Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
japindio

Log Apos combofix

Recommended Posts

Olá, eu obtive ajuda aqui, e me pediram para passar o combofix na minha máquina, estava com duvidas se deveria postar o log no meu antigo topico ou fazer um novo, resolvi criar 1 novo topico por via das duvidas :)

Hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 17:06:18, on 19/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.266\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ComMon] C:\WINDOWS\system32\xwjcjibs.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--------------------------------------------------------------------------

Combofix

ComboFix 08-09-12.09 - Administrador 2008-09-19 17:02:22.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1595 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\akl

C:\Arquivos de programas\akl\akl.dll

C:\Arquivos de programas\akl\akl.exe

C:\Arquivos de programas\akl\uninstall.exe

C:\Arquivos de programas\akl\unsetup.exe

C:\Arquivos de programas\Inet Delivery

C:\Arquivos de programas\Inet Delivery\inetdl.exe

C:\Arquivos de programas\Inet Delivery\intdel.exe

C:\WINDOWS\a.bat

C:\WINDOWS\base64.tmp

C:\WINDOWS\bdn.com

C:\WINDOWS\FVProtect.exe

C:\WINDOWS\iTunesMusic.exe

C:\WINDOWS\mslagent

C:\WINDOWS\mslagent\2_mslagent.dll

C:\WINDOWS\mslagent\mslagent.exe

C:\WINDOWS\mslagent\uninstall.exe

C:\WINDOWS\mssecu.exe

C:\WINDOWS\system32\akttzn.exe

C:\WINDOWS\system32\anticipator.dll

C:\WINDOWS\system32\awtoolb.dll

C:\WINDOWS\system32\bdn.com

C:\WINDOWS\system32\bsva-egihsg52.exe

C:\WINDOWS\system32\dpcproxy.exe

C:\WINDOWS\system32\emesx.dll

C:\WINDOWS\system32\h@tkeysh@@k.dll

C:\WINDOWS\system32\hoproxy.dll

C:\WINDOWS\system32\hxiwlgpm.dat

C:\WINDOWS\system32\hxiwlgpm.exe

C:\WINDOWS\system32\medup012.dll

C:\WINDOWS\system32\medup020.dll

C:\WINDOWS\system32\msgp.exe

C:\WINDOWS\system32\msnbho.dll

C:\WINDOWS\system32\mssecu.exe

C:\WINDOWS\system32\msvchost.exe

C:\WINDOWS\system32\mtr2.exe

C:\WINDOWS\system32\mwin32.exe

C:\WINDOWS\system32\netode.exe

C:\WINDOWS\system32\newsd32.exe

C:\WINDOWS\system32\ps1.exe

C:\WINDOWS\system32\psof1.exe

C:\WINDOWS\system32\psoft1.exe

C:\WINDOWS\system32\regc64.dll

C:\WINDOWS\system32\regm64.dll

C:\WINDOWS\system32\Rundl1.exe

C:\WINDOWS\system32\smp

C:\WINDOWS\system32\smp\msrc.exe

C:\WINDOWS\system32\sncntr.exe

C:\WINDOWS\system32\ssurf022.dll

C:\WINDOWS\system32\ssvchost.com

C:\WINDOWS\system32\ssvchost.exe

C:\WINDOWS\system32\sysreq.exe

C:\WINDOWS\system32\taack.dat

C:\WINDOWS\system32\taack.exe

C:\WINDOWS\system32\temp#01.exe

C:\WINDOWS\system32\thun.dll

C:\WINDOWS\system32\thun32.dll

C:\WINDOWS\system32\VBIEWER.OCX

C:\WINDOWS\system32\vbsys2.dll

C:\WINDOWS\system32\vcatchpi.dll

C:\WINDOWS\system32\winlogonpc.exe

C:\WINDOWS\system32\winsystem.exe

C:\WINDOWS\system32\WINWGPX.EXE

C:\WINDOWS\userconfig9x.dll

C:\WINDOWS\winsystem.exe

C:\WINDOWS\zip1.tmp

C:\WINDOWS\zip2.tmp

C:\WINDOWS\zip3.tmp

C:\WINDOWS\zipped.tmp

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-19 to 2008-09-19 ))))))))))))))))))))))))))))))))

.

2008-09-19 16:24 . 2008-04-14 09:00 1,689,088 ---h---t- C:\WINDOWS\system32\1deaa6ad.dll

2008-09-19 16:24 . 2008-04-14 09:00 1,689,088 ---h---t- C:\WINDOWS\system32\198abc84.dll

2008-09-19 16:24 . 2008-04-14 09:00 82,432 ---h---t- C:\WINDOWS\system32\cc91060.dll

2008-09-19 16:24 . 2008-04-14 09:00 82,432 ---h---t- C:\WINDOWS\system32\69e8056.dll

2008-09-19 13:23 . 2008-04-14 09:00 1,689,088 ---h---t- C:\WINDOWS\system32\94d0520.dll

2008-09-19 13:23 . 2008-04-14 09:00 1,689,088 ---h---t- C:\WINDOWS\system32\179de3de.dll

2008-09-19 13:23 . 2008-04-14 09:00 82,432 ---h---t- C:\WINDOWS\system32\fb509c4.dll

2008-09-19 13:23 . 2008-04-14 09:00 82,432 ---h---t- C:\WINDOWS\system32\df899ca.dll

2008-09-19 10:38 . 2008-04-14 09:00 1,689,088 ---h---t- C:\WINDOWS\system32\1e33b1c3.dll

2008-09-19 10:38 . 2008-04-14 09:00 1,689,088 ---h---t- C:\WINDOWS\system32\13e73820.dll

2008-09-19 10:38 . 2008-04-14 09:00 82,432 ---h---t- C:\WINDOWS\system32\604f0f5.dll

2008-09-19 10:38 . 2008-04-14 09:00 82,432 ---h---t- C:\WINDOWS\system32\568b9f.dll

2008-09-19 10:21 . 2008-04-14 09:00 1,689,088 ---h---t- C:\WINDOWS\system32\87000a.dll

2008-09-19 10:21 . 2008-04-14 09:00 1,689,088 ---h---t- C:\WINDOWS\system32\1b3e706c.dll

2008-09-19 10:21 . 2008-04-14 09:00 82,432 ---h---t- C:\WINDOWS\system32\16c156.dll

2008-09-19 10:21 . 2008-04-14 09:00 82,432 ---h---t- C:\WINDOWS\system32\108098c3.dll

2008-09-18 22:47 . 2008-09-18 22:47 <DIR> d-------- C:\!KillBox

2008-09-18 22:40 . 2008-09-18 22:38 92,672 --a------ C:\KillBox.exe

2008-09-18 22:11 . 2008-09-18 22:11 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-09-18 21:59 . 2008-09-18 21:59 31 --a------ C:\WINDOWS\ultimatecd.ini

2008-09-18 21:56 . 2008-09-18 21:58 <DIR> d-------- C:\Arquivos de programas\Okoker CD&DVD Burner

2008-09-18 21:21 . 2008-09-18 21:21 <DIR> d-------- C:\Arquivos de programas\SAV

2008-09-18 21:18 . 2008-09-18 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\wnwpmzoz

2008-09-18 21:18 . 2008-09-18 21:18 90,112 --a------ C:\WINDOWS\system32\xwjcjibs.exe

2008-09-15 07:50 . 2008-09-15 07:50 <DIR> d-------- C:\Arquivos de programas\Foxit Software

2008-09-12 01:17 . 2008-09-12 01:17 <DIR> d-------- C:\Arquivos de programas\HD Tune

2008-09-11 21:56 . 2008-09-11 21:56 <DIR> d-------- C:\Arquivos de programas\Lavalys

2008-09-10 17:21 . 2008-09-10 17:21 <DIR> d-------- C:\Level Up! Games

2008-09-10 16:53 . 2008-09-11 05:16 <DIR> d-------- C:\Arquivos de programas\Valve

2008-09-08 18:28 . 2008-09-09 18:19 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll

2008-09-08 18:28 . 2008-09-09 18:19 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll

2008-09-08 18:28 . 2008-09-09 18:19 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll

2008-09-08 18:27 . 2008-09-08 18:27 <DIR> d-------- C:\Sierra

2008-09-07 21:10 . 2008-09-16 18:42 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2008-09-07 19:55 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-09-07 19:54 . 2008-09-07 19:55 <DIR> d-------- C:\Arquivos de programas\Java

2008-09-07 19:43 . 2008-09-07 19:43 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-09-07 19:28 . 2008-09-07 19:35 <DIR> d-------- C:\Arquivos de programas\LimeWire

2008-09-07 17:04 . 2008-09-18 22:06 <DIR> d--h----- C:\$AVG8.VAULT$

2008-09-06 17:23 . 2008-09-18 08:31 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-09-06 17:23 . 2008-09-06 17:23 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\AVGTOOLBAR

2008-09-06 17:23 . 2008-09-06 17:23 <DIR> d-------- C:\Arquivos de programas\AVG

2008-09-06 17:23 . 2008-09-06 17:23 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-06 17:23 . 2008-09-06 17:23 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-09-06 17:23 . 2008-09-06 17:23 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-09-06 15:23 . 2008-09-06 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-09-04 12:53 . 2004-03-08 15:00 124,688 --a------ C:\WINDOWS\system32\mswinsck.ocx

2008-09-04 12:43 . 2008-09-04 12:43 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys

2008-09-03 11:28 . 2003-07-17 15:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd

2008-09-03 11:28 . 2005-01-01 06:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2008-09-03 11:26 . 2008-09-03 11:26 <DIR> d-------- C:\Program Files

2008-09-03 11:19 . 2008-09-03 11:19 <DIR> d-------- C:\Arquivos de programas\CONEXANT

2008-09-03 11:19 . 2004-09-29 04:33 1,036,928 -ra------ C:\WINDOWS\system32\drivers\HSF_DP.sys

2008-09-03 11:19 . 2004-09-29 04:34 702,592 -ra------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys

2008-09-03 11:19 . 2004-09-29 04:35 219,136 -ra------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys

2008-09-03 11:19 . 2004-09-28 23:19 129,045 -ra------ C:\WINDOWS\system32\drivers\HSFProf.cty

2008-09-03 11:19 . 2004-03-17 01:00 86,016 -ra------ C:\WINDOWS\system32\mdmxsdk.dll

2008-09-03 11:19 . 2004-08-04 04:34 39,018 -ra------ C:\WINDOWS\system32\hsfci011.dll

2008-09-03 11:19 . 2001-08-18 01:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys

2008-09-03 11:19 . 2001-08-18 01:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys

2008-09-03 11:19 . 2004-03-17 01:04 13,059 -ra------ C:\WINDOWS\system32\drivers\mdmxsdk.sys

2008-09-03 11:16 . 2008-09-03 11:16 <DIR> d-------- C:\Arquivos de programas\OnGame

2008-09-02 17:32 . 2007-07-27 06:30 8,704 -ra------ C:\WINDOWS\system32\viahdcpl.cpl

2008-09-02 17:31 . 2006-10-27 05:26 69,632 -ra------ C:\WINDOWS\system32\vuins32.dll

2008-09-02 17:31 . 2007-04-17 00:58 42,496 -ra------ C:\WINDOWS\system32\drivers\fetnd5bv.sys

2008-09-02 17:28 . 2008-09-02 17:28 <DIR> d-------- C:\Arquivos de programas\S3

2008-09-02 17:21 . 2008-09-02 17:21 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2008-09-02 17:21 . 2008-09-02 17:32 <DIR> d-------- C:\Arquivos de programas\VIA

2008-09-02 17:21 . 2008-09-19 16:45 <DIR> d-------- C:\Arquivos de programas\Garena

2008-09-02 17:21 . 2005-11-17 04:46 337,320 --------- C:\WINDOWS\system32\difxapi.dll

2008-09-02 17:20 . 2008-09-02 17:20 <DIR> d-------- C:\Arquivos de programas\OnlineHelpConsole

2008-09-02 17:19 . 2008-09-02 17:19 <DIR> d-------- C:\WINDOWS\system32\Tools

2008-09-02 15:21 . 2005-05-03 07:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe

2008-09-02 14:50 . 2008-09-02 15:21 <DIR> d-------- C:\Arquivos de programas\Realtek

2008-09-02 14:50 . 2008-09-02 17:28 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2008-09-02 14:50 . 2008-09-02 17:20 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-09-02 14:50 . 2007-01-12 05:54 520,192 -r------- C:\WINDOWS\RtlExUpd.dll

2008-09-02 14:50 . 2008-09-02 14:50 315,392 --a------ C:\WINDOWS\HideWin.exe

2008-09-02 14:49 . 2006-12-26 09:31 4,864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys

2008-09-02 11:32 . 2008-09-02 11:32 <DIR> d-------- C:\Arquivos de programas\Windows Live Toolbar

2008-09-02 11:32 . 2008-09-02 11:32 <DIR> d-------- C:\Arquivos de programas\Windows Live Favorites

2008-09-02 11:29 . 2008-09-07 15:22 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts

2008-09-02 11:28 . 2008-09-02 11:28 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-09-02 11:10 . 2008-09-02 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-09-02 11:10 . 2008-09-02 11:28 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-09-02 11:10 . 2008-09-02 11:28 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-09-02 10:41 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-09-02 10:41 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-09-02 10:41 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-09-02 10:41 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-09-02 10:41 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-09-02 10:03 . 2008-09-02 17:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-09-02 10:03 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-09-02 09:18 . 2008-09-02 09:18 1,192 --a------ C:\WINDOWS\mozver.dat

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-11 18:24 --------- d-----w C:\Arquivos de programas\Asprate

2008-09-08 10:08 --------- d-----w C:\Arquivos de programas\Eset

2008-09-02 00:26 --------- d-----w C:\Arquivos de programas\Tibia

2008-09-01 23:12 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Talkback

2008-09-01 23:10 --------- d-----w C:\Arquivos de programas\The KMPlayer

2008-09-01 23:04 --------- d-----w C:\Arquivos de programas\uTorrent

2008-09-01 23:04 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-09-01 23:04 --------- d-----w C:\Arquivos de programas\Foxit PDF Reader

2008-09-01 23:04 --------- d-----w C:\Arquivos de programas\7-Zip

2008-09-01 23:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

.

------- Sigcheck -------

2008-06-20 08:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3gdr\tcpip.sys

2008-06-20 08:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3qfe\tcpip.sys

2008-05-05 05:24 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\system32\drivers\tcpip.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"ComMon"="C:\WINDOWS\system32\xwjcjibs.exe" [2008-09-18 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-09-06 1235736]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"HDAudDeck"="C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-01-21 29753344]

"VTTimer"="VTTimer.exe" [2006-09-21 C:\WINDOWS\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2007-08-13 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Garena\\Garena.exe"=

"C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"C:\\Documents and Settings\\Administrador\\Meus documentos\\Mayu\\Valve\\hl.exe"=

"C:\\Documents and Settings\\Administrador\\Meus documentos\\Mayu\\Valve\\hlds.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-06 97928]

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-09-04 33824]

R2 avg8emc;AVG Free8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-09-06 875288]

R2 avg8wd;AVG Free8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-09-06 231704]

R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-06 76040]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496]

R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-07-11 714240]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\WINDOWS\system32\drivers\viahduaa.sys [2008-01-02 215936]

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

Rasman

Remoteaccess

Schedule

SENS

Sharedaccess

SRService

Tapisrv

Themes

WZCSVC

Wmi

WmdmPmSp

winmgmt

xmlprov

napagent

hkmsvc

BITS

wuauserv

ShellHWDetection

WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e55975be-7d8e-11dd-9f2a-001e90efb7f4}]

\Shell\AutoRun\command - I:\xo8wr9.exe

\Shell\explore\Command - I:\xo8wr9.exe

\Shell\open\Command - I:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e55975bf-7d8e-11dd-9f2a-001e90efb7f4}]

\Shell\AutoRun\command - J:\xo8wr9.exe

\Shell\explore\Command - J:\xo8wr9.exe

\Shell\open\Command - J:\xo8wr9.exe

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

.

- - - - ORFAOS REMOVIDOS - - - -

HKLM-Explorer_Run-sICxryMc5z - C:\Documents and Settings\All Users\Dados de aplicativos\wnwpmzoz\khybmxan.exe

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\j3nvstmd.default\

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-19 17:04:05

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

C:\WINDOWS\TEMP\872362dd-7581-45a3-8ebf-c39e07cbb5c6.tmp

Varredura completada com sucesso

Ficheiros ocultos: 1

**************************************************************************

.

Tempo para conclusão: 2008-09-19 17:05:14

ComboFix-quarantined-files.txt 2008-09-19 20:05:11

Pre-Run: 9 pasta(s) 142,953,488,384 bytes disponíveis

Post-Run: 13 pasta(s) 143,109,025,792 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

330

Obrigado :) o/

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

O seu computador está extremamente infectado :o

Por favor, mantenha este computador desconectado ao máximo da internet até que tenhamos concluido a remoção dos malwares.

Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize correctamente poderá danificar o seu computador. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware.

Conecte sua pendrive ao computador mas não a execute, uma vez que ela se encontra também infectada.

1) Clique em Iniciar -> Meu Computador

Depois em Ferramentas -> Opções de Pasta

Selecione a aba Modo de exibição

Desmarque:

  • Ocultar arquivos protegidos do sistema operacional (recomendado)
Marque:
  • Mostrar arquivos e pastas ocultos

Se surgir uma mensagem de aviso, clique em Sim

Clique em Aplicar e depois em OK

2) Preciso que envie uns arquivos para estudo.Para fazer isso, zip os arquivos e não se esqueça de colocar password: infected(clique aqui e veja como fazer). Estes arquivos:


  • C:\WINDOWS\system32\1deaa6ad.dll
  • C:\WINDOWS\system32\198abc84.dll
  • C:\WINDOWS\system32\cc91060.dll
  • C:\WINDOWS\system32\69e8056.dll
  • C:\WINDOWS\system32\94d0520.dll
  • C:\WINDOWS\system32\179de3de.dll
  • C:\WINDOWS\system32\fb509c4.dll
  • C:\WINDOWS\system32\df899ca.dll
  • C:\WINDOWS\system32\1e33b1c3.dll
  • C:\WINDOWS\system32\13e73820.dll
  • C:\WINDOWS\system32\604f0f5.dll
  • C:\WINDOWS\system32\568b9f.dll
  • C:\WINDOWS\system32\87000a.dll
  • C:\WINDOWS\system32\1b3e706c.dll
  • C:\WINDOWS\system32\16c156.dll
  • C:\WINDOWS\system32\108098c3.dll
  • C:\WINDOWS\system32\xwjcjibs.exe

Depois envie o arquivo zip para:

http://www.bleepingcomputer.com/submit-malware.php?channel=4

  • Na caixa "Link to topic where this file was requested:", copie e cole o link deste topico:
    http://forum.clubedohardware.com.br/log-apos-combofix/581236

[*]Na caixa "Browse to the file you want to submit:", coloque:

  • coloque o arquivo zip que fez com os arquivos acima
Clique no botão Browse...
Na caixa " Leave any comments, further information about this file, or contact information: ", coloque:
  • Lusitano request

[*]Clique no botão Send File

3) Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

4) Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

File::
C:\WINDOWS\system32\1deaa6ad.dll
C:\WINDOWS\system32\198abc84.dll
C:\WINDOWS\system32\cc91060.dll
C:\WINDOWS\system32\69e8056.dll
C:\WINDOWS\system32\94d0520.dll
C:\WINDOWS\system32\179de3de.dll
C:\WINDOWS\system32\fb509c4.dll
C:\WINDOWS\system32\df899ca.dll
C:\WINDOWS\system32\1e33b1c3.dll
C:\WINDOWS\system32\13e73820.dll
C:\WINDOWS\system32\604f0f5.dll
C:\WINDOWS\system32\568b9f.dll
C:\WINDOWS\system32\87000a.dll
C:\WINDOWS\system32\1b3e706c.dll
C:\WINDOWS\system32\16c156.dll
C:\WINDOWS\system32\108098c3.dll
C:\WINDOWS\system32\xwjcjibs.exe
I:\xo8wr9.exe
Folder::
C:\Documents and Settings\All Users\Dados de aplicativos\wnwpmzoz
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComMon"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e55975be-7d8e-11dd-9f2a-001e90efb7f4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e55975bf-7d8e-11dd-9f2a-001e90efb7f4}]

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Cole esse esse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, na sua próxima resposta, informe-me se você fez alguma alteração no registro a chave:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Ou se você deletou, modificou ou fez qualquer outra coisa aos seguintes serviços de NetSvcs:

ERSvc

Messenger

Seclogon

TrkWks

W32Time

wscsvc

helpsvc

Informe-me sobre isso na sua próxima resposta.

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Me foi requisitado o envio desses arquivos:

# C:\WINDOWS\system32\1deaa6ad.dll

# C:\WINDOWS\system32\198abc84.dll

# C:\WINDOWS\system32\cc91060.dll

# C:\WINDOWS\system32\69e8056.dll

# C:\WINDOWS\system32\94d0520.dll

# C:\WINDOWS\system32\179de3de.dll

# C:\WINDOWS\system32\fb509c4.dll

# C:\WINDOWS\system32\df899ca.dll

# C:\WINDOWS\system32\1e33b1c3.dll

# C:\WINDOWS\system32\13e73820.dll

# C:\WINDOWS\system32\604f0f5.dll

# C:\WINDOWS\system32\568b9f.dll

# C:\WINDOWS\system32\87000a.dll

# C:\WINDOWS\system32\1b3e706c.dll

# C:\WINDOWS\system32\16c156.dll

# C:\WINDOWS\system32\108098c3.dll

# C:\WINDOWS\system32\xwjcjibs.exe

Porém mesmo após marcar a opção mostrar arquivos ocultos na pasta meu computador, nenhum desses arquivos acima foram encontrados, vasculhei na pasta system32 manualmente e pelo "pesquisar" do windows e mesmo assim não encontrei nenhum desses.

Também me foi perguntado se eu fiz alguma alteração no registro

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Que eu não me lembro de nem ter visto nunca na vida :)

Ou se eu modifiquei algum desses serviços netsvcs:

ERSvc

Messenger

Seclogon

TrkWks

W32Time

wscsvc

helpsvc

Que também não midifiquei nada.

O que fazer?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Precisamos reparar isso:

Faça o download deste arquivo:

http://download.bleepingcomputer.com/sUBs/Beta/XPSP2_netsvcs.zip

Retire do zip.

Ficará com um icone como este: reg.JPG

Duplo clique nesse arquivo. Quando surgir a pergunta, clique em Sim.

Reinicie o seu pc. Depois execute o ComboFix conforme as instruções que lhe passe anteriormente no meu post anterior.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Executei o combofix conforme foi aconselhado anteriormente e aqui segue o log do combofix e hijackthis:

Combofix

ComboFix 08-09-20.05 - Administrador 2008-09-21 13:00:25.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1656 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\CfScript.txt

* Criado um novo ponto de restauro

FILE ::

C:\WINDOWS\system32\108098c3.dll

C:\WINDOWS\system32\13e73820.dll

C:\WINDOWS\system32\16c156.dll

C:\WINDOWS\system32\179de3de.dll

C:\WINDOWS\system32\198abc84.dll

C:\WINDOWS\system32\1b3e706c.dll

C:\WINDOWS\system32\1deaa6ad.dll

C:\WINDOWS\system32\1e33b1c3.dll

C:\WINDOWS\system32\568b9f.dll

C:\WINDOWS\system32\604f0f5.dll

C:\WINDOWS\system32\69e8056.dll

C:\WINDOWS\system32\87000a.dll

C:\WINDOWS\system32\94d0520.dll

C:\WINDOWS\system32\cc91060.dll

C:\WINDOWS\system32\df899ca.dll

C:\WINDOWS\system32\fb509c4.dll

C:\WINDOWS\system32\xwjcjibs.exe

I:\xo8wr9.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Dados de aplicativos\wnwpmzoz

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-21 to 2008-09-21 ))))))))))))))))))))))))))))))))

.

2008-09-18 22:47 . 2008-09-18 22:47 <DIR> d-------- C:\!KillBox

2008-09-18 22:40 . 2008-09-18 22:38 92,672 --a------ C:\KillBox.exe

2008-09-18 22:11 . 2008-09-18 22:11 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-09-18 21:59 . 2008-09-18 21:59 31 --a------ C:\WINDOWS\ultimatecd.ini

2008-09-18 21:56 . 2008-09-18 21:58 <DIR> d-------- C:\Arquivos de programas\Okoker CD&DVD Burner

2008-09-18 21:21 . 2008-09-18 21:21 <DIR> d-------- C:\Arquivos de programas\SAV

2008-09-15 07:50 . 2008-09-15 07:50 <DIR> d-------- C:\Arquivos de programas\Foxit Software

2008-09-12 01:17 . 2008-09-12 01:17 <DIR> d-------- C:\Arquivos de programas\HD Tune

2008-09-11 21:56 . 2008-09-11 21:56 <DIR> d-------- C:\Arquivos de programas\Lavalys

2008-09-10 17:21 . 2008-09-10 17:21 <DIR> d-------- C:\Level Up! Games

2008-09-10 16:53 . 2008-09-11 05:16 <DIR> d-------- C:\Arquivos de programas\Valve

2008-09-08 18:28 . 2008-09-09 18:19 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll

2008-09-08 18:28 . 2008-09-09 18:19 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll

2008-09-08 18:28 . 2008-09-09 18:19 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll

2008-09-08 18:27 . 2008-09-08 18:27 <DIR> d-------- C:\Sierra

2008-09-07 21:10 . 2008-09-20 13:01 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2008-09-07 19:55 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-09-07 19:54 . 2008-09-07 19:55 <DIR> d-------- C:\Arquivos de programas\Java

2008-09-07 19:43 . 2008-09-07 19:43 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-09-07 19:28 . 2008-09-07 19:35 <DIR> d-------- C:\Arquivos de programas\LimeWire

2008-09-07 17:04 . 2008-09-18 22:06 <DIR> d--h----- C:\$AVG8.VAULT$

2008-09-06 17:23 . 2008-09-21 08:52 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-09-06 17:23 . 2008-09-06 17:23 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\AVGTOOLBAR

2008-09-06 17:23 . 2008-09-06 17:23 <DIR> d-------- C:\Arquivos de programas\AVG

2008-09-06 17:23 . 2008-09-06 17:23 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-06 17:23 . 2008-09-06 17:23 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-09-06 17:23 . 2008-09-06 17:23 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-09-06 15:23 . 2008-09-06 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-09-04 12:53 . 2004-03-08 15:00 124,688 --a------ C:\WINDOWS\system32\mswinsck.ocx

2008-09-04 12:43 . 2008-09-04 12:43 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys

2008-09-03 11:28 . 2003-07-17 15:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd

2008-09-03 11:28 . 2005-01-01 06:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2008-09-03 11:26 . 2008-09-03 11:26 <DIR> d-------- C:\Program Files

2008-09-03 11:19 . 2008-09-03 11:19 <DIR> d-------- C:\Arquivos de programas\CONEXANT

2008-09-03 11:19 . 2004-09-29 04:33 1,036,928 -ra------ C:\WINDOWS\system32\drivers\HSF_DP.sys

2008-09-03 11:19 . 2004-09-29 04:34 702,592 -ra------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys

2008-09-03 11:19 . 2004-09-29 04:35 219,136 -ra------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys

2008-09-03 11:19 . 2004-09-28 23:19 129,045 -ra------ C:\WINDOWS\system32\drivers\HSFProf.cty

2008-09-03 11:19 . 2004-03-17 01:00 86,016 -ra------ C:\WINDOWS\system32\mdmxsdk.dll

2008-09-03 11:19 . 2004-08-04 04:34 39,018 -ra------ C:\WINDOWS\system32\hsfci011.dll

2008-09-03 11:19 . 2001-08-18 01:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys

2008-09-03 11:19 . 2001-08-18 01:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys

2008-09-03 11:19 . 2004-03-17 01:04 13,059 -ra------ C:\WINDOWS\system32\drivers\mdmxsdk.sys

2008-09-03 11:16 . 2008-09-03 11:16 <DIR> d-------- C:\Arquivos de programas\OnGame

2008-09-02 17:32 . 2007-07-27 06:30 8,704 -ra------ C:\WINDOWS\system32\viahdcpl.cpl

2008-09-02 17:31 . 2006-10-27 05:26 69,632 -ra------ C:\WINDOWS\system32\vuins32.dll

2008-09-02 17:31 . 2007-04-17 00:58 42,496 -ra------ C:\WINDOWS\system32\drivers\fetnd5bv.sys

2008-09-02 17:28 . 2008-09-02 17:28 <DIR> d-------- C:\Arquivos de programas\S3

2008-09-02 17:21 . 2008-09-02 17:21 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2008-09-02 17:21 . 2008-09-02 17:32 <DIR> d-------- C:\Arquivos de programas\VIA

2008-09-02 17:21 . 2008-09-21 08:51 <DIR> d-------- C:\Arquivos de programas\Garena

2008-09-02 17:21 . 2005-11-17 04:46 337,320 --------- C:\WINDOWS\system32\difxapi.dll

2008-09-02 17:20 . 2008-09-02 17:20 <DIR> d-------- C:\Arquivos de programas\OnlineHelpConsole

2008-09-02 17:19 . 2008-09-02 17:19 <DIR> d-------- C:\WINDOWS\system32\Tools

2008-09-02 15:21 . 2005-05-03 07:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe

2008-09-02 14:50 . 2008-09-02 15:21 <DIR> d-------- C:\Arquivos de programas\Realtek

2008-09-02 14:50 . 2008-09-02 17:28 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2008-09-02 14:50 . 2008-09-02 17:20 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-09-02 14:50 . 2007-01-12 05:54 520,192 -r------- C:\WINDOWS\RtlExUpd.dll

2008-09-02 14:50 . 2008-09-02 14:50 315,392 --a------ C:\WINDOWS\HideWin.exe

2008-09-02 14:49 . 2006-12-26 09:31 4,864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys

2008-09-02 11:32 . 2008-09-02 11:32 <DIR> d-------- C:\Arquivos de programas\Windows Live Toolbar

2008-09-02 11:32 . 2008-09-02 11:32 <DIR> d-------- C:\Arquivos de programas\Windows Live Favorites

2008-09-02 11:29 . 2008-09-07 15:22 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts

2008-09-02 11:28 . 2008-09-02 11:28 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-09-02 11:10 . 2008-09-02 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-09-02 11:10 . 2008-09-02 11:28 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-09-02 11:10 . 2008-09-02 11:28 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-09-02 10:41 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-09-02 10:41 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-09-02 10:41 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-09-02 10:41 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-09-02 10:41 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-09-02 10:03 . 2008-09-02 17:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-09-02 10:03 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-09-02 09:18 . 2008-09-02 09:18 1,192 --a------ C:\WINDOWS\mozver.dat

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-11 18:24 --------- d-----w C:\Arquivos de programas\Asprate

2008-09-08 10:08 --------- d-----w C:\Arquivos de programas\Eset

2008-09-02 00:26 --------- d-----w C:\Arquivos de programas\Tibia

2008-09-01 23:12 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Talkback

2008-09-01 23:10 --------- d-----w C:\Arquivos de programas\The KMPlayer

2008-09-01 23:04 --------- d-----w C:\Arquivos de programas\uTorrent

2008-09-01 23:04 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-09-01 23:04 --------- d-----w C:\Arquivos de programas\Foxit PDF Reader

2008-09-01 23:04 --------- d-----w C:\Arquivos de programas\7-Zip

2008-09-01 23:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

.

------- Sigcheck -------

2008-06-20 08:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3gdr\tcpip.sys

2008-06-20 08:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3qfe\tcpip.sys

2008-05-05 05:24 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\system32\drivers\tcpip.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-09-06 1235736]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"HDAudDeck"="C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-01-21 29753344]

"VTTimer"="VTTimer.exe" [2006-09-21 C:\WINDOWS\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2007-08-13 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Garena\\Garena.exe"=

"C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"C:\\Documents and Settings\\Administrador\\Meus documentos\\Mayu\\Valve\\hl.exe"=

"C:\\Documents and Settings\\Administrador\\Meus documentos\\Mayu\\Valve\\hlds.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-06 97928]

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-09-04 33824]

R2 avg8emc;AVG Free8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-09-06 875288]

R2 avg8wd;AVG Free8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-09-06 231704]

R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-06 76040]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496]

R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-07-11 714240]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\WINDOWS\system32\drivers\viahduaa.sys [2008-01-02 215936]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-21 13:02:00

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-09-21 13:03:06

ComboFix-quarantined-files.txt 2008-09-21 16:03:02

ComboFix2.txt 2008-09-19 20:05:15

Pre-Run: 10 pasta(s) 142.957.441.024 bytes disponíveis

Post-Run: 13 pasta(s) 142,979,366,912 bytes disponíveis

197

--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 13:04:18, on 21/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.516\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu log está limpo

  • Clique em Iniciar depois em Executar
  • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

CF_Cleanup.png

Faça o download de OTMoveIt2 by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique em OTMoveIt.exe
  • Clique no botão 8gehxg0.gif
  • o OTMoveIt irá agora fazer o download duma lista, caso a sua firewall ou outro programa defensivo o alerte disso, permita o acesso.
  • Receberá a pergunta para o processo de limpeza ser iniciado, clique Yes
  • Quando terminar, saia do OTMoveIt
  • Agora elimine o OTMoveIt.exe
  • Elmine também a pasta C:\_OTMoveIt

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Utilize um navegador alternativo e mais seguro:
    firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • IE/Spyad <=
    IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×