Ir ao conteúdo
  • Cadastre-se
eduardosilvabm

Analizem meu log por favor!

Recommended Posts

por favor ajudem aqui!

eu estava com alguns virus e malwares... apos ei passar o combofix deu uma grande melhorada, porém acho q ainda estou sujo...

e tambem não consigo mais acessar meu itau bankline.

grato pela ajuda.

Logfile of HijackThis v1.99.1

Scan saved at 15:35:13, on 30/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

C:\ARQUIVOS DE PROGRAMAS\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe

C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\ApvxdWin.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\arquivos de programas\Realtek\pRM.exe

C:\arquivos de programas\Realtek\pRO.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [krn] C:\arquivos de programas\Realtek\Realtek.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

e o log do combofix:

ComboFix 08-09-28.05 - usuario 2008-09-30 14:47:02.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1533 [GMT -3:00]

Executando de: C:\Documents and Settings\usuario\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\usuario\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Documents and Settings\usuario\Cookies\usuario@baixecomrapidez[1].txt

C:\Documents and Settings\usuario\Cookies\usuario@youtube[1].txt

C:\otyh.cmd

C:\WINDOWS\msn.exe

C:\WINDOWS\system32\ckvo.exe

C:\WINDOWS\system32\ckvo0.dll

C:\wjlfhtfm.cmd

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-28 to 2008-09-30 ))))))))))))))))))))))))))))))))

.

2008-09-30 13:44 . 2008-09-01 19:32 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-09-30 13:44 . 2008-09-01 16:07 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-09-30 13:44 . 2008-09-01 16:07 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-09-30 13:44 . 2008-09-01 16:07 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-09-30 13:44 . 2008-09-01 16:07 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-09-30 13:44 . 2008-09-30 14:47 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-09-30 13:44 . 2008-09-01 16:07 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-09-30 13:44 . 2008-09-01 16:07 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-09-30 13:44 . 2008-09-30 13:44 <DIR> d-------- C:\Documents and Settings\Administrador

2008-09-30 09:59 . 2008-09-30 09:59 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-09-30 04:41 . 2008-09-30 13:11 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC

2008-09-30 04:13 . 2008-09-30 04:13 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Panda Security

2008-09-30 04:13 . 2008-09-30 04:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Panda Security

2008-09-30 04:10 . 2008-09-30 04:13 <DIR> d-------- C:\Arquivos de programas\Panda Security

2008-09-30 04:10 . 2008-09-30 04:10 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Panda Security

2008-09-30 04:10 . 2008-02-07 12:03 179,640 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2008-09-30 04:10 . 2008-03-04 15:59 41,144 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2008-09-30 04:10 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-09-29 21:24 . 2008-09-30 13:39 <DIR> d-------- C:\Arquivos de programas\Panda

2008-09-29 09:49 . 2008-09-30 11:30 <DIR> d-------- C:\Arquivos de programas\Worms Armageddon

2008-09-29 09:49 . 2008-09-29 09:51 <DIR> d-------- C:\Arquivos de programas\Worms Ar

2008-09-27 20:00 . 2008-09-27 20:00 122 --a------ C:\WINDOWS\wa.INI

2008-09-27 17:03 . 1997-08-26 12:06 315,904 --a------ C:\WINDOWS\IsUninst.exe

2008-09-27 17:02 . 2008-09-27 17:02 <DIR> d-------- C:\Documents and Settings\usuario\WINDOWS

2008-09-27 16:03 . 2008-09-27 16:03 <DIR> d-------- C:\Arquivos de programas\TryMedia

2008-09-27 11:27 . 2008-09-27 11:33 <DIR> d-------- C:\Arquivos de programas\SopCast

2008-09-27 11:27 . 2008-09-30 12:39 <DIR> d-------- C:\Arquivos de programas\Megacubo

2008-09-25 14:51 . 2008-09-25 17:22 <DIR> d--h----- C:\Arquivos de programas\Realtek

2008-09-24 07:34 . 2008-09-25 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NFS Underground

2008-09-24 07:30 . 2008-09-24 07:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DirectX

2008-09-24 07:00 . 2008-09-24 07:00 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-09-24 06:54 . 2008-09-24 06:54 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\DAEMON Tools

2008-09-24 06:54 . 2008-09-24 06:54 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-09-24 06:43 . 2008-09-24 06:43 <DIR> d-------- C:\Arquivos de programas\EA GAMES

2008-09-21 06:22 . 2008-09-21 06:22 <DIR> d-------- C:\DVDVideoSoft

2008-09-21 06:22 . 2008-09-21 06:22 <DIR> d-------- C:\Arquivos de programas\DVDVideoSoft

2008-09-21 06:22 . 2008-09-21 06:22 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

2008-09-21 06:22 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-09-20 11:09 . 2008-04-13 11:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-09-20 11:09 . 2008-04-13 11:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-09-18 20:55 . 2001-09-05 23:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-09-18 20:55 . 2001-09-05 23:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-09-18 20:55 . 2008-04-13 11:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-09-18 20:55 . 2008-04-13 11:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-09-17 18:33 . 2008-09-17 19:39 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\TowerTorneosPoker

2008-09-17 18:32 . 2008-09-17 18:33 <DIR> d-------- C:\Arquivos de programas\TowerTorneosPoker

2008-09-16 12:28 . 2008-09-16 12:30 226,056 --a------ C:\WINDOWS\pegaid.exe

2008-09-16 12:27 . 2008-09-16 12:27 0 ---hs---- C:\WINDOWS\system32\win32spx.ini

2008-09-16 12:25 . 2008-09-16 12:27 1,126,152 --a------ C:\WINDOWS\system32\winlogonn.exe

2008-09-12 21:10 . 2008-09-29 01:04 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-09-12 21:10 . 2008-09-29 01:04 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-09-12 21:10 . 2008-09-12 21:55 22,328 --a------ C:\Documents and Settings\usuario\Dados de aplicativos\PnkBstrK.sys

2008-09-12 21:09 . 2008-09-12 21:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-09-12 21:09 . 2008-09-12 22:00 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-09-12 21:09 . 2008-09-12 21:55 335 --a------ C:\WINDOWS\game.ini

2008-09-12 21:05 . 2008-09-12 21:05 <DIR> d-------- C:\Arquivos de programas\Activision

2008-09-12 07:10 . 2008-09-12 07:10 <DIR> d-------- C:\Arquivos de programas\Sweet Home 3D

2008-09-11 12:05 . 2008-09-17 08:52 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\BrOffice.org2

2008-09-11 11:33 . 2008-09-17 08:55 <DIR> d-------- C:\Arquivos de programas\BrOffice.org 2.4

2008-09-09 23:02 . 2008-09-09 23:02 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\InstallShield

2008-09-09 23:02 . 2008-09-28 02:05 <DIR> d-------- C:\Arquivos de programas\Garena

2008-09-09 00:14 . 2008-09-09 00:14 <DIR> d-------- C:\Arquivos de programas\ACDSee32

2008-09-09 00:14 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\system32\Pcdlib32.dll

2008-09-09 00:09 . 2008-09-23 14:17 <DIR> d-------- C:\WINDOWS\system\KID

2008-09-07 08:30 . 2008-09-11 22:31 90 --a------ C:\WINDOWS\Worms Armageddon.INI

2008-09-06 02:13 . 2008-09-06 02:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NOS

2008-09-06 02:13 . 2008-09-06 02:13 <DIR> d-------- C:\Arquivos de programas\NOS

2008-09-05 15:52 . 2008-09-05 17:05 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Desktopicon

2008-09-05 15:52 . 2008-09-14 23:11 <DIR> d-------- C:\Arquivos de programas\VDOWNLOADER

2008-09-05 14:26 . 2008-09-30 12:34 <DIR> d-------- C:\Arquivos de programas\Emule

2008-09-05 11:07 . 2008-09-05 11:07 <DIR> d-------- C:\Arquivos de programas\CoolSMS

2008-09-05 10:13 . 2008-09-27 22:52 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-09-05 10:12 . 2008-09-05 11:23 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Media Player Classic

2008-09-04 16:36 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll

2008-09-04 16:36 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll

2008-09-04 16:36 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-09-04 00:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-09-04 00:51 . 2008-09-04 00:51 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-09-04 00:37 . 2008-09-08 19:02 <DIR> d-------- C:\Arquivos de programas\Windows Live Toolbar

2008-09-03 23:44 . 2008-09-16 12:03 <DIR> d-------- C:\Documents and Settings\usuario\Contacts

2008-09-03 23:43 . 2008-09-08 18:32 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-09-03 23:04 . 2008-09-03 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-09-03 23:04 . 2008-09-08 19:02 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-09-03 23:04 . 2008-09-03 23:16 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-09-03 09:18 . 2008-09-03 09:18 <DIR> d-------- C:\Games

2008-09-03 06:50 . 2008-09-03 07:19 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Winamp

2008-09-03 06:50 . 2008-09-27 17:59 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-09-03 01:17 . 2008-09-03 01:17 <DIR> d-------- C:\Worms 3D

2008-09-03 00:22 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-09-03 00:19 . 2008-09-03 00:19 <DIR> d-------- C:\Arquivos de programas\Ubisoft

2008-09-02 23:52 . 2008-09-28 16:32 <DIR> d-------- C:\Call of Duty 2

2008-09-02 22:53 . 2008-09-30 13:28 <DIR> d-------- C:\Downloads

2008-09-02 22:43 . 2008-09-02 22:43 <DIR> d-------- C:\Arquivos de programas\Google

2008-09-02 22:23 . 2008-09-02 22:23 <DIR> d---s---- C:\Documents and Settings\usuario\UserData

2008-09-02 22:09 . 2008-09-02 22:10 <DIR> d-------- C:\Arquivos de programas\18 WoS Pedal to the Metal

2008-09-02 22:06 . 2008-09-02 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2008-09-02 22:05 . 2008-09-02 22:05 <DIR> d-------- C:\Arquivos de programas\Valusoft

2008-09-02 07:04 . 2008-09-02 07:04 <DIR> d-------- C:\Arquivos de programas\Positivo

2008-09-02 06:44 . 2008-09-02 06:44 <DIR> d-------- C:\Arquivos de programas\Foxit Software

2008-09-02 06:36 . 2008-09-02 06:43 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Ahead

2008-09-02 06:35 . 2008-09-02 06:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-09-02 06:35 . 2008-09-02 06:43 <DIR> d-------- C:\Arquivos de programas\VS Revo Group

2008-09-02 06:35 . 2008-09-02 06:35 <DIR> d-------- C:\Arquivos de programas\Nero

2008-09-02 06:35 . 2008-09-02 06:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-09-02 06:28 . 2008-09-02 06:28 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-09-02 06:18 . 2008-09-02 06:18 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-09-02 06:18 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll

2008-09-02 06:18 . 2008-09-02 06:18 421 --a------ C:\WINDOWS\ODBC.INI

2008-09-02 06:17 . 2008-09-02 06:18 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-09-02 06:16 . 2008-09-02 06:16 <DIR> dr-h----- C:\MSOCache

2008-09-01 21:25 . 2008-06-14 14:34 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-09-01 21:25 . 2008-06-14 14:34 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-09-01 21:16 . 2008-09-01 23:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-09-01 21:16 . 2005-02-25 00:34 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-09-01 21:12 . 2008-09-01 21:12 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-09-01 21:12 . 2003-03-18 18:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-09-01 21:12 . 2003-03-19 05:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL

2008-09-01 21:12 . 2003-02-21 13:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL

2008-09-01 21:12 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-09-01 21:02 . 2008-09-01 21:02 <DIR> d-------- C:\WINDOWS\system32\Atheros_L2

2008-09-01 21:02 . 2008-09-30 04:13 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2008-09-01 21:02 . 2008-09-02 07:04 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-09-01 21:01 . 2008-09-01 21:01 <DIR> d-------- C:\WINDOWS\ASUSInstAll

2008-09-01 21:00 . 2008-09-01 21:00 <DIR> d-------- C:\Arquivos de programas\Intel

2008-09-01 20:59 . 2008-09-01 20:59 <DIR> d-------- C:\Intel

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-24 20:55 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-09-01 22:35 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-09-01 22:34 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-09-01 22:34 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 18:38 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 17:48 193,280 ----a-w C:\WINDOWS\system32\TpUtil.dll

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:11 668,160 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:48 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-18 21:03 87,296 ----a-w C:\WINDOWS\system32\PavLspHook.dll

2008-06-18 21:03 55,552 ----a-w C:\WINDOWS\system32\pavipc.dll

2008-06-18 21:03 520,448 ----a-w C:\WINDOWS\system32\PavSHook.dll

2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432]

"krn"="C:\arquivos de programas\Realtek\Realtek.exe" [2008-09-25 4197888]

"APVXDWIN"="C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-07-16 857344]

"SCANINICIO"="C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2008-04-13 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 16:58 58672 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-11-16 19:04 139264 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS]

--a------ 2007-08-28 16:01 1067520 C:\Arquivos de programas\CoolSMS\CoolSMS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-06-28 13:43 8466432 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-06-28 13:43 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win32spx]

--a------ 2008-09-16 12:27 1126152 C:\WINDOWS\system32\winlogonn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2008-08-12 12:22 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-06-28 13:43 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2008-08-12 12:23 16855552 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

--a------ 2008-08-12 12:23 1826816 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Games\\Counter-Strike Source\\hl2.exe"=

"C:\\Worms 3D\\WORMS3D\\bin\\Worms3D.exe"=

"C:\\Arquivos de programas\\Emule\\emule.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Garena\\Garena.exe"=

"C:\\Arquivos de programas\\Ubisoft\\Techland\\Call of Juarez\\CoJ.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Arquivos de programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\EA GAMES\\Need For Speed Underground\\Speed.exe"=

"C:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\Arquivos de programas\\Worms Armageddon\\Worms Armageddon.exe"=

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9150:TCP"= 9150:TCP:BitComet 9150 TCP

"9150:UDP"= 9150:UDP:BitComet 9150 UDP

R0 pavboot;Panda boot driver;C:\WINDOWS\system32\Drivers\pavboot.sys [2008-06-19 28544]

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]

R2 Gwmsrv;Panda Goodware Cache Manager;C:\WINDOWS\system32\svchost -k Panda [ ]

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-07 179640]

R2 PskSvcRetail;Panda PSK service;C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe [2008-06-25 28928]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 29696]

R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [ ]

R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [ ]

R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [ ]

S3 AVPsys;AVPsys;C:\WINDOWS\system32\drivers\tdi.sys [2008-09-24 19072]

S3 getPlus® Helper;getPlus® Helper;C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

panda REG_MULTI_SZ Gwmsrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02593289-7b2a-11dd-be2d-001e8cd9a745}]

\Shell\AutoRun\command - F:\wjlfhtfm.cmd

\Shell\explore\Command - F:\wjlfhtfm.cmd

\Shell\open\Command - F:\wjlfhtfm.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3eedbca5-78cf-11dd-be20-001e8cd9a745}]

\Shell\AutoRun\command - E:\kk3.bat

\Shell\explore\Command - E:\kk3.bat

\Shell\open\Command - E:\kk3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b760158-7953-11dd-be27-001e8cd9a745}]

\Shell\AutoRun\command - vxl.exe

\Shell\explore\Command - vxl.exe

\Shell\open\Command - vxl.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73d29453-7ac2-11dd-be2b-001e8cd9a745}]

\Shell\AutoRun\command - E:\ov.cmd

\Shell\explore\Command - E:\ov.cmd

\Shell\open\Command - E:\ov.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb98d5eb-86a4-11dd-be47-001e8cd9a745}]

\Shell\AutoRun\command - E:\xk2n.bat

\Shell\explore\Command - E:\xk2n.bat

\Shell\open\Command - E:\xk2n.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb98d5ee-86a4-11dd-be47-001e8cd9a745}]

\Shell\AutoRun\command - F:\xk2n.bat

\Shell\explore\Command - F:\xk2n.bat

\Shell\open\Command - F:\xk2n.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd98f6fa-8ede-11dd-be5d-001e8cd9a745}]

\Shell\AutoRun\command - F:\otyh.cmd

\Shell\explore\Command - F:\otyh.cmd

\Shell\open\Command - F:\otyh.cmd

*Newly Created Service* - PROCEXP90

.

- - - - ORFAOS REMOVIDOS - - - -

HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe

MSConfigStartUp-kamsoft - C:\WINDOWS\system32\ckvo.exe

MSConfigStartUp-orkut - C:\WINDOWS\orkut.exe

MSConfigStartUp-win32process - C:\WINDOWS\process.exe

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.br/

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-30 14:47:57

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-09-30 14:48:22

ComboFix-quarantined-files.txt 2008-09-30 17:48:19

Pre-Run: 11 pasta(s) 199.032.786.944 bytes disponíveis

Post-Run: 15 pasta(s) 200,548,847,616 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

314 --- E O F --- 2008-09-10 06:03:01

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste um log do Hijackthis por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×