Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
lucas.jumper

log com combofix!!! help

Recommended Posts

pessoal, to postando o log do Combofix!!!

se alguem puder me ajudar!! esse virus estão me matando!! kavo, tavo...

o avast também ta aptando em c:/windows/system32/drives/vgs.sys (acho q é isso)

valeww

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-05-15.2 - Lukinha 2008-05-20 0:00:48.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.673 [GMT -3:00]

Executando de: C:\Documents and Settings\Lukinha\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\ActivationManager

C:\Arquivos de programas\ActivationManager\ActivationManager.dll

C:\Arquivos de programas\ActivationManager\Uninstall.exe

C:\Arquivos de programas\ADSTechnology

C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll

C:\Arquivos de programas\ADSTechnology\ADSTechnology.exe

C:\Arquivos de programas\ADSTechnology\Uninstall.exe

C:\autorun.inf

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology\ADSTechnology.lnk

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology\Uninstall.lnk

C:\WINDOWS\system32\kavo.exe

C:\WINDOWS\system32\kavo0.dll

C:\WINDOWS\system32\kavo1.dll

C:\WINDOWS\system32\tavo.exe

C:\WINDOWS\system32\tavo1.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))

.

2008-05-19 16:48 . 2008-05-19 16:48 <DIR> d-------- C:\Documents and Settings\Douglas\Dados de aplicativos\DivX

2008-05-18 21:07 . 2008-05-18 21:07 <DIR> d-------- C:\Documents and Settings\Douglas\Configuraes locais

2008-05-18 11:16 . 2008-05-18 11:16 <DIR> d-------- C:\Documents and Settings\Jefferson\Dados de aplicativos\DivX

2008-05-17 19:42 . 2008-05-17 19:42 <DIR> d-------- C:\Arquivos de programas\RAR Password Cracker

2008-05-17 18:35 . 2008-05-14 19:07 117,533 -r-hs---- C:\v3pif.bat

2008-05-17 18:32 . 2008-05-17 18:32 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-05-17 18:32 . 2007-04-23 02:15 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-05-17 18:32 . 2007-05-31 08:44 740,442 --a------ C:\WINDOWS\system32\divx.dll

2008-05-17 18:32 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm

2008-05-17 18:32 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-05-17 18:32 . 2006-05-13 23:16 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-05-17 18:32 . 2007-04-23 02:02 73,728 --a------ C:\WINDOWS\system32\dpl100.dll

2008-05-17 18:32 . 2007-07-29 17:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-05-17 18:32 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-05-17 18:32 . 2006-01-30 21:54 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-05-17 18:29 . 2008-05-17 18:29 <DIR> d-------- C:\Arquivos de programas\LD-Anime

2008-05-17 13:43 . 2008-05-17 13:43 <DIR> d-------- C:\Arquivos de programas\dvdSanta

2008-05-17 13:31 . 2008-05-17 13:31 <DIR> d-------- C:\Arquivos de programas\Gabest

2008-05-16 01:36 . 2008-05-16 01:36 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2008-05-16 01:34 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-05-15 14:20 . 2008-05-15 14:20 <DIR> d-------- C:\WINDOWS\Sun

2008-05-15 13:12 . 2008-05-15 13:12 244 --ah----- C:\sqmnoopt14.sqm

2008-05-15 13:12 . 2008-05-15 13:12 232 --ah----- C:\sqmdata14.sqm

2008-05-14 20:54 . 2008-05-14 20:54 <DIR> d-------- C:\Documents and Settings\Douglas\Dados de aplicativos\Media Player Classic

2008-05-13 13:33 . 2008-05-13 13:33 244 --ah----- C:\sqmnoopt13.sqm

2008-05-13 13:33 . 2008-05-13 13:33 232 --ah----- C:\sqmdata13.sqm

2008-05-13 01:18 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-05-13 01:15 . 2005-04-15 15:58 1,351,392 --a------ C:\WINDOWS\system32\COMCTL32.OCX

2008-05-13 01:15 . 2007-03-12 12:16 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX

2008-05-13 01:15 . 2007-03-12 12:16 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX

2008-05-13 01:15 . 2007-03-12 12:16 40,960 --a------ C:\WINDOWS\system32\SSUBTMR6.DLL

2008-05-13 01:15 . 2007-03-12 12:16 32,584 --a------ C:\WINDOWS\system32\FM20ENU.DLL

2008-05-13 01:13 . 2008-05-13 01:15 <DIR> d-------- C:\Arquivos de programas\AutoPatcher

2008-05-13 00:55 . 2008-05-13 00:55 <DIR> d--h----- C:\WINDOWS\PIF

2008-05-13 00:29 . 2004-09-03 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX

2008-05-13 00:29 . 2007-10-07 11:27 10,752 --a------ C:\WINDOWS\system32\aamd532.dll

2008-05-12 23:59 . 2008-05-12 23:59 0 --a------ C:\WINDOWS\nsreg.dat

2008-05-12 23:46 . 2007-03-14 02:04 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-12 23:45 . 2008-05-12 23:46 <DIR> d-------- C:\Arquivos de programas\Java

2008-05-12 23:45 . 2008-05-12 23:45 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-05-12 19:32 . 2008-05-12 19:32 <DIR> d-------- C:\Documents and Settings\Douglas\Dados de aplicativos\Photodex

2008-05-11 10:46 . 2008-05-11 10:46 <DIR> d-------- C:\Documents and Settings\Jefferson\Dados de aplicativos\Photodex

2008-05-10 21:42 . 2008-05-10 21:42 <DIR> d-------- C:\Documents and Settings\Lukinha\Dados de aplicativos\Netscape

2008-05-10 21:42 . 2008-05-10 21:42 <DIR> d-------- C:\Arquivos de programas\Photodex Presenter

2008-05-10 21:42 . 2008-05-10 21:42 <DIR> d-------- C:\Arquivos de programas\Photodex

2008-05-10 21:39 . 2008-05-10 21:39 <DIR> d-------- C:\Documents and Settings\Lukinha\Dados de aplicativos\Photodex

2008-05-10 21:10 . 2008-05-10 21:10 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2008-05-10 21:08 . 2008-05-10 21:08 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-05-10 21:08 . 2008-05-10 21:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-05-10 16:36 . 2008-05-10 16:36 <DIR> d-------- C:\Arquivos de programas\SopCast

2008-05-10 16:36 . 2008-05-19 08:45 <DIR> d-------- C:\Arquivos de programas\MegaCubo

2008-05-10 00:58 . 2008-05-10 00:58 <DIR> d-------- C:\Arquivos de programas\RocketDock

2008-05-09 22:58 . 2008-05-09 22:58 <DIR> d-------- C:\Documents and Settings\Douglas\Dados de aplicativos\ATI

2008-05-06 22:17 . 2008-05-06 22:17 <DIR> d-------- C:\Documents and Settings\Douglas\Dados de aplicativos\Ahead

2008-05-05 23:21 . 2008-05-05 23:21 268 --ah----- C:\sqmdata12.sqm

2008-05-05 23:21 . 2008-05-05 23:21 244 --ah----- C:\sqmnoopt12.sqm

2008-05-05 21:31 . 2008-05-05 21:31 268 --ah----- C:\sqmdata11.sqm

2008-05-05 21:31 . 2008-05-05 21:31 244 --ah----- C:\sqmnoopt11.sqm

2008-05-04 20:37 . 2008-05-05 23:22 <DIR> d-------- C:\Documents and Settings\Douglas\Contacts

2008-05-03 17:36 . 2008-05-03 17:36 268 --ah----- C:\sqmdata10.sqm

2008-05-03 17:36 . 2008-05-03 17:36 244 --ah----- C:\sqmnoopt10.sqm

2008-05-03 16:48 . 2008-05-03 16:48 268 --ah----- C:\sqmdata09.sqm

2008-05-03 16:48 . 2008-05-03 16:48 244 --ah----- C:\sqmnoopt09.sqm

2008-05-03 13:22 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-05-03 13:22 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-05-03 12:55 . 2008-05-03 12:55 <DIR> d-------- C:\Arquivos de programas\EA GAMES

2008-05-03 12:55 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-05-03 12:53 . 2008-05-03 13:22 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools

2008-05-03 12:51 . 2008-05-03 12:51 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-05-03 11:48 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-05-03 11:48 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys

2008-05-03 11:04 . 2008-05-03 11:04 <DIR> d-------- C:\Arquivos de programas\D'Accord Afinador 3.0

2008-05-03 11:04 . 2008-05-03 11:04 8 --a------ C:\Documents and Settings\All Users\Dados de aplicativos\SDGLYBMPWPP.SYS

2008-05-02 22:27 . 2008-05-02 22:27 268 --ah----- C:\sqmdata08.sqm

2008-05-02 22:27 . 2008-05-02 22:27 244 --ah----- C:\sqmnoopt08.sqm

2008-05-01 19:08 . 2008-05-01 19:08 <DIR> d-------- C:\Arquivos de programas\WinAVIVideoConverter

2008-04-30 00:05 . 2008-04-30 00:05 268 --ah----- C:\sqmdata07.sqm

2008-04-30 00:05 . 2008-04-30 00:05 244 --ah----- C:\sqmnoopt07.sqm

2008-04-28 23:09 . 2008-04-28 23:09 268 --ah----- C:\sqmdata06.sqm

2008-04-28 23:09 . 2008-04-28 23:09 244 --ah----- C:\sqmnoopt06.sqm

2008-04-28 17:44 . 2008-04-28 17:44 <DIR> d-------- C:\Documents and Settings\Lukinha\Dados de aplicativos\Sony

2008-04-28 17:44 . 2008-04-28 17:44 <DIR> d-------- C:\Documents and Settings\Lukinha\Dados de aplicativos\Publish Providers

2008-04-28 17:44 . 2008-04-28 17:56 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-04-28 17:32 . 2008-04-28 17:57 <DIR> d-------- C:\Arquivos de programas\Sony

2008-04-28 17:28 . 2008-04-28 17:28 <DIR> d-------- C:\Arquivos de programas\MSBuild

2008-04-28 17:24 . 2008-04-28 17:24 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-04-28 17:23 . 2008-04-28 17:23 <DIR> d-------- C:\Arquivos de programas\Reference Assemblies

2008-04-28 17:23 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-04-28 17:18 . 2008-04-28 17:18 <DIR> d-------- C:\Arquivos de programas\Sony Setup

2008-04-27 15:18 . 2008-04-27 15:18 268 --ah----- C:\sqmdata05.sqm

2008-04-27 15:18 . 2008-04-27 15:18 244 --ah----- C:\sqmnoopt05.sqm

2008-04-27 15:06 . 2008-04-27 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-04-26 16:40 . 2008-05-18 02:04 <DIR> d-------- C:\Documents and Settings\Lukinha\Dados de aplicativos\uTorrent

2008-04-26 16:40 . 2008-04-26 16:40 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-04-26 16:30 . 2008-04-26 16:30 268 --ah----- C:\sqmdata04.sqm

2008-04-26 16:30 . 2008-04-26 16:30 244 --ah----- C:\sqmnoopt04.sqm

2008-04-25 23:07 . 2008-04-25 23:07 244 --ah----- C:\sqmnoopt03.sqm

2008-04-25 23:07 . 2008-04-25 23:07 232 --ah----- C:\sqmdata03.sqm

2008-04-25 23:06 . 2008-04-25 23:06 244 --ah----- C:\sqmnoopt02.sqm

2008-04-25 23:06 . 2008-04-25 23:06 232 --ah----- C:\sqmdata02.sqm

2008-04-24 17:16 . 2008-04-24 17:16 <DIR> d-------- C:\Documents and Settings\Jefferson\Dados de aplicativos\Ahead

2008-04-24 14:53 . 2008-04-24 14:53 <DIR> d-------- C:\Documents and Settings\Jefferson\Configuraes locais

2008-04-23 00:58 . 2008-04-23 00:58 <DIR> d-------- C:\Arquivos de programas\Xilisoft

2008-04-23 00:58 . 2008-04-23 00:58 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-04-22 19:22 . 2008-05-19 23:57 <DIR> d-------- C:\Documents and Settings\Douglas\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-04-21 10:41 . 2008-04-21 10:41 <DIR> d-------- C:\Arquivos de programas\Google

2008-04-20 22:53 . 2008-05-19 15:45 <DIR> d-------- C:\Documents and Settings\Jefferson\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-04-20 21:34 . 2008-04-20 21:34 <DIR> d-------- C:\Documents and Settings\Lukinha\Dados de aplicativos\Media Player Classic

2008-04-20 21:20 . 2008-05-19 23:59 <DIR> d-------- C:\Documents and Settings\Lukinha\Dados de aplicativos\MegauploadToolbar

2008-04-20 21:20 . 2008-04-20 21:20 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

2008-04-20 19:17 . 2008-04-20 19:17 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-04-20 19:14 . 2008-04-27 21:56 <DIR> d-------- C:\Recnet

2008-04-20 19:14 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

2008-04-20 19:14 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

2008-04-20 19:14 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

2008-04-20 19:14 . 2008-04-20 19:14 127 --a------ C:\WINDOWS\REC-NET.INI

2008-04-20 17:56 . 2008-03-01 10:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-04-20 17:56 . 2007-07-01 00:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-04-20 17:56 . 2007-07-01 00:36 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-04-20 17:56 . 2008-03-01 10:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-04-20 17:56 . 2008-03-01 10:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-04-20 17:56 . 2008-03-01 10:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-04-20 17:56 . 2008-03-01 10:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-04-20 17:56 . 2008-03-01 10:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-04-20 17:56 . 2008-02-22 07:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-18 23:01 --------- d-----w C:\Documents and Settings\Douglas\Dados de aplicativos\Shareaza

2008-04-17 02:11 --------- d-----w C:\Documents and Settings\Jefferson\Dados de aplicativos\Shareaza

2008-04-17 01:48 --------- d-----w C:\Documents and Settings\Lukinha\Dados de aplicativos\Ahead

2008-04-16 23:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-04-16 23:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-04-16 23:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-04-16 23:52 --------- d-----w C:\Arquivos de programas\Macromedia

2008-04-16 23:52 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-04-16 23:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2008-04-16 23:48 --------- d-----w C:\Arquivos de programas\Ahead

2008-04-16 23:46 --------- d-----w C:\Documents and Settings\Lukinha\Dados de aplicativos\HP

2008-04-16 23:46 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-04-16 23:46 --------- d-----w C:\Arquivos de programas\HP

2008-04-16 23:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

2008-04-16 23:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-04-16 23:44 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-04-16 23:40 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-04-16 23:33 --------- d-----w C:\Documents and Settings\Lukinha\Dados de aplicativos\Shareaza

2008-04-16 23:33 --------- d-----w C:\Arquivos de programas\Shareaza

2008-04-16 23:33 --------- d-----w C:\Arquivos de programas\SereneScreen

2008-04-16 23:32 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-04-16 23:31 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-04-16 22:58 --------- d-----w C:\Documents and Settings\Lukinha\Dados de aplicativos\ATI

2008-04-16 22:55 --------- d-----w C:\Arquivos de programas\ATI Technologies

2008-04-16 22:53 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-04-16 22:52 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-04-16 22:51 --------- d-----w C:\Arquivos de programas\C-Media 6501 Sound

2008-04-16 22:48 --------- d-----w C:\Documents and Settings\Lukinha\Dados de aplicativos\InstallShield

2008-04-16 22:41 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-04-16 22:40 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-04-16 22:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:49 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C6501Sound"="c6501.cpl" []

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ ascfix]

astrix.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lukinha^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\Lukinha\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANT]

C:\WINDOWS\winhelp32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

--a------ 2005-08-12 14:43 45056 C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-08-16 08:24 167368 C:\Arquivos de programas\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2008-04-21 10:41 29744 C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 02:41 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]

C:\WINDOWS\system32\kavo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 13:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-03-14 03:43 83608 C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tava]

C:\WINDOWS\system32\tavo.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\MegaCubo\\megacubo.exe"=

"C:\\Arquivos de programas\\MegaCubo\\bin\\minifly.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2007-07-09 22:42]

S3 GoogleDesktopManager-022208-143751;Gerenciador do Google Desktop 5.7.802.22438;"C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-21 10:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bca9150-0c09-11dd-8ca1-001e8c20bd50}]

\Shell\AutoRun\command - F:\v3pif.bat

\Shell\explore\Command - F:\v3pif.bat

\Shell\open\Command - F:\v3pif.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8da62ff2-0c12-11dd-8ca3-001e8c20bd50}]

\Shell\AutoRun\command - H:\0qx0sc6.bat

\Shell\explore\Command - H:\0qx0sc6.bat

\Shell\open\Command - H:\0qx0sc6.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8da62ff3-0c12-11dd-8ca3-001e8c20bd50}]

\Shell\AutoRun\command - 0qx0sc6.bat

\Shell\explore\Command - 0qx0sc6.bat

\Shell\open\Command - 0qx0sc6.bat

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-20 00:04:11

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-05-20 0:05:53

ComboFix-quarantined-files.txt 2008-05-20 03:05:35

Pre-Run: 109,145,653,248 bytes disponíveis

Post-Run: 111,244,369,920 bytes disponíveis

284 --- E O F --- 2008-05-16 09:40:27

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 00:27:22, on 20/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\RunDll32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210652290453

O17 - HKLM\System\CCS\Services\Tcpip\..\{462C8D3D-0A2E-4C0C-B0FF-84748D9FD1B8}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: ascfix - astrix.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×