Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
may88

Analisem meu log do Hijack

Recommended Posts

Ultimamente meu pc está lento, muito lento! E quando peço pra desligar, antes de desligar aparece uma caixa de diálogo dizendo "Finalizando programa 'tal.exe'". Tenho certeza q é virus. Já passei o antivirus, ele detectou mas não conseguiu resolver o problema.

Segue o log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:21:32, on 18/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\arquivos de programas\qttask.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\arquivos de programas\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [explorer] C:\Arquivos de programas\mcae.exe

O4 - HKCU\..\Run: [kutorkt] c:\windows\sistem32\kutorkt.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [iexplorer] C:\ins_.exe

O4 - HKCU\..\Run: [MicrosoftUpgrade] C:\WINDOWS\inetinfx.exe

O4 - HKCU\..\Run: [MicrosoftUpdate] C:\WINDOWS\imidirx.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ARQUIV~1\Java\JRE15~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ARQUIV~1\Java\JRE15~2.0_0\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://placar.powerchallenge.com/applet/PowerLoader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://teiaraujo.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://teiaraujo.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginSUD.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StopGB (Service1) - Unknown owner - C:\WINDOWS\system32\testsvc.exe (file missing)

O23 - Service: Print Spooler Service (wh0o4wldul9i544y) - Unknown owner - C:\WINDOWS\system32\lnfqbqwihiab.exe (file missing)

--

End of file - 8891 bytes

Agradeço desde já!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:37:54, on 29/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\arquivos de programas\qttask.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\arquivos de programas\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [explorer] C:\Arquivos de programas\mcae.exe

O4 - HKCU\..\Run: [kutorkt] c:\windows\sistem32\kutorkt.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [iexplorer] C:\ins_.exe

O4 - HKCU\..\Run: [MicrosoftUpgrade] C:\WINDOWS\inetinfx.exe

O4 - HKCU\..\Run: [MicrosoftUpdate] C:\WINDOWS\imidirx.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ARQUIV~1\Java\JRE15~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ARQUIV~1\Java\JRE15~2.0_0\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://placar.powerchallenge.com/applet/PowerLoader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://teiaraujo.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://teiaraujo.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginSUD.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StopGB (Service1) - Unknown owner - C:\WINDOWS\system32\testsvc.exe (file missing)

O23 - Service: Print Spooler Service (wh0o4wldul9i544y) - Unknown owner - C:\WINDOWS\system32\lnfqbqwihiab.exe (file missing)

--

End of file - 8891 bytes

Desculpe a demora... Obrigada

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

O seu log mostra que está infectado por um trojan banker. Este trojan é capaz de capturar senhas e as enviar para um cracker (hacker).

Recomendações:

  1. Evite ao máximo utilizar a internet neste pc, até que ele esteja limpo.
  2. Use um PC limpo e seguro e troque todas as suas palavras-passe; palavras-chave (online passwords).
  3. Entre em contacto com as suas instituições financeiras (bancos, etc.) e informe-as desta sua situação.

Remoção:

Faça o download do BankerFix

  • Importante: A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.
  • Dê dois cliques no bankerfix.exe para executá-lo.
  • Clique em OK na primeira e na segunda vez que aparecerem caixas de mensagem. Se você estiver executando o BankerFix pela segunda vez, ele irá pedir para verificar por uma atualização. Diga que Sim e depois clique em OK.
  • Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.
  • Ao terminar, leia a mensagem na tela e aperte Enter novamente.
    Quando terminar, cole o conteúdo do arquivo C:\LinhaDefensiva\relatorio.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Depois de fazer sua resposta você pode apagar a pasta:

C:\LinhaDefensiva

Compartilhar este post


Link para o post
Compartilhar em outros sites

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2008-11-03 - 18:09

-------------------------------------------------------

Lista de Definição: 2008-10-08-1 | CORE: 2008-09-30-2

=======================================================

Arquivo infectado detectado: C:\WINDOWS\help\aviso.txt

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\inidirx.ini

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\ponto.dll

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\winhlp32.dat

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\SYSTEM32\MEGATRON.ini

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\SYSTEM32\reg_0001.txt

Arquivo infectado removido com sucesso!

----- Fim -------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:13:09, on 3/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\arquivos de programas\qttask.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Microsoft Office\Office10\WINWORD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\arquivos de programas\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [kutorkt] c:\windows\sistem32\kutorkt.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ARQUIV~1\Java\JRE15~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ARQUIV~1\Java\JRE15~2.0_0\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://placar.powerchallenge.com/applet/PowerLoader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://teiaraujo.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://teiaraujo.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginSUD.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StopGB (Service1) - Unknown owner - C:\WINDOWS\system32\testsvc.exe (file missing)

O23 - Service: Print Spooler Service (wh0o4wldul9i544y) - Unknown owner - C:\WINDOWS\system32\lnfqbqwihiab.exe (file missing)

--

End of file - 8691 bytes

Obs: o link q você postuo do bankerfix não funciona... tive q procurar em outros sites pra download! :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Obs: o link q você postuo do bankerfix não funciona... tive q procurar em outros sites pra download!

Obrigado :)

Rode o HijackThis , clique em Do a system scan only e marque as que encontrar da lista abaixo:

O4 - HKCU\..\Run: [kutorkt] c:\windows\sistem32\kutorkt.exe

Depois de marcar estas entradas, feche todas as janelas e clique em ht-fix.png

Clique em Iniciar -> Meu Computador

Depois em Ferramentas -> Opções de Pasta

Selecione a aba Modo de exibição

Desmarque:

  • Ocultar arquivos protegidos do sistema operacional (recomendado)
Marque:
  • Mostrar arquivos e pastas ocultos

Se surgir uma mensagem de aviso, clique em Sim

Clique em Aplicar e depois em OK

Utilizando o Windows Explorer, procure e elimine os seguintes Arquivos e as seguintes Pastas:

Obs: Caso não encontre algum dos arquivo(s) ou pasta(s), prossiga com as restantes instruções.

c:\windows\sistem32\kutorkt.exe <- o arquivo

Exemplo:

Para eliminar o arquivo C:\WINDOWS\malware.exe

Duplo-Clique em Meu Computador, ou pressione ao mesmo tempo as teclas: tecla Windows + E.

Duplo-Clique em Disco Local (C:\)

Duplo-Clique na pasta Windows,

Clique direito do mouse em malware.exe e no menu que abrirá, escolha Eliminar

Reinicie normalmente o computador. Gere e cole um Log do HijackThis e informe como está seu PC agora.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Utilizando o Windows Explorer, procure e elimine os seguintes Arquivos e as seguintes Pastas:

Obs: Caso não encontre algum dos arquivo(s) ou pasta(s), prossiga com as restantes instruções.

c:\windows\sistem32\kutorkt.exe <- o arquivo

Não achei esse arquivo na pasta system32. É por causa do Hijack já ter excluido essa entrada?

Segue o log do Hijack. Minha máquina ainda está meio lenta, mas não tanto a ponto de ter que esperar meia hora pra abrir um arquivo... Ainda tem alguma coisa q eu possa fazer pra deixar mais leve?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:56:12, on 4/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\arquivos de programas\qttask.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\arquivos de programas\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ARQUIV~1\Java\JRE15~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ARQUIV~1\Java\JRE15~2.0_0\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://placar.powerchallenge.com/applet/PowerLoader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://teiaraujo.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://teiaraujo.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginSUD.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StopGB (Service1) - Unknown owner - C:\WINDOWS\system32\testsvc.exe (file missing)

O23 - Service: Print Spooler Service (wh0o4wldul9i544y) - Unknown owner - C:\WINDOWS\system32\lnfqbqwihiab.exe (file missing)

--

End of file - 8631 bytes

Obrigada!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-11-03.06 - cliente 2008-11-04 16:20:27.5 - FAT32x86

Executando de: c:\documents and settings\TEMP\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\TEMP\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll

c:\documents and settings\TEMP\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini

c:\documents and settings\TEMP\Dados de aplicativos\inst.exe

c:\windows\.txt

c:\windows\IE4 Error Log.txt

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\Abn.gpc

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\desktop.ini

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\dwusplay.dll

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\dwusplay.exe

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\egaccess4.inf

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\erma.inf

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\gbieh.gmd

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\gbiehabn.dll

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\GbPluginABN.inf

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\isusweb.dll

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\LegitCheckControl.inf

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\messengerstatsclient.dll

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\MessengerStatsPAClient.dll

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\msgrchkr.dll

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\MsnPUpld.dll

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\MsnPUpld.inf

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\scpsssh2.inf

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\swflash.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_OREANS32

-------\Service_oreans32

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-04 to 2008-11-04 ))))))))))))))))))))))))))))

.

2008-10-24 08:31 . 2008-10-24 08:31 <DIR> d--hs---- C:\FOUND.067

2008-10-21 08:15 . 2008-10-21 08:15 304 --ah----- C:\sqmdata04.sqm

2008-10-21 08:15 . 2008-10-21 08:15 244 --ah----- C:\sqmnoopt04.sqm

2008-10-21 07:58 . 2008-10-21 07:58 268 --ah----- C:\sqmdata03.sqm

2008-10-21 07:58 . 2008-10-21 07:58 244 --ah----- C:\sqmnoopt03.sqm

2008-10-11 16:33 . 2008-10-11 16:33 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\xing shared

2008-10-11 16:32 . 2008-10-11 16:32 <DIR> d-------- c:\arquivos de programas\Real

2008-10-11 16:32 . 2008-10-11 16:32 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Real

2008-10-08 15:01 . 2008-10-08 15:01 <DIR> d--hs---- C:\FOUND.066

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-15 16:59 332,800 ------w c:\windows\SYSTEM32\dllcache\netapi32.dll

2008-09-27 13:59 --------- d-----w c:\documents and settings\TEMP\Dados de aplicativos\DNA

2008-09-27 13:59 --------- d-----w c:\documents and settings\TEMP\Dados de aplicativos\BitTorrent

2008-09-27 13:59 --------- d-----w c:\arquivos de programas\DNA

2008-09-15 15:40 1,846,144 ----a-w c:\windows\SYSTEM32\win32k.sys

2008-09-15 15:40 1,846,144 ------w c:\windows\SYSTEM32\dllcache\win32k.sys

2008-08-28 10:04 333,056 ------w c:\windows\SYSTEM32\dllcache\srv.sys

2008-08-19 09:30 18,432 ------w c:\windows\SYSTEM32\dllcache\iedw.exe

2008-08-14 13:45 2,184,576 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe

2008-08-14 13:45 2,184,576 ------w c:\windows\SYSTEM32\dllcache\ntoskrnl.exe

2008-08-14 13:45 2,140,160 ------w c:\windows\SYSTEM32\dllcache\ntkrnlmp.exe

2008-08-14 13:45 2,061,952 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe

2008-08-14 13:45 2,061,952 ------w c:\windows\SYSTEM32\dllcache\ntkrnlpa.exe

2008-08-14 13:45 2,019,840 ------w c:\windows\SYSTEM32\dllcache\ntkrpamp.exe

2008-08-14 09:51 138,368 ------w c:\windows\SYSTEM32\dllcache\afd.sys

2008-06-10 17:00 47,360 ----a-w c:\documents and settings\TEMP\Dados de aplicativos\pcouffin.sys

2008-04-21 17:54 62,264 ----a-w c:\documents and settings\TEMP\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-03-25 21:56 32 ----a-w c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat

2008-03-02 00:07 5,632 --sha-w c:\arquivos de programas\Thumbs.db

2008-02-07 13:34 98,304 ----a-w c:\arquivos de programas\qttask.exe

2008-02-07 13:34 360,504 ----a-w c:\arquivos de programas\QTPlugin.ocx

2007-06-26 13:39 25,600 ----a-w c:\documents and settings\cliente\usbsermptxp.sys

2007-06-26 13:39 22,768 ----a-w c:\documents and settings\cliente\usbsermpt.sys

2006-11-12 14:05 62,264 ----a-w c:\windows\Application Data\GDIPFONTCACHEV1.DAT

2006-08-19 00:49 0 ----a-w c:\documents and settings\cliente\LoadFailedReliableSendBuffer.bin

2006-08-13 13:27 172,034 ----a-w c:\documents and settings\cliente\OSSMTP.dll

2006-01-05 14:23 166 ----a-w c:\arquivos de programas\NOTASDEF.NOT

2003-12-14 11:20 1,393,664 ------w c:\arquivos de programas\QuickTimePlayer.exe

2003-08-27 13:49 3,424 ----a-w c:\windows\inf\OTHER\cmiainfo.sys

2002-11-19 23:44 266 --sh--w c:\arquivos de programas\desktop.ini

2002-11-19 23:44 11,280 ---h--w c:\arquivos de programas\folder.htt

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]

@="{7D688A77-C613-11D0-999B-00C04FD655E1}"

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]

2007-10-25 14:57 8484352 --a------ c:\windows\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2008-02-20 963072]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-27 68856]

"BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2008-09-27 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"QuickTime Task"="c:\arquivos de programas\qttask.exe" [2008-02-07 98304]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-10-11 185872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\windows\All Users\Menu Iniciar\Programas\Iniciar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.VDOM"= vdowave.drv

"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^WINDOWS^All Users^Menu Iniciar^Programas^Iniciar^Adobe Gamma Loader.lnk]

path=c:\windows\All Users\Menu Iniciar\Programas\Iniciar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^WINDOWS^All Users^Menu Iniciar^Programas^Iniciar^Microsoft Office.lnk]

path=c:\windows\All Users\Menu Iniciar\Programas\Iniciar\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 00:45 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Emurayden PSX Emulator]

--a------ 2005-11-10 13:03 36975 c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-02-07 11:34 98304 c:\arquivos de programas\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]

--a------ 2002-07-12 08:15 106496 c:\windows\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-11-10 13:03 36975 c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]

--a------ 2001-01-25 18:00 20480 c:\windows\wt\updater\wcmdmgrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]

-ra------ 2004-01-29 22:33 180224 c:\windows\SYSTEM32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]

--a------ 2001-10-28 12:07 3072 c:\windows\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Documents and Settings\\TEMP\\Dados de aplicativos\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb3e4350-1618-11dd-ba38-0014e8717f4a}]

\Shell\AutoRun\command - E:\xn1i9x.com

\Shell\explore\Command - E:\xn1i9x.com

\Shell\open\Command - E:\xn1i9x.com

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-11-04 c:\windows\Tasks\RemoveSCP.job

- c:\scp.bat []

2008-11-04 c:\windows\Tasks\RemoveGB.job

- c:\start.bat []

.

- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-areslite - c:\arquivos de programas\Ares Lite Edition\AresLite.exe

MSConfigStartUp-ImInstaller_IncrediMail - c:\docume~1\cliente\CONFIG~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe

MSConfigStartUp-pccguide - c:\arquivos de programas\Trend Micro\Internet Security\pccguide.exe

MSConfigStartUp-PCClient - c:\arquivos de programas\Trend Micro\Internet Security\PCClient.exe

MSConfigStartUp-SiS KHooker - c:\windows\system32\khooker.exe

MSConfigStartUp-system32 - c:\windows\system32\system32.exe

MSConfigStartUp-TM Outbreak Agent - c:\arquivos de programas\Trend Micro\Internet Security\TMOAgent.exe

MSConfigStartUp-Cmaudio - cmicnfg.cpl

MSConfigStartUp-Microsoft Update - win32.exe

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\documents and settings\TEMP\Dados de aplicativos\Mozilla\Firefox\Profiles\4bd5ell6.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.uol.com.br

FF -: plugin - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - c:\arquivos de programas\DNA\plugins\npbtdna.dll

FF -: plugin - c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava11.dll

FF -: plugin - c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava12.dll

FF -: plugin - c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava13.dll

FF -: plugin - c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava14.dll

FF -: plugin - c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava32.dll

FF -: plugin - c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF -: plugin - c:\arquivos de programas\Java\jre1.5.0_06\bin\NPOJI610.dll

FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF -: plugin - c:\arquivos de programas\Plugins\npqtplugin.dll

FF -: plugin - c:\arquivos de programas\Plugins\npqtplugin2.dll

FF -: plugin - c:\arquivos de programas\Plugins\npqtplugin3.dll

FF -: plugin - c:\arquivos de programas\Plugins\npqtplugin4.dll

FF -: plugin - c:\arquivos de programas\Plugins\npqtplugin5.dll

FF -: plugin - c:\arquivos de programas\Plugins\npqtplugin6.dll

FF -: plugin - c:\arquivos de programas\Plugins\npqtplugin7.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-04 16:53:51

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE

c:\arquivos de programas\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\HPZipm12.exe

c:\windows\SYSTEM32\WDFMGR.EXE

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\wscntfy.exe

c:\windows\SYSTEM32\WGATRAY.EXE

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-11-04 17:05:00 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-11-04 19:04:42

Pré-execução: 4.483.317.760 bytes disponíveis

Pós execução: 5,211,095,040 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout = 30

default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

228 --- E O F --- 2008-10-24 12:03:34

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu Java está desatualizado.

Versões antigas e desatualizadas, estão mais vulneráveis aos malwares.

  • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 10 e salve no seu ambiente de trabalho (Desktop).
  • Navegue até "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Clique em "Download". (está do lado direito)
  • Selecione a sua Plataforma: "Windows".
  • Selecione a sua linguagem: "Português".
  • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
  • Clique "Continue".
  • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
  • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
  • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
  • Clique em Remover ou Modificar/Remover.
  • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
  • Reinicie o seu computador, após ter removido as versões antigas de Java.
  • Dê agora o duplo-clique em jre-6u10-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

Gere e cole um novo log do HijackThis e informe se ainda nota algo estranho no seu computador.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:56:38, on 6/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\arquivos de programas\qttask.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\arquivos de programas\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://placar.powerchallenge.com/applet/PowerLoader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://teiaraujo.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://teiaraujo.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginSUD.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StopGB (Service1) - Unknown owner - C:\WINDOWS\system32\testsvc.exe (file missing)

O23 - Service: Print Spooler Service (wh0o4wldul9i544y) - Unknown owner - C:\WINDOWS\system32\lnfqbqwihiab.exe (file missing)

--

End of file - 8863 bytes

Então, hj ao iniciar meu pc ele estava lento, demorou um pouco pra carregar. Meu irmão usou ontem a noite e não deve ter tomado cuidado, não sei se ele desativou o anti virus... Sei lá... mas hj ele tá lento, demora pra abrir os sites, os programas... Quando eu escrevi q ele tinha melhorado em questão de velocidade, realmente tinha, estava mais rápido, mas agora voltou a ficar lento... O q deve ser dessa vez?

Obrigada!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Retificando... ele tá bem lento! Será q voltamos à estaca zero??

Perdoe o incomodo!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Retificando... ele tá bem lento! Será q voltamos à estaca zero??

Perdoe o incomodo!

Não incomoda nada :)

Rode novamente o combofix e cole o resultado.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-11-07.01 - cliente 2008-11-07 19:28:02.6 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.43 [GMT -2:00]

Executando de: c:\documents and settings\TEMP\Desktop\ComboFix.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-07 to 2008-11-07 ))))))))))))))))))))))))))))

.

2008-11-06 16:35 . 2008-11-06 16:35 <DIR> d--hs---- C:\FOUND.069

2008-11-05 19:32 . 2008-11-05 19:32 <DIR> d--hs---- C:\FOUND.068

2008-11-05 17:41 . 2008-11-05 17:38 410,976 --a------ c:\windows\SYSTEM32\deploytk.dll

2008-11-05 17:41 . 2008-11-05 17:38 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl

2008-11-05 17:37 . 2008-11-05 17:37 <DIR> d-------- c:\arquivos de programas\Java

2008-10-24 08:31 . 2008-10-24 08:31 <DIR> d--hs---- C:\FOUND.067

2008-10-21 08:15 . 2008-10-21 08:15 304 --ah----- C:\sqmdata04.sqm

2008-10-21 08:15 . 2008-10-21 08:15 244 --ah----- C:\sqmnoopt04.sqm

2008-10-21 07:58 . 2008-10-21 07:58 268 --ah----- C:\sqmdata03.sqm

2008-10-21 07:58 . 2008-10-21 07:58 244 --ah----- C:\sqmnoopt03.sqm

2008-10-11 16:33 . 2008-10-11 16:33 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\xing shared

2008-10-11 16:32 . 2008-10-11 16:32 <DIR> d-------- c:\arquivos de programas\Real

2008-10-11 16:32 . 2008-10-11 16:32 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Real

2008-10-08 15:01 . 2008-10-08 15:01 <DIR> d--hs---- C:\FOUND.066

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-15 16:59 332,800 ------w c:\windows\SYSTEM32\dllcache\netapi32.dll

2008-09-27 13:59 --------- d-----w c:\documents and settings\TEMP\Dados de aplicativos\DNA

2008-09-27 13:59 --------- d-----w c:\documents and settings\TEMP\Dados de aplicativos\BitTorrent

2008-09-27 13:59 --------- d-----w c:\arquivos de programas\DNA

2008-09-15 15:40 1,846,144 ----a-w c:\windows\SYSTEM32\win32k.sys

2008-09-15 15:40 1,846,144 ------w c:\windows\SYSTEM32\dllcache\win32k.sys

2008-08-28 10:04 333,056 ------w c:\windows\SYSTEM32\dllcache\srv.sys

2008-08-19 09:30 18,432 ------w c:\windows\SYSTEM32\dllcache\iedw.exe

2008-08-14 13:45 2,184,576 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe

2008-08-14 13:45 2,184,576 ------w c:\windows\SYSTEM32\dllcache\ntoskrnl.exe

2008-08-14 13:45 2,140,160 ------w c:\windows\SYSTEM32\dllcache\ntkrnlmp.exe

2008-08-14 13:45 2,061,952 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe

2008-08-14 13:45 2,061,952 ------w c:\windows\SYSTEM32\dllcache\ntkrnlpa.exe

2008-08-14 13:45 2,019,840 ------w c:\windows\SYSTEM32\dllcache\ntkrpamp.exe

2008-08-14 09:51 138,368 ------w c:\windows\SYSTEM32\dllcache\afd.sys

2008-06-10 17:00 47,360 ----a-w c:\documents and settings\TEMP\Dados de aplicativos\pcouffin.sys

2008-04-21 17:54 62,264 ----a-w c:\documents and settings\TEMP\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-03-25 21:56 32 ----a-w c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat

2008-03-02 00:07 5,632 --sha-w c:\arquivos de programas\Thumbs.db

2008-02-07 13:34 98,304 ----a-w c:\arquivos de programas\qttask.exe

2008-02-07 13:34 360,504 ----a-w c:\arquivos de programas\QTPlugin.ocx

2007-06-26 13:39 25,600 ----a-w c:\documents and settings\cliente\usbsermptxp.sys

2007-06-26 13:39 22,768 ----a-w c:\documents and settings\cliente\usbsermpt.sys

2006-11-12 14:05 62,264 ----a-w c:\windows\Application Data\GDIPFONTCACHEV1.DAT

2006-08-19 00:49 0 ----a-w c:\documents and settings\cliente\LoadFailedReliableSendBuffer.bin

2006-08-13 13:27 172,034 ----a-w c:\documents and settings\cliente\OSSMTP.dll

2006-01-05 14:23 166 ----a-w c:\arquivos de programas\NOTASDEF.NOT

2003-12-14 11:20 1,393,664 ------w c:\arquivos de programas\QuickTimePlayer.exe

2003-08-27 13:49 3,424 ----a-w c:\windows\inf\OTHER\cmiainfo.sys

2002-11-19 23:44 266 --sh--w c:\arquivos de programas\desktop.ini

2002-11-19 23:44 11,280 ---h--w c:\arquivos de programas\folder.htt

.

((((((((((((((((((((((((((((( snapshot@2008-11-04_17.00.42.57 )))))))))))))))))))))))))))))))))))))))))

.

- 2005-11-10 13:27:06 49,248 ----a-w c:\windows\SYSTEM32\java.exe

+ 2008-11-05 19:38:32 144,792 ----a-w c:\windows\SYSTEM32\java.exe

- 2005-11-10 13:27:16 49,250 ----a-w c:\windows\SYSTEM32\javaw.exe

+ 2008-11-05 19:38:32 144,792 ----a-w c:\windows\SYSTEM32\javaw.exe

- 2005-11-10 15:03:54 127,078 ----a-w c:\windows\SYSTEM32\javaws.exe

+ 2008-11-05 19:38:32 148,888 ----a-w c:\windows\SYSTEM32\javaws.exe

+ 2008-11-07 21:35:42 16,384 ----a-w c:\windows\TEMP\Perflib_Perfdata_208.dat

+ 2008-11-07 21:35:28 16,384 ----a-w c:\windows\TEMP\Perflib_Perfdata_734.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]

@="{7D688A77-C613-11D0-999B-00C04FD655E1}"

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]

2007-10-25 14:57 8484352 --a------ c:\windows\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2008-02-20 963072]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-27 68856]

"BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2008-09-27 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"QuickTime Task"="c:\arquivos de programas\qttask.exe" [2008-02-07 98304]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-10-11 185872]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-11-05 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\windows\All Users\Menu Iniciar\Programas\Iniciar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.VDOM"= vdowave.drv

"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^WINDOWS^All Users^Menu Iniciar^Programas^Iniciar^Adobe Gamma Loader.lnk]

path=c:\windows\All Users\Menu Iniciar\Programas\Iniciar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^WINDOWS^All Users^Menu Iniciar^Programas^Iniciar^Microsoft Office.lnk]

path=c:\windows\All Users\Menu Iniciar\Programas\Iniciar\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 00:45 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-02-07 11:34 98304 c:\arquivos de programas\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]

--a------ 2002-07-12 08:15 106496 c:\windows\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]

--a------ 2001-01-25 18:00 20480 c:\windows\wt\updater\wcmdmgrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]

-ra------ 2004-01-29 22:33 180224 c:\windows\SYSTEM32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]

--a------ 2001-10-28 12:07 3072 c:\windows\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Documents and Settings\\TEMP\\Dados de aplicativos\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

S3 CCCP106;D-Link CIF Webcam;c:\windows\system32\DRIVERS\cccp106.sys [2003-05-15 227200]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb3e4350-1618-11dd-ba38-0014e8717f4a}]

\Shell\AutoRun\command - E:\xn1i9x.com

\Shell\explore\Command - E:\xn1i9x.com

\Shell\open\Command - E:\xn1i9x.com

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-11-07 c:\windows\Tasks\RemoveSCP.job

- c:\scp.bat []

2008-11-07 c:\windows\Tasks\RemoveGB.job

- c:\start.bat []

.

- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-Emurayden PSX Emulator - c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

MSConfigStartUp-SunJavaUpdateSched - c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\documents and settings\TEMP\Dados de aplicativos\Mozilla\Firefox\Profiles\4bd5ell6.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.uol.com.br

FF -: plugin - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - c:\arquivos de programas\DNA\plugins\npbtdna.dll

FF -: plugin - c:\arquivos de programas\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - c:\arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\npdeploytk.dll

FF -: plugin - c:\arquivos de programas\Plugins\npqtplugin.dll

FF -: plugin - c:\arquivos de programas\Plugins\npqtplugin2.dll

FF -: plugin - c:\arquivos de programas\Plugins\npqtplugin3.dll

FF -: plugin - c:\arquivos de programas\Plugins\npqtplugin4.dll

FF -: plugin - c:\arquivos de programas\Plugins\npqtplugin5.dll

FF -: plugin - c:\arquivos de programas\Plugins\npqtplugin6.dll

FF -: plugin - c:\arquivos de programas\Plugins\npqtplugin7.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-07 19:39:14

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE

c:\arquivos de programas\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\SYSTEM32\WDFMGR.EXE

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\SYSTEM32\WGATRAY.EXE

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

c:\windows\system32\imapi.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-11-07 19:52:53 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-11-07 21:52:32

ComboFix2.txt 2008-11-04 19:05:06

Pré-execução: 5.542.412.288 bytes disponíveis

Pós execução: 5,597,429,760 bytes disponíveis

198 --- E O F --- 2008-10-24 12:03:34

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

1. Faça um backup ao registro.

  • Clique em Iniciar, depois em Executar e escreva: regedit e dê o OK.
  • Em cima à esquerda, clique em Meu Computador (fica selecionado com a côr azul).
  • Clique em Arquivo, depois em Exportar
  • Escolha "Salvar como"... Arquivos de Registro
  • Coloque o nome: RegBackup
  • Salve-o em C:\
  • Saia do Editor de registro.

2. Clique em Iniciar, Depois em Executar e digite: Notepad e dê OK.

  • Copie (Ctrl+C) e cole (Ctrl+V) o seguinte texto abaixo (começando com Windows Registry Editor Version 5.00) que está dentro da caixa CODE para o seu Bloco de Notas.
  • Certifique-se que copia para dentro de um arquivo do Bloco de Notas e não do Wordpad, senão não funcionará.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb3e4350-1618-11dd-ba38-0014e8717f4a}]

  • Certifique-se que não deixa nenhuma linha em branco antes do "Windows Registry Editor Version 5.00" e deverá ter uma linha em branco no final.
  • Clique em Arquivo e escolha Guardar como.
  • Modifique em Guardar com o tipo: para Todos os Arquivos.
  • Atribua-lhe o nome de Fixreg.reg e salve o arquivo no seu desktop.
  • Ficará com um icone como este: reg.JPG
  • Duplo clique no arquivo Fixreg.reg, que está no desktop. Quando surgir a pergunta, clique em Sim.

3. Reinicie normalmente o seu pc e na próxima resposta gere e cole um novo log do HijackThis e informe se ainda nota algo no seu pc.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×