Ir ao conteúdo
  • Cadastre-se
mascote9

virus, relatorio combofix

Recommended Posts

Socorro, estou no trabalaho e pegei um virus.

Segue relatorio combofix

ComboFix 08-08-28.06 - User 2008-08-29 15:16:07.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1496 [GMT -3:00]

Executando de: C:\Documents and Settings\User\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\User\Dados de aplicativos\inst.exe

C:\Documents and Settings\User\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\G5KPTM4Q\bin.clearspring.com

C:\Documents and Settings\User\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\G5KPTM4Q\bin.clearspring.com\clearspring.sol

C:\Documents and Settings\User\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com

C:\Documents and Settings\User\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol

C:\WINDOWS\recover.reg

C:\Documents and Settings\User\Dados de aplicativos\~tmp.html . . . . falha na exclusão

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))

.

2008-08-28 17:48 . 2008-08-28 17:48 110,084 --a------ C:\WINDOWS\system32\msxml71.dll

2008-08-28 17:47 . 2008-08-28 17:47 73,728 --a------ C:\WINDOWS\system32\Setup_ver1.1336.0.exe

2008-08-28 14:08 . 2008-08-28 14:08 <DIR> d-------- C:\Arquivos de programas\City Interactive

2008-08-28 14:04 . 2008-08-28 14:04 <DIR> d-------- C:\WarS Premium

2008-08-28 10:32 . 2008-08-28 10:36 <DIR> d-------- C:\Documents and Settings\User\Dados de aplicativos\Vso

2008-08-28 10:32 . 2008-08-28 10:32 <DIR> d-------- C:\Arquivos de programas\VSO

2008-08-28 10:32 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll

2008-08-28 10:32 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll

2008-08-28 10:32 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll

2008-08-28 10:32 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll

2008-08-28 10:32 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll

2008-08-28 10:32 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll

2008-08-28 10:32 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll

2008-08-28 10:32 . 2008-08-28 10:32 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

2008-08-28 10:32 . 2008-08-28 10:32 47,360 --a------ C:\Documents and Settings\User\Dados de aplicativos\pcouffin.sys

2008-08-26 01:05 . 2008-08-26 01:05 268 --ah----- C:\sqmdata17.sqm

2008-08-26 01:05 . 2008-08-26 01:05 244 --ah----- C:\sqmnoopt17.sqm

2008-08-24 18:12 . 2008-08-24 18:12 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2008-08-24 17:54 . 2008-08-24 17:54 <DIR> d-------- C:\Team17

2008-08-21 16:28 . 2008-08-21 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2008-08-13 10:17 . 2008-08-13 10:17 <DIR> d-------- C:\Arquivos de programas\LG Electronics

2008-08-13 10:17 . 2005-06-24 18:36 39,036 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys

2008-08-13 10:17 . 2005-05-26 11:01 21,344 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys

2008-08-13 10:15 . 2008-08-13 10:16 <DIR> d-------- C:\Arquivos de programas\LGGSM

2008-08-13 10:15 . 2005-09-05 11:33 81,920 -ra------ C:\WINDOWS\system32\srctrl.dll

2008-08-01 17:36 . 2008-08-08 20:53 <DIR> d-------- C:\Mimaki

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-29 16:18 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\AVG7

2008-08-28 20:49 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\uTorrent

2008-08-24 20:53 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-24 20:38 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\Skype

2008-08-10 19:03 --------- d-----w C:\Arquivos de programas\Warcraft III

2008-08-08 23:14 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\U3

2008-07-26 03:54 --------- d-----w C:\Arquivos de programas\GameVicio

2008-07-26 03:52 2,829 ----a-w C:\WINDOWS\War3Unin.pif

2008-07-26 03:52 126,976 ----a-w C:\WINDOWS\War3Unin.exe

2008-07-22 16:54 --------- d-----w C:\Arquivos de programas\Mimaki

2008-07-15 13:34 --------- d-----w C:\Arquivos de programas\Rockstar Games

2007-10-19 13:33 56 --sh--r C:\WINDOWS\system32\A04E5C3D23.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-21 04:31 7700480]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-21 04:31 86016]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 09:17 579584]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 07:54 16116224 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe]

"nwiz"="nwiz.exe" [2007-05-21 04:31 1622016 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-10-23 09:18 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\Avant Browser\\avant.exe"=

"C:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R2 PAR1284;PAR1284;C:\WINDOWS\system32\drivers\Par1284.sys [2000-10-23 05:43]

R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-10-31 02:50]

S3 mkusb20d;Mimaki USB2.0 Data Port Controller (mkusb20d.sys);C:\WINDOWS\system32\Drivers\mkusb20d.sys [2006-08-03 12:00]

S3 mkusb20s;Mimaki USB2.0 Status Port Controller (mkusb20s.sys);C:\WINDOWS\system32\Drivers\mkusb20s.sys [2006-08-03 12:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{025834ae-9f37-11dc-82e1-001bfc6350f2}]

\Shell\auto\command - F:\Knight.exe open

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open

\Shell\explore\command - F:\Knight.exe open

\Shell\find\command - F:\Knight.exe open

\Shell\install\command - F:\Knight.exe open

\Shell\open\command - F:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b830901-3d2f-11dd-83bc-001bfc6350f2}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4005d55f-b96e-11dc-8300-001bfc6350f2}]

\Shell\Auto\command - F:\MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95a35ff7-f034-11dc-8351-001bfc6350f2}]

\Shell\Auto\command - F:\fun.xls.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a509d544-daf5-11dc-832e-001bfc6350f2}]

\Shell\Auto\command - G:\MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dda509b2-348f-11dd-83b0-001bfc6350f2}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2d9816e-113f-11dd-837c-001bfc6350f2}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe93f020-5a47-11dd-83e9-001bfc6350f2}]

\Shell\AutoRun\command - nqgcd.com

\Shell\explore\Command - nqgcd.com

\Shell\open\Command - nqgcd.com

.

Conte£do da pasta 'Tarefas Agendadas'

2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]

.

- - - - ORFAOS REMOVIDOS - - - -

SharedTaskScheduler-IPC Configuration Utility - (no file)

SharedTaskScheduler-{020487CC-FC04-4B1E-863F-D9801796230B} - C:\DOCUME~1\User\CONFIG~1\Temp\wndutl32.dll

.

------- Ccan Suplementar -------

.

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-29 15:18:09

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\WINDOWS\system32\rundll32.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-08-29 15:21:57 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-29 18:21:42

Pre-Run: 10 pasta(s) 62,129,942,528 bytes disponíveis

Post-Run: 14 pasta(s) 65,812,570,112 bytes dispon¡veis

173 --- E O F --- 2008-08-14 11:18:13

Urgente, aguardo instruções!

Grato!

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×