Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Maskote2008

Remoção de virus

Recommended Posts

Ai galera ! To com um virus aqui muito chato !!

Acho que chama kavo.

queria q me ajudassem a elimina-lo.

Vou postar aqui o log do hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 20:52:02, on 24/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Oi Internet\discaoi.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Raphael\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7442E38C-08F8-411B-9905-740CF0D78767}: NameServer = 200.202.193.75 200.222.0.34

O17 - HKLM\System\CS1\Services\Tcpip\..\{7442E38C-08F8-411B-9905-740CF0D78767}: NameServer = 200.202.193.75 200.222.0.34

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

Obrigado !

Compartilhar este post


Link para o post
Compartilhar em outros sites

Duplicar post não lhe ajuda em nada, apenas nos faz perder tempo, tenha paciencia.

Poste um novo log do Hijackthis por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 20:52:02, on 24/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Oi Internet\discaoi.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Raphael\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7442E38C-08F8-411B-9905-740CF0D78767}: NameServer = 200.202.193.75 200.222.0.34

O17 - HKLM\System\CS1\Services\Tcpip\..\{7442E38C-08F8-411B-9905-740CF0D78767}: NameServer = 200.202.193.75 200.222.0.34

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Siga as instruções contidas no link abaixo e instale e execute o Combofix:

http://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

  • É importante que instale o Console de Recuperação também.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt).
  • Cole o conteúdo desse arquivo e faça também um novo log do HijackThis para colocar na sua resposta.

Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver rodando, isso pode fazer com que o computador pare.

Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize corretamente poderá danificar o seu sistema. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware devidamente treinados.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-09-22.06 - Raphael 2008-09-27 12:45:48.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.229 [GMT -3:00]

Executando de: C:\Documents and Settings\Raphael\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

C:\WINDOWS\system32\ckvo.exe

C:\WINDOWS\system32\ckvo0.dll

C:\WINDOWS\system32\ckvo1.dll

C:\wjlfhtfm.cmd

D:\Autorun.inf

D:\wjlfhtfm.cmd

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-27 to 2008-09-27 ))))))))))))))))))))))))))))))))

.

2008-09-27 12:05 . 2008-09-27 12:05 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-09-25 22:22 . 2008-09-25 23:05 <DIR> d-------- C:\TurboPascal

2008-09-18 11:03 . 2008-09-18 11:03 <DIR> d-------- C:\Documents and Settings\Raphael\flexdock

2008-09-18 11:03 . 2008-09-18 11:03 <DIR> d-------- C:\Documents and Settings\Raphael\Dados de aplicativos\Scilab

2008-09-18 11:01 . 2008-09-18 11:03 <DIR> d-------- C:\Arquivos de programas\scilab-5.0

2008-09-17 11:15 . 2008-09-17 11:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-09-16 22:33 . 2008-09-16 22:34 <DIR> d-------- C:\Arquivos de programas\JUDE-Community

2008-09-16 11:04 . 2008-09-16 22:33 <DIR> d-------- C:\Documents and Settings\Raphael\.jude

2008-09-16 11:03 . 2007-03-14 02:04 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-09-16 11:01 . 2008-09-16 11:03 <DIR> d-------- C:\Arquivos de programas\Java

2008-09-16 11:01 . 2008-09-16 11:01 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-09-12 00:27 . 2008-09-12 00:27 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-09-11 20:34 . 2008-05-09 07:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll

2008-09-11 20:34 . 2008-05-09 07:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll

2008-09-11 20:34 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-09-11 20:34 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-09-11 20:34 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-09-11 20:34 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-09-11 20:34 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

2008-09-11 19:27 . 2008-09-11 19:29 49 --a------ C:\WINDOWS\NeroDigital.ini

2008-09-11 19:25 . 2008-09-11 19:25 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-09-11 19:25 . 2007-09-28 17:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-09-11 19:25 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-09-11 19:25 . 2007-07-29 16:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-09-11 19:25 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-09-11 11:39 . 2008-09-11 11:39 <DIR> d-------- C:\WINDOWS\system32\bits

2008-09-11 11:38 . 2008-04-13 19:20 218,112 --a--c--- C:\WINDOWS\system32\dllcache\c_g18030.dll

2008-09-11 11:38 . 2008-04-13 19:20 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll

2008-09-11 11:38 . 2007-04-02 11:26 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0412.dll

2008-09-11 11:38 . 2008-04-13 19:18 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll

2008-09-11 11:38 . 2008-04-13 19:18 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll

2008-09-11 11:38 . 2008-04-13 19:18 7,168 --a--c--- C:\WINDOWS\system32\dllcache\kbdibm02.dll

2008-09-11 11:38 . 2008-04-13 19:18 7,168 --a--c--- C:\WINDOWS\system32\dllcache\f3ahvoas.dll

2008-09-11 11:38 . 2008-04-13 19:18 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll

2008-09-11 11:38 . 2008-04-13 19:18 6,656 --a--c--- C:\WINDOWS\system32\dllcache\kbdlk41a.dll

2008-09-11 11:38 . 2008-04-13 19:18 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll

2008-09-11 11:38 . 2008-04-13 19:18 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbdlk41j.dll

2008-09-11 11:37 . 2008-09-11 11:40 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-09-11 11:37 . 2008-04-13 19:18 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll

2008-09-11 11:37 . 2008-04-13 19:18 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbdax2.dll

2008-09-11 11:35 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002648_.tmp

2008-09-10 09:53 . 2008-09-10 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-09-10 09:53 . 2008-09-10 09:53 <DIR> d-------- C:\Arquivos de programas\Nero

2008-09-10 09:53 . 2008-09-10 09:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-09-09 18:39 . 2008-09-09 18:39 <DIR> d-------- C:\Documents and Settings\Raphael\Dados de aplicativos\Simple Star

2008-09-09 18:39 . 2008-09-10 09:57 <DIR> d-------- C:\Documents and Settings\Raphael\Dados de aplicativos\Nero

2008-09-03 12:29 . 2008-09-03 12:29 244 --ah----- C:\sqmnoopt00.sqm

2008-09-03 12:29 . 2008-09-03 12:29 232 --ah----- C:\sqmdata00.sqm

2008-08-30 12:48 . 2008-08-30 12:52 <DIR> d-------- C:\Documents and Settings\Raphael\Dados de aplicativos\Winamp

2008-08-30 12:48 . 2008-08-30 12:48 <DIR> d-------- C:\Arquivos de programas\Winamp

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-27 15:44 --------- d-----w C:\Arquivos de programas\Oi Internet

2008-08-25 23:28 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-08-25 11:34 --------- d-----w C:\Documents and Settings\Raphael\Dados de aplicativos\TerraDiscador

2008-08-19 22:41 --------- d-----w C:\Arquivos de programas\Windows Live

2008-08-19 22:40 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-08-19 21:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-16 03:02 --------- d-----w C:\Documents and Settings\Raphael\Dados de aplicativos\Apple Computer

2008-08-16 00:47 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-08-16 00:47 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-08-16 00:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-08-16 00:27 --------- d-----w C:\Arquivos de programas\QuickTime

2008-08-15 23:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-15 01:46 --------- d-----w C:\Documents and Settings\Raphael\Dados de aplicativos\Shareaza

2008-08-15 01:46 --------- d-----w C:\Arquivos de programas\Shareaza

2008-08-13 01:13 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-08-13 00:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-13 00:35 --------- d-----w C:\Arquivos de programas\Analog Devices

2008-08-12 15:24 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-08-12 14:26 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-12 14:24 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-12 14:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll

.

((((((((((((((((((((((((((((( snapshot@2008-09-23_19.08.39.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2001-07-14 20:32:24 69,632 ----a-w C:\WINDOWS\setup.pss\setupupd\temp\wsdueng.dll

+ 2008-09-27 14:32:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3d0.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2008-05-27 413696]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"= "C:\WINDOWS\system32\Bitkv0.dll" [2008-04-13 69632]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--a------ 2007-08-04 10:29 1056552 C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

--a------ 2007-08-04 10:30 2043688 C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-08-03 20:02 36352 C:\Arquivos de programas\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"C:\\Arquivos de programas\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Alwil Software\\Avast4\\ashAvast.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-09-05 86016]

R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 112574]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Raphael\Dados de aplicativos\Mozilla\Firefox\Profiles\0q241vlq.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.terra.com.br

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-27 12:46:46

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-09-27 12:47:21

ComboFix-quarantined-files.txt 2008-09-27 15:47:18

ComboFix2.txt 2008-09-27 14:21:43

Pre-Run: 6 pasta(s) 12.517.031.936 bytes disponíveis

Post-Run: 9 pasta(s) 12,506,324,992 bytes disponíveis

177 --- E O F --- 2008-09-12 03:27:29

Nao instalei o console de recuperaçao porque o meu windows xp é SP3 e la so tinha o console de SP2 pra baixo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 12:58:54, on 27/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Oi Internet\discaoi.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Raphael\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7442E38C-08F8-411B-9905-740CF0D78767}: NameServer = 200.202.193.75 200.222.0.34

O17 - HKLM\System\CS1\Services\Tcpip\..\{7442E38C-08F8-411B-9905-740CF0D78767}: NameServer = 200.202.193.75 200.222.0.34

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

Por que o Console de Recuperação não foi instalado como foi pedido?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ja escrevi ali em cima, foi porque no site pra instalar o console so vi versões ate o SP2 e o meu xp é SP3 !!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Ja escrevi ali em cima, foi porque no site pra instalar o console so vi versões ate o SP2 e o meu xp é SP3 !!

Perdão, não reparei.

Pode usar o do SP2, é equivalente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do ComboFix agora com o console de recuperaçao :

ComboFix 08-09-22.06 - Raphael 2008-09-29 18:42:35.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.262 [GMT -3:00]

Executando de: C:\Documents and Settings\Raphael\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Raphael\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

C:\WINDOWS\system32\ckvo0.dll

C:\wjlfhtfm.cmd

D:\Autorun.inf

D:\wjlfhtfm.cmd

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-28 to 2008-09-29 ))))))))))))))))))))))))))))))))

.

2008-09-27 13:06 . 2008-09-27 13:06 <DIR> d-------- C:\WINDOWS\Sun

2008-09-27 12:05 . 2008-09-27 12:05 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-09-25 22:22 . 2008-09-25 23:05 <DIR> d-------- C:\TurboPascal

2008-09-18 11:03 . 2008-09-18 11:03 <DIR> d-------- C:\Documents and Settings\Raphael\flexdock

2008-09-18 11:03 . 2008-09-18 11:03 <DIR> d-------- C:\Documents and Settings\Raphael\Dados de aplicativos\Scilab

2008-09-18 11:01 . 2008-09-18 11:03 <DIR> d-------- C:\Arquivos de programas\scilab-5.0

2008-09-17 11:15 . 2008-09-17 11:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-09-16 22:33 . 2008-09-16 22:34 <DIR> d-------- C:\Arquivos de programas\JUDE-Community

2008-09-16 11:04 . 2008-09-16 22:33 <DIR> d-------- C:\Documents and Settings\Raphael\.jude

2008-09-16 11:03 . 2007-03-14 02:04 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-09-16 11:01 . 2008-09-16 11:03 <DIR> d-------- C:\Arquivos de programas\Java

2008-09-16 11:01 . 2008-09-16 11:01 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-09-12 00:27 . 2008-09-12 00:27 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-09-11 20:34 . 2008-05-09 07:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll

2008-09-11 20:34 . 2008-05-09 07:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll

2008-09-11 20:34 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-09-11 20:34 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-09-11 20:34 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-09-11 20:34 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-09-11 20:34 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

2008-09-11 19:27 . 2008-09-11 19:29 49 --a------ C:\WINDOWS\NeroDigital.ini

2008-09-11 19:25 . 2008-09-11 19:25 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-09-11 19:25 . 2007-09-28 17:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-09-11 19:25 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-09-11 19:25 . 2007-07-29 16:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-09-11 19:25 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-09-11 11:39 . 2008-09-11 11:39 <DIR> d-------- C:\WINDOWS\system32\bits

2008-09-11 11:38 . 2008-04-13 19:20 218,112 --a--c--- C:\WINDOWS\system32\dllcache\c_g18030.dll

2008-09-11 11:38 . 2008-04-13 19:20 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll

2008-09-11 11:38 . 2007-04-02 11:26 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0412.dll

2008-09-11 11:38 . 2008-04-13 19:18 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll

2008-09-11 11:38 . 2008-04-13 19:18 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll

2008-09-11 11:38 . 2008-04-13 19:18 7,168 --a--c--- C:\WINDOWS\system32\dllcache\kbdibm02.dll

2008-09-11 11:38 . 2008-04-13 19:18 7,168 --a--c--- C:\WINDOWS\system32\dllcache\f3ahvoas.dll

2008-09-11 11:38 . 2008-04-13 19:18 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll

2008-09-11 11:38 . 2008-04-13 19:18 6,656 --a--c--- C:\WINDOWS\system32\dllcache\kbdlk41a.dll

2008-09-11 11:38 . 2008-04-13 19:18 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll

2008-09-11 11:38 . 2008-04-13 19:18 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbdlk41j.dll

2008-09-11 11:37 . 2008-09-11 11:40 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-09-11 11:37 . 2008-04-13 19:18 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll

2008-09-11 11:37 . 2008-04-13 19:18 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbdax2.dll

2008-09-11 11:35 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002648_.tmp

2008-09-10 09:53 . 2008-09-10 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-09-10 09:53 . 2008-09-10 09:53 <DIR> d-------- C:\Arquivos de programas\Nero

2008-09-10 09:53 . 2008-09-10 09:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-09-09 18:39 . 2008-09-09 18:39 <DIR> d-------- C:\Documents and Settings\Raphael\Dados de aplicativos\Simple Star

2008-09-09 18:39 . 2008-09-10 09:57 <DIR> d-------- C:\Documents and Settings\Raphael\Dados de aplicativos\Nero

2008-09-03 12:29 . 2008-09-03 12:29 244 --ah----- C:\sqmnoopt00.sqm

2008-09-03 12:29 . 2008-09-03 12:29 232 --ah----- C:\sqmdata00.sqm

2008-08-30 12:48 . 2008-08-30 12:52 <DIR> d-------- C:\Documents and Settings\Raphael\Dados de aplicativos\Winamp

2008-08-30 12:48 . 2008-08-30 12:48 <DIR> d-------- C:\Arquivos de programas\Winamp

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-29 21:30 --------- d-----w C:\Arquivos de programas\Oi Internet

2008-08-25 23:28 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-08-25 11:34 --------- d-----w C:\Documents and Settings\Raphael\Dados de aplicativos\TerraDiscador

2008-08-19 22:41 --------- d-----w C:\Arquivos de programas\Windows Live

2008-08-19 22:40 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-08-19 21:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-16 03:02 --------- d-----w C:\Documents and Settings\Raphael\Dados de aplicativos\Apple Computer

2008-08-16 00:47 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-08-16 00:47 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-08-16 00:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-08-16 00:27 --------- d-----w C:\Arquivos de programas\QuickTime

2008-08-15 23:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-15 01:46 --------- d-----w C:\Documents and Settings\Raphael\Dados de aplicativos\Shareaza

2008-08-15 01:46 --------- d-----w C:\Arquivos de programas\Shareaza

2008-08-13 01:13 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-08-13 00:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-13 00:35 --------- d-----w C:\Arquivos de programas\Analog Devices

2008-08-12 15:24 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-08-12 14:26 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-12 14:24 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-12 14:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll

.

((((((((((((((((((((((((((((( snapshot@2008-09-23_19.08.39.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2001-07-14 20:32:24 69,632 ----a-w C:\WINDOWS\setup.pss\setupupd\temp\wsdueng.dll

+ 2008-09-29 21:38:26 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3d4.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2008-05-27 413696]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"= "C:\WINDOWS\system32\Bitkv0.dll" [2008-04-13 69632]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--a------ 2007-08-04 10:29 1056552 C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

--a------ 2007-08-04 10:30 2043688 C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-08-03 20:02 36352 C:\Arquivos de programas\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"C:\\Arquivos de programas\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Alwil Software\\Avast4\\ashAvast.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-09-05 86016]

R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 112574]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Raphael\Dados de aplicativos\Mozilla\Firefox\Profiles\0q241vlq.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.terra.com.br

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-29 18:43:44

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-09-29 18:44:20

ComboFix-quarantined-files.txt 2008-09-29 21:44:18

ComboFix2.txt 2008-09-27 15:47:22

ComboFix3.txt 2008-09-27 14:21:43

Pre-Run: 6 pasta(s) 12.421.742.592 bytes disponíveis

Post-Run: 10 pasta(s) 12,432,379,904 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

185 --- E O F --- 2008-09-12 03:27:29

Log do hijackThis

Logfile of HijackThis v1.99.1

Scan saved at 18:48:01, on 29/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Oi Internet\discaoi.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Raphael\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7442E38C-08F8-411B-9905-740CF0D78767}: NameServer = 200.202.193.75 200.222.0.34

O17 - HKLM\System\CS1\Services\Tcpip\..\{7442E38C-08F8-411B-9905-740CF0D78767}: NameServer = 200.202.193.75 200.222.0.34

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

File::

C:\WINDOWS\system32\Bitkv0.dll

Registry::


[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"=-

Firefox::

FireFox -: Profile - C:\Documents and Settings\Raphael\Dados de aplicativos\Mozilla\Firefox\Profiles\0q241vlq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.terra.com.br
FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-09-28.05 - Raphael 2008-09-30 9:59:40.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.250 [GMT -3:00]

Executando de: C:\Documents and Settings\Raphael\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Raphael\Desktop\CFScript.txt

* Criado um novo ponto de restauro

FILE ::

C:\WINDOWS\system32\Bitkv0.dll

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

C:\otyh.cmd

C:\WINDOWS\system32\Bitkv0.dll

C:\WINDOWS\system32\ckvo.exe

C:\WINDOWS\system32\ckvo0.dll

C:\WINDOWS\system32\ckvo1.dll

D:\Autorun.inf

D:\otyh.cmd

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-28 to 2008-09-30 ))))))))))))))))))))))))))))))))

.

2008-09-29 19:49 . 2008-09-29 19:49 100,108 -r-hs---- C:\nfdmg.com

2008-09-27 13:06 . 2008-09-27 13:06 <DIR> d-------- C:\WINDOWS\Sun

2008-09-27 12:05 . 2008-09-27 12:05 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-09-25 22:22 . 2008-09-25 23:05 <DIR> d-------- C:\TurboPascal

2008-09-18 11:03 . 2008-09-18 11:03 <DIR> d-------- C:\Documents and Settings\Raphael\flexdock

2008-09-18 11:03 . 2008-09-18 11:03 <DIR> d-------- C:\Documents and Settings\Raphael\Dados de aplicativos\Scilab

2008-09-18 11:01 . 2008-09-18 11:03 <DIR> d-------- C:\Arquivos de programas\scilab-5.0

2008-09-17 11:15 . 2008-09-17 11:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-09-16 22:33 . 2008-09-16 22:34 <DIR> d-------- C:\Arquivos de programas\JUDE-Community

2008-09-16 11:04 . 2008-09-16 22:33 <DIR> d-------- C:\Documents and Settings\Raphael\.jude

2008-09-16 11:03 . 2007-03-14 02:04 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-09-16 11:01 . 2008-09-16 11:03 <DIR> d-------- C:\Arquivos de programas\Java

2008-09-16 11:01 . 2008-09-16 11:01 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-09-12 00:27 . 2008-09-12 00:27 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-09-11 20:34 . 2008-05-09 07:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll

2008-09-11 20:34 . 2008-05-09 07:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll

2008-09-11 20:34 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-09-11 20:34 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-09-11 20:34 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-09-11 20:34 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-09-11 20:34 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

2008-09-11 19:27 . 2008-09-11 19:29 49 --a------ C:\WINDOWS\NeroDigital.ini

2008-09-11 19:25 . 2008-09-11 19:25 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-09-11 19:25 . 2007-09-28 17:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-09-11 19:25 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-09-11 19:25 . 2007-07-29 16:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-09-11 19:25 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-09-11 11:39 . 2008-09-11 11:39 <DIR> d-------- C:\WINDOWS\system32\bits

2008-09-11 11:38 . 2008-04-13 19:20 218,112 --a--c--- C:\WINDOWS\system32\dllcache\c_g18030.dll

2008-09-11 11:38 . 2008-04-13 19:20 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll

2008-09-11 11:38 . 2007-04-02 11:26 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0412.dll

2008-09-11 11:38 . 2008-04-13 19:18 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll

2008-09-11 11:38 . 2008-04-13 19:18 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll

2008-09-11 11:38 . 2008-04-13 19:18 7,168 --a--c--- C:\WINDOWS\system32\dllcache\kbdibm02.dll

2008-09-11 11:38 . 2008-04-13 19:18 7,168 --a--c--- C:\WINDOWS\system32\dllcache\f3ahvoas.dll

2008-09-11 11:38 . 2008-04-13 19:18 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll

2008-09-11 11:38 . 2008-04-13 19:18 6,656 --a--c--- C:\WINDOWS\system32\dllcache\kbdlk41a.dll

2008-09-11 11:38 . 2008-04-13 19:18 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll

2008-09-11 11:38 . 2008-04-13 19:18 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbdlk41j.dll

2008-09-11 11:37 . 2008-09-11 11:40 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-09-11 11:37 . 2008-04-13 19:18 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll

2008-09-11 11:37 . 2008-04-13 19:18 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbdax2.dll

2008-09-11 11:35 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002648_.tmp

2008-09-10 09:53 . 2008-09-10 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-09-10 09:53 . 2008-09-10 09:53 <DIR> d-------- C:\Arquivos de programas\Nero

2008-09-10 09:53 . 2008-09-10 09:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-09-09 18:39 . 2008-09-09 18:39 <DIR> d-------- C:\Documents and Settings\Raphael\Dados de aplicativos\Simple Star

2008-09-09 18:39 . 2008-09-10 09:57 <DIR> d-------- C:\Documents and Settings\Raphael\Dados de aplicativos\Nero

2008-09-03 12:29 . 2008-09-03 12:29 244 --ah----- C:\sqmnoopt00.sqm

2008-09-03 12:29 . 2008-09-03 12:29 232 --ah----- C:\sqmdata00.sqm

2008-08-30 12:48 . 2008-08-30 12:52 <DIR> d-------- C:\Documents and Settings\Raphael\Dados de aplicativos\Winamp

2008-08-30 12:48 . 2008-08-30 12:48 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-08-25 20:13 . 2008-08-25 20:28 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2008-08-25 20:12 . 2008-08-25 20:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-08-25 20:12 . 2008-08-25 20:12 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-08-25 00:11 . 2008-08-25 00:11 <DIR> d--h----- C:\WINDOWS\PIF

2008-08-20 11:21 . 2008-06-23 13:29 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-08-20 11:21 . 2007-04-17 06:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-08-20 11:21 . 2007-03-08 02:12 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-08-20 11:21 . 2008-06-23 13:29 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-08-20 11:21 . 2008-06-23 13:29 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-08-20 11:21 . 2008-06-23 13:29 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-08-20 11:21 . 2008-06-23 13:29 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-08-20 11:21 . 2008-06-23 13:29 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-08-20 11:21 . 2008-06-23 06:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-08-17 17:37 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll

2008-08-17 17:37 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll

2008-08-17 17:37 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-08-16 00:03 . 2008-09-11 11:40 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-08-16 00:02 . 2008-08-16 00:02 <DIR> d-------- C:\Documents and Settings\Raphael\Dados de aplicativos\Apple Computer

2008-08-15 23:55 . 2008-08-19 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-15 23:55 . 2008-08-19 19:41 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-08-15 23:55 . 2008-08-19 19:40 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-08-15 21:47 . 2008-08-15 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-08-15 21:47 . 2008-08-15 21:47 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2008-08-15 21:27 . 2008-08-15 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-08-15 21:27 . 2008-08-15 21:27 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-08-15 20:44 . 2008-08-15 20:44 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-14 22:46 . 2008-08-14 22:46 <DIR> d-------- C:\Documents and Settings\Raphael\Dados de aplicativos\Shareaza

2008-08-14 22:46 . 2008-08-14 22:46 <DIR> d-------- C:\Arquivos de programas\Shareaza

2008-08-14 20:53 . 2008-04-11 16:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-14 20:48 . 2008-08-14 20:48 0 --a------ C:\WINDOWS\nsreg.dat

2008-08-14 14:36 . 2008-05-08 11:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-08-14 14:14 . 2008-06-14 14:34 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-08-14 14:14 . 2008-06-14 14:34 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-08-14 13:18 . 2008-09-12 00:27 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-08-14 13:18 . 2007-08-10 08:12 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-08-13 11:02 . 2008-08-25 08:34 <DIR> d-------- C:\Documents and Settings\Raphael\Dados de aplicativos\TerraDiscador

2008-08-12 23:42 . 2008-08-19 19:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-08-12 23:42 . 2008-08-19 19:42 <DIR> d-------- C:\Documents and Settings\Raphael\Contacts

2008-08-12 22:48 . 2008-08-12 22:48 <DIR> d--hs---- C:\Documents and Settings\Raphael\UserData

2008-08-12 22:37 . 2008-09-30 09:58 <DIR> d-------- C:\Arquivos de programas\Oi Internet

2008-08-12 22:13 . 2008-08-12 22:13 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-08-12 21:39 . 2003-08-29 04:09 578,304 -ra------ C:\WINDOWS\system32\drivers\smwdm.sys

2008-08-12 21:39 . 2002-04-01 03:15 4,816 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys

2008-08-12 21:39 . 2003-04-08 00:30 3,744 -ra------ C:\WINDOWS\system32\drivers\smsens.sys

2008-08-12 21:35 . 2008-08-12 21:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-12 21:35 . 2008-08-12 21:35 <DIR> d-------- C:\Arquivos de programas\Analog Devices

2008-08-12 21:34 . 2000-03-29 11:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS

2008-08-12 21:34 . 2008-08-12 21:34 3,694 --a------ C:\WINDOWS\Ascd_tmp.ini

2008-08-12 12:25 . 2008-08-12 12:26 377,466,880 --a------ C:\office.2003.iso

2008-08-12 12:24 . 2008-08-12 12:24 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-08-12 12:24 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-08-12 12:24 . 2008-08-12 22:17 524 --a------ C:\WINDOWS\ODBC.INI

2008-08-12 12:23 . 2008-08-12 12:24 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-08-12 12:21 . 2008-08-12 12:21 <DIR> dr-h----- C:\MSOCache

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-12 14:26 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-12 14:24 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-12 14:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 21:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:48 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

.

((((((((((((((((((((((((((((( snapshot@2008-09-23_19.08.39.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2001-07-14 20:32:24 69,632 ----a-w C:\WINDOWS\setup.pss\setupupd\temp\wsdueng.dll

+ 2008-09-30 13:01:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3d4.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

"kamsoft"="C:\WINDOWS\system32\ckvo.exe" [bU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2008-05-27 413696]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--a------ 2007-08-04 10:29 1056552 C:\Arquivos de programas\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

--a------ 2007-08-04 10:30 2043688 C:\Arquivos de programas\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-08-03 20:02 36352 C:\Arquivos de programas\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"C:\\Arquivos de programas\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Alwil Software\\Avast4\\ashAvast.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-09-05 86016]

R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 112574]

.

Conte£do da pasta 'Tarefas Agendadas'

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-30 10:02:04

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ*veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-09-30 10:03:30 - Maquina reiniciou [Raphael]

ComboFix-quarantined-files.txt 2008-09-30 13:03:24

ComboFix2.txt 2008-09-29 21:44:21

ComboFix3.txt 2008-09-27 15:47:22

ComboFix4.txt 2008-09-27 14:21:43

Pre-Run: 7 pasta(s) 12.434.825.216 bytes disponíveis

Post-Run: 10 pasta(s) 12,427,579,392 bytes dispon¡veis

230 --- E O F --- 2008-09-12 03:27:29

HijackThis :

Logfile of HijackThis v1.99.1

Scan saved at 10:04:50, on 30/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Raphael\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você está fazendo uso de mídias removíveis como pendrive, MP3, etc?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ultimamente nao.

Mas antes de passar o combofix com o console, eu ja tinha rodado ele umas 2 vezes sem o console, ai logo depois o virus saia, porque eu conseguia colocar pra ver os arquivos ocultos. Mas ai, depois de um tempo o virus voltava de repente, sem eu colocar pen-drive, nada. E os arquivos ocultos fikavam ocultos permanentes de novo.

Mas depois que eu passei esse ultimo combofix, com o arquivo q você me passou, ate agora continua permitido a ver os arquivos ocultos.

Apesar da entrada no registro mostrada no hijackthis informando do arquivo ckv0.exe

Acho que é so dar fix nele pra remove-lo e tudo se resolve nao ?

Compartilhar este post


Link para o post
Compartilhar em outros sites
Acho que é so dar fix nele pra remove-lo e tudo se resolve nao ?

Não enquanto não encontrarmos o ponto de reinfecção.

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e poste na sua próxima resposta.

    [*]Gere e cole também um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×