Ir ao conteúdo
  • Cadastre-se
ploocky

Kavo.exe - LOG do HijackThis

Recommended Posts

Olá, pessoal.

Eu peguei um vírus no meu notebook a um tempão, e ele não sai do meu pc por nada. Já tentei instalar vaarios anti-virus e atualmente estou com o Norton.. cheguei a comprá-lo, até. E agora, o virus continua. Se eu não me engano, ele tá até atrapalhando a entrada no msn e tal. Se alguém puder analisar o meu log, ficarei grato.

Log:

-------------------------------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 15:07:46, on 19/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\WINDOWS\SERV-N\apache\Apache.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\SERV-N\apache\mysql\bin\mysqld-nt.exe

C:\WINDOWS\SERV-N\apache\Apache.exe

C:\Arquivos de programas\Super_DVD_Creator_9.8\NMSAccessU.exe

C:\windows\system32\nvsvc32.exe

C:\windows\system32\svchost.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\windows\System32\svchost.exe

C:\windows\Explorer.EXE

C:\windows\system32\RUNDLL32.EXE

C:\Arquivos de programas\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\windows\system32\rundll32.exe

C:\windows\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\windows\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Last.fm\LastFM.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Rodolfo\CONFIG~1\Temp\Rar$EX00.344\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [barsaka] explorer.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Arquivos de programas\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Arquivos de programas\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [ALUAlert] C:\Arquivos de programas\Symantec\LiveUpdate\ALuNotify.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [kava] C:\windows\system32\kavo.exe

O4 - HKCU\..\Run: [kamsoft] C:\windows\system32\ckvo.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [tava] C:\windows\system32\tavo.exe

O4 - HKCU\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{1E1F45DC-C4B7-4ED5-8653-B9FD60759B74}: NameServer = 192.169.11.254 201.18.70.18

O17 - HKLM\System\CCS\Services\Tcpip\..\{545D38B1-C1E3-434C-AFFD-F19C38D85D03}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{1E1F45DC-C4B7-4ED5-8653-B9FD60759B74}: NameServer = 192.169.11.254 201.18.70.18

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: Apache - Unknown owner - C:\WINDOWS\SERV-N\apache\Apache.exe" --ntservice (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: MySQL - Unknown owner - C:\WINDOWS\SERV-N\apache\mysql\bin\mysqld-nt.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\Super_DVD_Creator_9.8\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

----------------------------------

Desde já eu agradeço.

Abraços..

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pessoal, eu havia esquecido de usar esse programa que vocês também recomendam aqui, o ComboFix. Eu fiz o processo inteiro, que reiniciou o pc e me deu esse log. Vou postar aqui pra vocês:

------------------------------

ComboFix 08-10-18.03 - Rodolfo 2008-10-19 15:32:48.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.398 [GMT -2:00]

Executando de: C:\Documents and Settings\Rodolfo\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

C:\bo1dhu.bat

C:\ewatr.cmd

C:\windows\IE4 Error Log.txt

C:\windows\system32\Bitkv1.dll

C:\windows\system32\Cache

C:\windows\system32\ckvo.exe

C:\windows\system32\ckvo0.dll

C:\windows\system32\ckvo1.dll

C:\windows\system32\kavo.exe

C:\windows\system32\kavo0.dll

C:\windows\system32\kavo1.dll

C:\windows\system32\kavo2.dll

C:\windows\system32\tavo.exe

C:\windows\system32\tavo0.dll

D:\Autorun.inf

D:\bo1dhu.bat

D:\ewatr.cmd

F:\autorun.inf

F:\bo1dhu.bat

F:\ewatr.cmd

F:\ox.cmd

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-19 to 2008-10-19 ))))))))))))))))))))))))))))

.

2008-10-19 13:09 . 2008-10-19 13:09 <DIR> d-------- C:\Documents and Settings\Rodolfo\Tracing

2008-10-19 12:41 . 2008-10-19 13:52 <DIR> d-------- C:\Arquivos de programas\Norton Internet Security

2008-10-19 12:40 . 2006-09-02 20:21 108,728 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-10-19 12:40 . 2006-09-02 20:21 48,824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-10-19 12:39 . 2008-10-19 12:44 <DIR> d-------- C:\Arquivos de programas\Symantec

2008-10-19 02:54 . 2008-10-19 02:54 <DIR> d-------- C:\Arquivos de programas\Microsoft

2008-10-19 02:07 . 2008-10-19 02:07 <DIR> d-------- C:\Documents and Settings\Rodolfo\Contacts

2008-10-18 19:35 . 2008-10-18 19:35 <DIR> d-------- C:\Documents and Settings\Rodolfo\Dados de aplicativos\SmartFTP

2008-10-18 19:35 . 2008-10-18 19:35 <DIR> d-------- C:\Arquivos de programas\SmartFTP Client 3.0 Setup Files

2008-10-18 19:35 . 2008-10-18 19:35 <DIR> d-------- C:\Arquivos de programas\SmartFTP Client

2008-10-18 19:27 . 2008-10-18 19:27 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Windows Live

2008-10-18 19:23 . 2008-10-19 13:38 105,115 -r-hs---- C:\2fiji.com

2008-10-18 15:15 . 2008-10-18 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Last.fm

2008-10-14 15:09 . 2008-10-14 15:09 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-10-11 16:46 . 2008-10-11 16:46 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-10-11 14:55 . 2008-10-11 14:55 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe

2008-10-10 18:00 . 2008-10-10 18:09 1,905 --a------ C:\WINDOWS\diagwrn.xml

2008-10-10 18:00 . 2008-10-10 18:09 1,905 --a------ C:\WINDOWS\diagerr.xml

2008-10-09 11:14 . 2008-09-10 14:56 115,992 -r-hs---- C:\iwjj.com

2008-10-06 13:29 . 2008-10-06 13:29 <DIR> d--h----- C:\WINDOWS\PIF

2008-10-06 13:29 . 2008-10-19 13:16 16 --a------ C:\WINDOWS\system32\coh.cache

2008-10-06 13:20 . 2008-10-19 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-10-06 13:19 . 2008-10-19 15:37 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-09-29 19:54 . 2008-09-29 19:54 <DIR> d-------- C:\My Disc

2008-09-26 15:11 . 2008-09-26 15:11 9,108,065 --a------ C:\Sound 5.mp3

2008-09-26 15:00 . 2008-09-26 15:00 8,972,646 --a------ C:\dfokj.mp3

2008-09-24 19:15 . 2008-09-24 19:15 146,291 --a------ C:\WINDOWS\FontData.fdb

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-19 17:21 --------- d-----w C:\Arquivos de programas\MediaCoder

2008-10-19 04:19 --------- d-----w C:\Arquivos de programas\Windows Live

2008-10-11 16:45 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-17 01:54 --------- d-----w C:\Arquivos de programas\CyberLink

2008-09-12 22:56 187,392 ----a-w C:\windows\system32\kavo0.VIR

2008-09-10 22:02 --------- d-----w C:\Documents and Settings\Moisés\Dados de aplicativos\Sonic Foundry

2008-09-09 03:03 51,712 ----a-w C:\windows\system32\sirenacm.dll

2008-09-04 23:55 --------- d-----w C:\Documents and Settings\Rodolfo\Dados de aplicativos\Sonic Foundry

2008-09-04 22:04 --------- d-----w C:\Arquivos de programas\Sonic Foundry

2008-09-04 22:02 --------- d-----w C:\Arquivos de programas\Sony

2008-08-31 02:37 --------- d-----w C:\Documents and Settings\Rodolfo\Dados de aplicativos\Sony Setup

2008-08-31 02:37 --------- d-----w C:\Arquivos de programas\Sony Setup

2008-08-28 13:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2008-08-26 15:41 --------- d-----w C:\Arquivos de programas\Avira

2008-05-14 16:08 1,488,011 ----a-w C:\Arquivos de programas\FLVPlayer.exe

2007-10-04 12:44 2,483,706 ----a-w C:\windows\inf\SET3FE.tmp

2004-10-01 17:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2006-05-03 09:06 163,328 --sh--r C:\windows\system32\flvDX.dll

2007-02-21 10:47 31,232 --sh--r C:\windows\system32\msfDX.dll

2008-03-16 12:30 216,064 --sh--r C:\windows\system32\nbDX.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 1667584]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 7581696]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 86016]

"hpWirelessAssistant"="C:\Arquivos de programas\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]

"UCam_Menu"="C:\Arquivos de programas\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2006-09-03 84640]

"osCheck"="C:\Arquivos de programas\Norton Internet Security\osCheck.exe" [2006-09-05 26248]

"Symantec PIF AlertEng"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"ALUAlert"="C:\Arquivos de programas\Symantec\LiveUpdate\ALuNotify.exe" [2006-09-02 100032]

"nwiz"="nwiz.exe" [2006-07-20 C:\WINDOWS\system32\nwiz.exe]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

"Barsaka"="explorer.exe" [2004-08-04 C:\WINDOWS\explorer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i420vfw.dll

"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------- 2005-07-08 12:25 1397760 C:\Arquivos de programas\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-08-04 00:56 1667584 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-12-08 17:35 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"InCDsrv"=2 (0x2)

"LiveUpdate"=3 (0x3)

"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\SmartFTP Client\\SmartFTP.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 NMSAccessU;NMSAccessU;C:\Arquivos de programas\Super_DVD_Creator_9.8\NMSAccessU.exe [2007-10-12 71096]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50d3f760-7fc0-11dd-8887-001636ae76ec}]

\Shell\AutoRun\command - F:\iwjj.com

\Shell\explore\Command - F:\iwjj.com

\Shell\open\Command - F:\iwjj.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{572ed4f0-8078-11da-87fc-0014a5d42cdf}]

\Shell\AutoRun\command - G:\ox.cmd

\Shell\explore\Command - G:\ox.cmd

\Shell\open\Command - G:\ox.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69c85813-8829-11da-881d-ef0d30fb96ab}]

\Shell\AutoRun\command - F:\fooool.exe

\Shell\explore\Command - F:\fooool.exe

\Shell\open\Command - F:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77c0c292-959e-11da-8844-001636ae76ec}]

\Shell\AutoRun\command - F:\fooool.exe

\Shell\explore\Command - F:\fooool.exe

\Shell\open\Command - F:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a785675-9194-11dd-88c4-001636ae76ec}]

\Shell\AutoRun\command - F:\yew.bat

\Shell\explore\Command - F:\yew.bat

\Shell\open\Command - F:\yew.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddb46408-7b95-11da-87e1-f4d6b5dae511}]

\Shell\AutoRun\command - iwjj.com

\Shell\explore\Command - iwjj.com

\Shell\open\Command - iwjj.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8d16d61-9799-11dd-88d4-001636ae76ec}]

\Shell\AutoRun\command - G:\iwjj.com

\Shell\explore\Command - G:\iwjj.com

\Shell\open\Command - G:\iwjj.com

*Newly Created Service* - COMHOST

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-19 C:\windows\Tasks\Norton Internet Security - Run Full System Scan - Rodolfo.job

- C:\ARQUIV~1\NORTON~1\NORTON~1\Navw32.exe [2006-09-07 03:38]

2008-10-19 C:\windows\Tasks\User_Feed_Synchronization-{DE1AFC71-48D9-4A41-A741-758D4D42B2F6}.job

- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-kamsoft - C:\windows\system32\ckvo.exe

ShellExecuteHooks-{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09} - C:\windows\system32\Bitkv1.dll

MSConfigStartUp-kava - C:\WINDOWS\system32\kavo.exe

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Rodolfo\Dados de aplicativos\Mozilla\Firefox\Profiles\0r0opse0.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - http:

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-19 15:37:52

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymcData\nco1.0defs\20060801.001\full-webauth.sql.bin 4180533 bytes

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymcData\nco1.0defs\BinHub\PopularSites.xml.bin 2621 bytes

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymcData\nco1.0defs\BinHub\Redirectors.xml.bin 46752 bytes

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymcData\nco1.0defs\BinHub\Resources.xml.bin 490 bytes

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymcData\nco1.0defs\BinHub\SafeList.xml.bin 533997 bytes

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymcData\nco1.0defs\BinHub\SearchServices.xml.bin 15750 bytes

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymcData\nco1.0defs\BinHub\Throttle.xml.bin 454 bytes

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymcData\nco1.0defs\BinHub\TrustedDomains.xml.bin 218792 bytes

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymcData\nco1.0defs\BinHub\URLAnalysis.xml.bin 568756 bytes

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymcData\nco1.0defs\BinHub\WebHostingSites.xml.bin 20659 bytes

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymcData\nco1.0defs\latest-hub-webauth.sql.bin 4180534 bytes

Varredura completada com sucesso

arquivos/ficheiros ocultos: 11

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]

"ImagePath"="C:\WINDOWS\SERV-N\apache\mysql\bin\mysqld-nt --defaults-file=C:\WINDOWS\SERV-N\apache\mysql\bin\my.cnf MySQL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESSOS: C:\windows\explorer.exe

-> C:\windows\system32\nview.dll

-> ?:\WINDOWS\system32\CFGMGR32.dll

.

------------------------ Outros Processos em Execução ------------------------

.

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\SERV-N\apache\Apache.exe

C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\SERV-N\apache\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\WINDOWS\SERV-N\apache\Apache.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Arquivos de programas\Symantec\LiveUpdate\AUPDATE.EXE

C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\DW20.EXE

C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\WINDOWS\system32\imapi.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-19 15:42:32 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-10-19 17:42:20

Pré-execução: 16 pasta(s) 55.141.302.272 bytes disponíveis

Pós execução: 16 pasta(s) 55,962,116,096 bytes disponíveis

247 --- E O F --- 2008-10-19 14:16:01

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia o seguinte tópico:

http://forum.clubedohardware.com.br/nao-responda-seu/386252

Por gentileza, poste um novo log do Hijackthis.

Obs: Não abra um novo tópico, poste seu novo log clicando no botão Responder.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×