 --a------ C:\WINDOWS\system32\LexFiles.usr

    2008-05-20 22:48 . 2008-05-20 22:48 507 --a------ C:\WINDOWS\LMABB2DD.ini

    2008-05-20 22:47 . 2008-05-23 13:01 <DIR> d-------- C:\Arquivos de programas\Lexmark_HostCD

    2008-05-20 22:47 . 2008-05-20 22:47 <DIR> d-------- C:\Arquivos de programas\Lexmark

    2008-05-20 20:53 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

    2008-05-20 19:13 . 2002-12-12 00:14 284,160 --a------ C:\WINDOWS\system32\SET2D.tmp

    2008-05-20 19:13 . 2002-12-12 00:14 24,064 --a------ C:\WINDOWS\system32\SET30.tmp

    2008-05-20 18:56 . 2008-05-20 19:02 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

    2008-05-20 18:54 . 2008-05-20 21:07 1,956 --a------ C:\WINDOWS\system32\d3d8caps.dat

    2008-05-20 18:34 . 2008-05-20 18:34 <DIR> d-------- C:\Arquivos de programas\Microsoft Games

    2008-05-20 17:46 . 2008-05-21 19:59 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\Hamachi

    2008-05-20 17:44 . 2008-05-20 17:46 <DIR> d-------- C:\Arquivos de programas\Hamachi

    2008-05-20 17:44 . 2008-05-20 17:44 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

    2008-05-20 15:58 . 2008-05-20 15:58 910,336 -r-hsc--- C:\WINDOWS\system32\dllcache\shvhost.exe

    2008-05-20 13:14 . 2008-05-20 13:15 <DIR> d-------- C:\WINDOWS\ERUNT

    2008-05-20 13:09 . 2008-05-20 15:50 <DIR> d-------- C:\SDFix

    2008-05-19 21:44 . 2008-05-19 21:44 122 --a------ C:\WINDOWS\WA.INI

    2008-05-19 19:32 . 2008-05-19 19:32 <DIR> d---s---- C:\Documents and Settings\Claudia\UserData

    2008-05-19 18:43 . 2004-08-04 09:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll

    2008-05-19 18:36 . 2008-05-19 18:36 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\MSN6

    2008-05-19 18:36 . 2008-05-19 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\MSN6

    2008-05-19 18:11 . 2008-05-19 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

    2008-05-18 22:47 . 2008-05-18 22:48 1,601,711 --a------ C:\WINDOWS\WANEUninstaller.exe

    2008-05-18 22:41 . 2008-05-18 22:41 <DIR> d-------- C:\Games

    2008-05-18 22:35 . 2008-05-18 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Pro

    2008-05-18 22:30 . 2008-05-18 22:31 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\DAEMON Tools Pro

    2008-05-18 22:30 . 2008-05-18 22:40 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Pro

    2008-05-18 22:17 . 2008-05-20 16:35 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\BSplayer Pro

    2008-05-18 22:17 . 2008-05-20 16:35 <DIR> d-------- C:\Arquivos de programas\Webteh

    2008-05-18 22:14 . 2008-05-18 22:14 379 --a------ C:\WINDOWS\ODBC.INI

    2008-05-18 22:13 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

    2008-05-18 22:11 . 2008-05-18 22:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\L&H

    2008-05-18 22:10 . 2008-05-18 22:10 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

    2008-05-18 22:10 . 2008-05-18 22:10 <DIR> d-------- C:\Arquivos de programas\Microsoft ActiveSync

    2008-05-18 22:07 . 2008-05-18 22:07 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

    2008-05-18 22:06 . 2008-05-18 22:10 <DIR> d-------- C:\WINDOWS\SHELLNEW

    2008-05-18 22:00 . 2008-05-18 22:00 <DIR> dr-h----- C:\MSOCache

    2008-05-18 21:54 . 2008-05-18 21:54 <DIR> d-------- C:\IUware Online

    2008-05-18 21:24 . 2008-05-20 18:19 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    2008-05-18 21:23 . 2008-05-18 21:23 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\PC Tools

    2008-05-18 21:23 . 2008-05-18 21:32 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

    2008-05-18 21:23 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

    2008-05-18 21:23 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

    2008-05-18 21:23 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

    2008-05-18 21:23 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

    2008-05-18 20:31 . 2008-05-18 20:39 <DIR> d-------- C:\Arquivos de programas\LimeWire

    2008-05-18 20:20 . 2008-05-18 20:20 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

    2008-05-18 20:06 . 2008-05-18 20:07 <DIR> d-------- C:\Arquivos de programas\Guitar Pro 5

    2008-05-18 20:03 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg

    2008-05-18 20:03 . 2008-03-03 18:21 572 --ah----- C:\WINDOWS\nod32fixtemdono.reg

    2008-05-18 19:59 . 2008-05-18 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

    2008-05-18 19:59 . 2008-05-18 19:59 <DIR> d-------- C:\Arquivos de programas\ESET

    2008-05-18 19:30 . 2008-05-18 19:30 <DIR> d-------- C:\WINDOWS\WinRAR

    2008-05-18 19:20 . 2008-05-18 19:20 62,168 --a------ C:\WINDOWS\system32\qz.exe

    2008-05-18 19:19 . 2008-05-23 12:48 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\uTorrent

    2008-05-18 19:19 . 2008-05-18 19:19 <DIR> d-------- C:\Arquivos de programas\uTorrent

    2008-05-18 19:18 . 2008-05-18 19:18 62,168 --a------ C:\WINDOWS\system32\ux.exe

    2008-05-18 19:18 . 2008-05-18 19:18 58,804 --a------ C:\WINDOWS\system32\zp.exe

    2008-05-18 19:11 . 2008-05-20 22:24 <DIR> d--hs---- C:\WINDOWS\Installer

    2008-05-18 19:11 . 2008-05-18 18:53 <DIR> d--h----- C:\Documents and Settings\Claudia\Modelos

    2008-05-18 19:11 . 2008-05-24 15:11 <DIR> dr------- C:\Documents and Settings\Claudia\Meus documentos

    2008-05-18 19:11 . 2008-05-18 19:19 <DIR> dr------- C:\Documents and Settings\Claudia\Menu Iniciar

    2008-05-18 19:11 . 2008-05-21 19:41 <DIR> dr------- C:\Documents and Settings\Claudia\Favoritos

    2008-05-18 19:11 . 2008-05-20 17:46 <DIR> d--h----- C:\Documents and Settings\Claudia\Dados de aplicativos

    2008-05-18 19:11 . 2008-05-24 15:18 <DIR> d--h----- C:\Documents and Settings\Claudia\Configurações locais

    2008-05-18 19:11 . 2008-05-18 18:43 <DIR> d--h----- C:\Documents and Settings\Claudia\Ambiente de rede

    2008-05-18 19:11 . 2008-05-18 18:43 <DIR> d--h----- C:\Documents and Settings\Claudia\Ambiente de impressão

    2008-05-18 19:11 . 2008-05-23 13:02 <DIR> d-------- C:\Documents and Settings\Claudia

    2008-05-18 19:08 . 2008-05-18 19:08 <DIR> d-------- C:\Documents and Settings\NetworkService\Dados de aplicativos

    2008-05-18 19:08 . 2008-05-24 15:18 <DIR> d--h----- C:\Documents and Settings\NetworkService\Configurações locais

    2008-05-18 19:08 . 2008-05-23 13:02 <DIR> d--hs---- C:\Documents and Settings\NetworkService

    2008-05-18 19:08 . 2008-05-18 19:08 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos

    2008-05-18 19:08 . 2008-05-24 15:18 <DIR> d--h----- C:\Documents and Settings\LocalService\Configurações locais

    2008-05-18 19:08 . 2008-05-23 13:02 <DIR> d--hs---- C:\Documents and Settings\LocalService

    2008-05-18 19:08 . 2008-05-18 19:08 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

    2008-05-18 19:06 . 2008-05-18 18:53 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Modelos

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Meus documentos

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Menu Iniciar

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Favoritos

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Dados de aplicativos

    2008-05-18 19:06 . 2008-05-24 15:18 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Configurações locais

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Ambiente de rede

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Ambiente de impressão

    2008-05-18 19:05 . 2001-10-28 15:06 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex

    2008-05-18 19:04 . 2001-10-28 15:06 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

    2008-05-18 19:03 . 2001-10-28 15:06 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll

    2008-05-18 19:02 . 2008-05-18 19:02 <DIR> d-------- C:\WINDOWS\system32\xircom

    2008-05-18 19:02 . 2008-05-18 19:02 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

    2008-05-18 19:01 . 2008-05-18 19:01 2,969 --a------ C:\WINDOWS\system32\CONFIG.NT

    2008-05-18 19:01 . 2008-05-18 19:01 0 --a------ C:\WINDOWS\control.ini

    2008-05-18 19:00 . 2008-05-18 19:00 299,552 --a------ C:\WINDOWS\WMSysPrx.prx

    2008-05-18 19:00 . 2008-05-18 19:11 25,065 --a------ C:\WINDOWS\system32\wmpscheme.xml

    2008-05-18 19:00 . 2008-05-18 19:00 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

    2008-05-18 19:00 . 2008-05-18 19:00 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-05-24 18:09 50,176 ----a-w C:\WINDOWS\system32\ftp.exe

    2008-05-24 18:09 24,576 ----a-w C:\WINDOWS\system32\tftp.exe

    2008-05-19 01:56 133,632 ----a-w C:\WINDOWS\system32\sfc_os.dll

    2008-05-19 00:05 67,072 ----a-w C:\WINDOWS\NOTEPAD.EXE

    2008-05-18 23:26 387,584 ----a-w C:\WINDOWS\system32\cmd.exe

    2008-05-18 23:14 183,296 ----a-w C:\WINDOWS\system32\accwiz.exe

    2008-05-18 23:14 1,154,048 ----a-w C:\WINDOWS\system32\ntbackup.exe

    2008-05-18 23:02 504,832 ----a-w C:\WINDOWS\system32\logonui.exe

    2008-05-18 23:02 31,744 ----a-w C:\WINDOWS\system32\rundll32.exe

    2008-05-18 23:02 219,648 ----a-w C:\WINDOWS\system32\logon.scr

    2008-05-18 23:02 21,504 ----a-w C:\WINDOWS\system32\userinit.exe

    2008-05-18 23:02 146,944 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe

    2008-05-18 23:02 134,144 ----a-w C:\WINDOWS\system32\taskmgr.exe

    2008-05-18 23:01 67,072 ----a-w C:\WINDOWS\system32\notepad.exe

    2008-05-18 23:01 534,528 ----a-w C:\WINDOWS\system32\spider.exe

    2008-05-18 23:01 387,584 ----a-w C:\WINDOWS\system32\mstsc.exe

    2008-05-18 23:01 346,624 ----a-w C:\WINDOWS\system32\tourstart.exe

    2008-05-18 23:01 128,000 ----a-w C:\WINDOWS\system32\mshearts.exe

    2008-05-18 21:57 --------- d-----w C:\Arquivos de programas\Serviços on-line

    2008-05-18 21:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

    .

    ------- Sigcheck -------

    2001-10-28 15:06 1010176 ffafc18920f513d37b875b1ab846b332 C:\WINDOWS\explorer.exe

    2001-10-28 15:06 1010176 8e3c79dd881a6203c789099b65c6a073 C:\WINDOWS\system32\dllcache\explorer.exe

    2001-10-28 15:06 20480 e1cb08c5d591ccd1c9d358c726deca7a C:\WINDOWS\system32\ctfmon.exe

    2001-10-28 15:06 20480 a8469736b1de1098166c7aa839c0bcc8 C:\WINDOWS\system32\dllcache\ctfmon.exe

    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-21_17.10.48.69 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2008-05-21 20:03:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat

    + 2008-05-24 18:10:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat

    + 2005-10-20 23:02:28 174,080 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

    - 2008-05-21 01:27:36 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

    + 2008-05-23 23:02:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

    - 2008-05-21 01:27:36 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

    + 2008-05-23 23:02:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

    - 2008-05-21 01:27:36 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

    + 2008-05-23 23:02:56 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

    - 2008-05-20 16:05:01 50,176 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe

    + 2008-05-24 18:09:38 50,176 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe

    - 2008-05-20 16:05:01 24,576 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe

    + 2008-05-24 18:09:38 24,576 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe

    + 2001-10-28 18:06:32 52,624 ---h--w C:\WINDOWS\system32\winamp.exe

    + 2008-05-22 01:05:37 736,768 ----a-w C:\WINDOWS\UbiSoft\SetupUbi.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2008-05-18 20:02 146944]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    "Windows has Layer"="fixweb.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-28 15:06 20480]

    "Windows has Layer"="fixweb.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "Windows has Layer"="fixweb.exe" []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced DHTML Enable]

    --a------ 2008-05-21 23:23 1258427 C:\WINDOWS\System32\wyxtrm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

    --a------ 2001-10-28 15:06 20480 C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

    --a------ 2007-09-06 10:08 136136 C:\Arquivos de programas\DAEMON Tools Pro\DTProAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

    --a------ 2008-02-01 12:55 1103240 C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --a------ 2001-08-02 07:14 1085469 C:\Arquivos de programas\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winamp Agent]

    ---h----- 2001-10-28 15:06 52624 C:\WINDOWS\System32\winamp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows has Layer]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "UpdatesDisableNotify"=dword:00000001

    "AntiVirusDisableNotify"=dword:00000001

    "AntiVirusOverride"=dword:00000001

    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "C:\\Arquivos de programas\\Arquivos comuns\\System\\MSASP32.exe"=

    *Newly Created Service* - CATCHME

    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-05-24 15:19:04

    Windows 5.1.2600 NTFS

    detected NTDLL code modification:

    ZwOpenFile

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-05-24 15:21:14

    ComboFix-quarantined-files.txt 2008-05-24 18:20:48

    ComboFix2.txt 2008-05-23 16:02:19

    ComboFix3.txt 2008-05-21 20:11:47

    Pre-Run: 8,727,363,584 bytes disponíveis

    Post-Run: 8,714,031,104 bytes disponíveis

    232

    Log do hijack this:

    Logfile of HijackThis v1.99.1

    Scan saved at 15:24:11, on 24/5/2008

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\Arquivos comuns\System\MSASP32.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\regedit.exe

    C:\WINDOWS\explorer.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Documents and Settings\Claudia\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

    O4 - HKLM\..\RunServices: [Windows has Layer] fixweb.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O23 - Service: Advance Service Process - Unknown owner - C:\Arquivos de programas\Arquivos comuns\System\MSASP32.exe

    O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\System32\LMabcoms.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

    O23 - Service: slysom - Unknown owner - C:\WINDOWS\slysom.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Por gentileza, não efetue mudanças no sistema operacional durante o processo de limpeza, tais como alterar as entradas pelo MsConfig, como também evite navegar em sites suspeitos.

    Desative temporariamente seu antivírus ou qualquer outro software de segurança, tais como firewall, antispyware, etc.

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

    File::
    C:\WINDOWS\system32\qsmzxgfm.exe
    C:\WINDOWS\system32\xmvgvzh.exe
    C:\WINDOWS\system32\ixvnm.exe
    C:\WINDOWS\system32\gqqz.exe
    C:\WINDOWS\system32\tpdsscz.exe
    C:\WINDOWS\system32\dsqhro.exe
    C:\WINDOWS\system32\ffsfvnxf.exe
    C:\WINDOWS\system32\wyxtrm.exe
    C:\WINDOWS\system32\emopr.exe
    C:\WINDOWS\system32\shhmxe.exe
    C:\WINDOWS\system32\dllcache\shvhost.exe
    C:\WINDOWS\System32\wyxtrm.exe

    Registry::

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Windows has Layer"=-

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows has Layer"=-

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Windows has Layer"=-

    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced DHTML Enable]

    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows has Layer]

    • Salve este arquivo como: CFScript.txt
      cfscriptuq2.gif
    • Tal como exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
    • Faça também um novo log do HijackThis para colocar na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Desculpe por tirar as entradas do msconfig, é que quando fica muitos processos estranhos rodando na maquina, diz: "o sistema está sendo desligado em 50 segundos..."

    ta ae o log do combofix

    ComboFix 08-05-20.5 - Claudia 2008-05-25 13:28:25.5 - NTFSx86

    Executando de: C:\Documents and Settings\Claudia\Desktop\Rodrigo\ComboFix.exe

    Command switches used :: C:\Documents and Settings\Claudia\Desktop\Rodrigo\CFScript.txt

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::

    C:\WINDOWS\system32\dllcache\shvhost.exe

    C:\WINDOWS\system32\dsqhro.exe

    C:\WINDOWS\system32\emopr.exe

    C:\WINDOWS\system32\ffsfvnxf.exe

    C:\WINDOWS\system32\gqqz.exe

    C:\WINDOWS\system32\ixvnm.exe

    C:\WINDOWS\system32\qsmzxgfm.exe

    C:\WINDOWS\system32\shhmxe.exe

    C:\WINDOWS\system32\tpdsscz.exe

    C:\WINDOWS\System32\wyxtrm.exe

    C:\WINDOWS\system32\wyxtrm.exe

    C:\WINDOWS\system32\xmvgvzh.exe

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\system32\dllcache\shvhost.exe

    C:\WINDOWS\system32\dsqhro.exe

    C:\WINDOWS\system32\emopr.exe

    C:\WINDOWS\system32\ffsfvnxf.exe

    C:\WINDOWS\system32\gqqz.exe

    C:\WINDOWS\system32\ixvnm.exe

    C:\WINDOWS\system32\qsmzxgfm.exe

    C:\WINDOWS\system32\shhmxe.exe

    C:\WINDOWS\system32\tpdsscz.exe

    C:\WINDOWS\System32\wyxtrm.exe

    C:\WINDOWS\system32\xmvgvzh.exe

    C:\WINDOWS\TEMP\55673.exe

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))))

    .

    2008-05-25 12:41 . 2008-05-25 12:56 <DIR> d-------- C:\Arquivos de programas\Java

    2008-05-25 11:48 . 2008-05-25 11:48 65,536 --a------ C:\2r6s3e8g1q4.exe

    2008-05-25 00:58 . 2008-05-25 00:58 <DIR> d-------- C:\Arquivos de programas\ToniArts

    2008-05-25 00:58 . 2008-05-25 00:58 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

    2008-05-25 00:57 . 2008-05-25 00:57 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

    2008-05-25 00:03 . 2008-05-25 00:03 65 --a------ C:\WINDOWS\system32\o

    2008-05-24 23:52 . 2008-05-24 23:52 80,463 -r-hs---- C:\WINDOWS\naPrdMgr.exe

    2008-05-24 18:15 . 2008-05-24 18:16 80,409 --a------ C:\WINDOWS\system32\voi.exe

    2008-05-24 18:08 . 2008-05-25 12:33 73,728 --a------ C:\d2r6s3e8g1q4.exe

    2008-05-24 18:02 . 2008-05-24 18:02 80,409 --a------ C:\WINDOWS\system32\xfk.exe

    2008-05-24 16:08 . 2008-05-24 18:02 <DIR> d---s---- C:\WINDOWS\system32\Microsoft

    2008-05-24 16:08 . 2008-05-24 16:07 40,000 --a------ C:\WINDOWS\system32\3rfEK837.exe

    2008-05-23 20:02 . 2008-05-23 20:02 80,409 -r-hs---- C:\WINDOWS\slysom.exe

    2008-05-23 19:45 . 2008-05-23 19:45 80,409 --a------ C:\WINDOWS\system32\bnp.exe

    2008-05-23 13:02 . 2008-05-23 13:02 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

    2008-05-23 13:02 . 2008-05-23 13:02 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

    2008-05-23 13:02 . 2008-05-23 13:02 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

    2008-05-23 13:02 . 2008-05-23 13:02 <DIR> d-------- C:\Documents and Settings\Claudia\Configuraþ§es locais

    2008-05-21 22:04 . 2008-05-21 22:05 <DIR> d-------- C:\WINDOWS\UbiSoft

    2008-05-21 22:04 . 2008-05-21 22:04 <DIR> d-------- C:\UbiSoft

    2008-05-20 22:48 . 2001-08-17 22:00 24,832 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

    2008-05-20 22:48 . 2008-05-20 22:50 1,324 --a------ C:\WINDOWS\system32\LexFiles.usr

    2008-05-20 22:48 . 2008-05-20 22:48 507 --a------ C:\WINDOWS\LMABB2DD.ini

    2008-05-20 22:47 . 2008-05-23 13:01 <DIR> d-------- C:\Arquivos de programas\Lexmark_HostCD

    2008-05-20 22:47 . 2008-05-20 22:47 <DIR> d-------- C:\Arquivos de programas\Lexmark

    2008-05-20 20:53 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

    2008-05-20 19:13 . 2002-12-12 00:14 284,160 --a------ C:\WINDOWS\system32\SET2D.tmp

    2008-05-20 19:13 . 2002-12-12 00:14 24,064 --a------ C:\WINDOWS\system32\SET30.tmp

    2008-05-20 18:56 . 2008-05-20 19:02 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

    2008-05-20 18:54 . 2008-05-20 21:07 1,956 --a------ C:\WINDOWS\system32\d3d8caps.dat

    2008-05-20 18:34 . 2008-05-20 18:34 <DIR> d-------- C:\Arquivos de programas\Microsoft Games

    2008-05-20 17:46 . 2008-05-21 19:59 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\Hamachi

    2008-05-20 17:44 . 2008-05-20 17:46 <DIR> d-------- C:\Arquivos de programas\Hamachi

    2008-05-20 17:44 . 2008-05-20 17:44 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

    2008-05-20 13:14 . 2008-05-20 13:15 <DIR> d-------- C:\WINDOWS\ERUNT

    2008-05-20 13:09 . 2008-05-20 15:50 <DIR> d-------- C:\SDFix

    2008-05-19 21:44 . 2008-05-19 21:44 122 --a------ C:\WINDOWS\WA.INI

    2008-05-19 19:32 . 2008-05-19 19:32 <DIR> d---s---- C:\Documents and Settings\Claudia\UserData

    2008-05-19 18:43 . 2004-08-04 09:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll

    2008-05-19 18:36 . 2008-05-19 18:36 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\MSN6

    2008-05-19 18:36 . 2008-05-19 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\MSN6

    2008-05-19 18:11 . 2008-05-19 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

    2008-05-18 22:47 . 2008-05-18 22:48 1,601,711 --a------ C:\WINDOWS\WANEUninstaller.exe

    2008-05-18 22:41 . 2008-05-18 22:41 <DIR> d-------- C:\Games

    2008-05-18 22:35 . 2008-05-18 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Pro

    2008-05-18 22:30 . 2008-05-18 22:31 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\DAEMON Tools Pro

    2008-05-18 22:30 . 2008-05-18 22:40 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Pro

    2008-05-18 22:17 . 2008-05-20 16:35 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\BSplayer Pro

    2008-05-18 22:17 . 2008-05-20 16:35 <DIR> d-------- C:\Arquivos de programas\Webteh

    2008-05-18 22:14 . 2008-05-18 22:14 379 --a------ C:\WINDOWS\ODBC.INI

    2008-05-18 22:13 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

    2008-05-18 22:11 . 2008-05-18 22:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\L&H

    2008-05-18 22:10 . 2008-05-18 22:10 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

    2008-05-18 22:10 . 2008-05-18 22:10 <DIR> d-------- C:\Arquivos de programas\Microsoft ActiveSync

    2008-05-18 22:07 . 2008-05-18 22:07 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

    2008-05-18 22:06 . 2008-05-18 22:10 <DIR> d-------- C:\WINDOWS\SHELLNEW

    2008-05-18 22:00 . 2008-05-18 22:00 <DIR> dr-h----- C:\MSOCache

    2008-05-18 21:54 . 2008-05-18 21:54 <DIR> d-------- C:\IUware Online

    2008-05-18 21:24 . 2008-05-20 18:19 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    2008-05-18 21:23 . 2008-05-18 21:23 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\PC Tools

    2008-05-18 21:23 . 2008-05-18 21:32 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

    2008-05-18 21:23 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

    2008-05-18 21:23 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

    2008-05-18 21:23 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

    2008-05-18 21:23 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

    2008-05-18 20:31 . 2008-05-18 20:39 <DIR> d-------- C:\Arquivos de programas\LimeWire

    2008-05-18 20:20 . 2008-05-18 20:20 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

    2008-05-18 20:06 . 2008-05-18 20:07 <DIR> d-------- C:\Arquivos de programas\Guitar Pro 5

    2008-05-18 20:03 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg

    2008-05-18 20:03 . 2008-03-03 18:21 572 --ah----- C:\WINDOWS\nod32fixtemdono.reg

    2008-05-18 19:59 . 2008-05-18 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

    2008-05-18 19:59 . 2008-05-18 19:59 <DIR> d-------- C:\Arquivos de programas\ESET

    2008-05-18 19:30 . 2008-05-18 19:30 <DIR> d-------- C:\WINDOWS\WinRAR

    2008-05-18 19:20 . 2008-05-18 19:20 62,168 --a------ C:\WINDOWS\system32\qz.exe

    2008-05-18 19:19 . 2008-05-25 13:28 <DIR> d-------- C:\Documents and Settings\Claudia\Dados de aplicativos\uTorrent

    2008-05-18 19:19 . 2008-05-18 19:19 <DIR> d-------- C:\Arquivos de programas\uTorrent

    2008-05-18 19:18 . 2008-05-18 19:18 62,168 --a------ C:\WINDOWS\system32\ux.exe

    2008-05-18 19:18 . 2008-05-18 19:18 58,804 --a------ C:\WINDOWS\system32\zp.exe

    2008-05-18 19:11 . 2008-05-25 12:56 <DIR> d--hs---- C:\WINDOWS\Installer

    2008-05-18 19:11 . 2008-05-18 18:53 <DIR> d--h----- C:\Documents and Settings\Claudia\Modelos

    2008-05-18 19:11 . 2008-05-24 15:11 <DIR> dr------- C:\Documents and Settings\Claudia\Meus documentos

    2008-05-18 19:11 . 2008-05-18 19:19 <DIR> dr------- C:\Documents and Settings\Claudia\Menu Iniciar

    2008-05-18 19:11 . 2008-05-21 19:41 <DIR> dr------- C:\Documents and Settings\Claudia\Favoritos

    2008-05-18 19:11 . 2008-05-20 17:46 <DIR> d--h----- C:\Documents and Settings\Claudia\Dados de aplicativos

    2008-05-18 19:11 . 2008-05-25 13:30 <DIR> d--h----- C:\Documents and Settings\Claudia\Configurações locais

    2008-05-18 19:11 . 2008-05-18 18:43 <DIR> d--h----- C:\Documents and Settings\Claudia\Ambiente de rede

    2008-05-18 19:11 . 2008-05-18 18:43 <DIR> d--h----- C:\Documents and Settings\Claudia\Ambiente de impressão

    2008-05-18 19:11 . 2008-05-23 13:02 <DIR> d-------- C:\Documents and Settings\Claudia

    2008-05-18 19:08 . 2008-05-18 19:08 <DIR> d-------- C:\Documents and Settings\NetworkService\Dados de aplicativos

    2008-05-18 19:08 . 2008-05-25 13:30 <DIR> d--h----- C:\Documents and Settings\NetworkService\Configurações locais

    2008-05-18 19:08 . 2008-05-23 13:02 <DIR> d--hs---- C:\Documents and Settings\NetworkService

    2008-05-18 19:08 . 2008-05-18 19:08 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos

    2008-05-18 19:08 . 2008-05-25 13:30 <DIR> d--h----- C:\Documents and Settings\LocalService\Configurações locais

    2008-05-18 19:08 . 2008-05-23 13:02 <DIR> d--hs---- C:\Documents and Settings\LocalService

    2008-05-18 19:08 . 2008-05-18 19:08 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

    2008-05-18 19:06 . 2008-05-18 18:53 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Modelos

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Meus documentos

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Menu Iniciar

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Favoritos

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Dados de aplicativos

    2008-05-18 19:06 . 2008-05-25 13:30 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Configurações locais

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Ambiente de rede

    2008-05-18 19:06 . 2008-05-18 18:43 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Ambiente de impressão

    2008-05-18 19:05 . 2001-10-28 15:06 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex

    2008-05-18 19:04 . 2001-10-28 15:06 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

    2008-05-18 19:03 . 2001-10-28 15:06 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll

    2008-05-18 19:02 . 2008-05-18 19:02 <DIR> d-------- C:\WINDOWS\system32\xircom

    2008-05-18 19:02 . 2008-05-18 19:02 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

    2008-05-18 19:01 . 2008-05-18 19:01 2,969 --a------ C:\WINDOWS\system32\CONFIG.NT

    2008-05-18 19:01 . 2008-05-18 19:01 0 --a------ C:\WINDOWS\control.ini

    2008-05-18 19:00 . 2008-05-18 19:00 299,552 --a------ C:\WINDOWS\WMSysPrx.prx

    2008-05-18 19:00 . 2008-05-18 19:11 25,065 --a------ C:\WINDOWS\system32\wmpscheme.xml

    2008-05-18 19:00 . 2008-05-18 19:00 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

    2008-05-18 19:00 . 2008-05-18 19:00 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-05-25 15:33 50,176 ----a-w C:\WINDOWS\system32\ftp.exe

    2008-05-25 15:33 24,576 ----a-w C:\WINDOWS\system32\tftp.exe

    2008-05-19 01:56 133,632 ----a-w C:\WINDOWS\system32\sfc_os.dll

    2008-05-19 00:05 67,072 ----a-w C:\WINDOWS\NOTEPAD.EXE

    2008-05-18 23:26 387,584 ----a-w C:\WINDOWS\system32\cmd.exe

    2008-05-18 23:14 183,296 ----a-w C:\WINDOWS\system32\accwiz.exe

    2008-05-18 23:14 1,154,048 ----a-w C:\WINDOWS\system32\ntbackup.exe

    2008-05-18 23:02 504,832 ----a-w C:\WINDOWS\system32\logonui.exe

    2008-05-18 23:02 31,744 ----a-w C:\WINDOWS\system32\rundll32.exe

    2008-05-18 23:02 219,648 ----a-w C:\WINDOWS\system32\logon.scr

    2008-05-18 23:02 21,504 ----a-w C:\WINDOWS\system32\userinit.exe

    2008-05-18 23:02 146,944 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe

    2008-05-18 23:02 134,144 ----a-w C:\WINDOWS\system32\taskmgr.exe

    2008-05-18 23:01 67,072 ----a-w C:\WINDOWS\system32\notepad.exe

    2008-05-18 23:01 534,528 ----a-w C:\WINDOWS\system32\spider.exe

    2008-05-18 23:01 387,584 ----a-w C:\WINDOWS\system32\mstsc.exe

    2008-05-18 23:01 346,624 ----a-w C:\WINDOWS\system32\tourstart.exe

    2008-05-18 23:01 128,000 ----a-w C:\WINDOWS\system32\mshearts.exe

    2008-05-18 21:57 --------- d-----w C:\Arquivos de programas\Serviços on-line

    2008-05-18 21:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

    .

    ------- Sigcheck -------

    2001-10-28 15:06 1010176 ffafc18920f513d37b875b1ab846b332 C:\WINDOWS\explorer.exe

    2001-10-28 15:06 1010176 8e3c79dd881a6203c789099b65c6a073 C:\WINDOWS\system32\dllcache\explorer.exe

    2001-10-28 15:06 20480 e1cb08c5d591ccd1c9d358c726deca7a C:\WINDOWS\system32\ctfmon.exe

    2001-10-28 15:06 20480 a8469736b1de1098166c7aa839c0bcc8 C:\WINDOWS\system32\dllcache\ctfmon.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-28 15:06 20480]

    "uTorrent"="C:\Arquivos de programas\uTorrent\uTorrent.exe" [2008-05-18 19:19 219952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2008-05-18 20:02 146944]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-28 15:06 20480]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

    --a------ 2001-10-28 15:06 20480 C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

    --a------ 2007-09-06 10:08 136136 C:\Arquivos de programas\DAEMON Tools Pro\DTProAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

    --a------ 2008-02-01 12:55 1103240 C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --------- 2001-08-02 07:14 1085469 C:\Arquivos de programas\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winamp Agent]

    ---h----- 2001-10-28 15:06 52624 C:\WINDOWS\System32\winamp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "UpdatesDisableNotify"=dword:00000001

    "AntiVirusDisableNotify"=dword:00000001

    "AntiVirusOverride"=dword:00000001

    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "C:\\Arquivos de programas\\Arquivos comuns\\System\\MSASP32.exe"=

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    "2008-05-25 03:53:02 C:\WINDOWS\Tasks\At1.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At10.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At11.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At12.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At13.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-25 16:00:02 C:\WINDOWS\Tasks\At14.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At15.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At16.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At17.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At18.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At19.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-25 04:00:01 C:\WINDOWS\Tasks\At2.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 22:00:02 C:\WINDOWS\Tasks\At20.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At21.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At22.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At23.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At24.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-25 05:00:01 C:\WINDOWS\Tasks\At3.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At4.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At5.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At6.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At7.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At8.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    "2008-05-24 19:08:26 C:\WINDOWS\Tasks\At9.job"

    - C:\WINDOWS\System32\3rfEK837.exe

    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-05-25 13:31:22

    Windows 5.1.2600 NTFS

    detected NTDLL code modification:

    ZwOpenFile

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-05-25 13:33:23

    ComboFix-quarantined-files.txt 2008-05-25 16:33:02

    ComboFix2.txt 2008-05-24 18:21:15

    ComboFix3.txt 2008-05-23 16:02:19

    ComboFix4.txt 2008-05-21 20:11:47

    Pre-Run: 9,186,824,192 bytes disponíveis

    Post-Run: 9,297,027,072 bytes disponíveis

    283

    E o do Hijack This:

    Logfile of HijackThis v1.99.1

    Scan saved at 13:36:13, on 25/5/2008

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Arquivos de programas\Arquivos comuns\System\MSASP32.exe

    C:\WINDOWS\system32\notepad.exe

    C:\WINDOWS\explorer.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Documents and Settings\Claudia\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O23 - Service: Advance Service Process - Unknown owner - C:\Arquivos de programas\Arquivos comuns\System\MSASP32.exe

    O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\System32\LMabcoms.exe

    O23 - Service: naPrdMgr - Unknown owner - C:\WINDOWS\naPrdMgr.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Recomendo que instale pelo menos o Service Pack 1 no seu computador, com um computador desatualizado do jeito que está você fica altamente vulnerável.

    Após a instalação dele volte com novo log do ComboFix.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Infelizmente nao foi possivel fazer um log do combofix, pois hj dps q cheguei da escola, o HD nao dava boot (fail to boot from ide-0, algo assim, e já havia acontecido antes).

    como devo proceder? formatar pela terceira vez o pc? nao tem como excluir os vírus pelo linux, pois parece que mesmo dps de formatar os problemas continuam... é mt azar nossa! obrigado pela ajuda que você tem me dado ae pra resolver os problemas Renato

    (estou falando com você através do boot CD-ROM do linux kurumin 6.0)

    Editado por rodrigoaliste
    esqueci uma informação

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Esse tipo de erro geralmente é associado com problemas com hardware. Mas tente o seguinte:

    -Entre no console de recuperação através do CD

    -Digite o comando fixboot

    -Reinicie

    Não é garantido, mas pode ser que resolva esse problema.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×