Ir ao conteúdo
  • Cadastre-se
anacleton

Pc com virus, segue meu log hijackthis

Recommended Posts

Meu pc anda meio estranho não consigo nem instalar o anti virus kaperskay, de uma olhada no meu log, e por favor me digam o q pode ser feito. obrigado!!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:26:10, on 16/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20627)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\BitDefender\BitDefender 2009\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\BitDefender\BitDefender 2009\bdagent.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\BitDefender\BitDefender 2009\seccenter.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Anyplace Control\apc_Admin.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe

C:\Documents and Settings\Anacleton\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Arquivos de programas\BitDefender\BitDefender 2009\IEToolbar.dll

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [bDAgent] "C:\Arquivos de programas\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Arquivos de programas\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe

O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://127.0.0.1:9070/etc/var/TVUAx.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{226C57D6-1505-40F5-A4CC-F51730543B2A}: NameServer = 192.168.0.1,200.221.11.100

O17 - HKLM\System\CS1\Services\Tcpip\..\{226C57D6-1505-40F5-A4CC-F51730543B2A}: NameServer = 192.168.0.1,200.221.11.100

O17 - HKLM\System\CS2\Services\Tcpip\..\{226C57D6-1505-40F5-A4CC-F51730543B2A}: NameServer = 192.168.0.1,200.221.11.100

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Arquivos de programas\BitDefender\BitDefender 2009\vsserv.exe

--

End of file - 5912 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

segue o log do combo fix

ComboFix 08-12-16.03 - Anacleton 2008-12-17 12:59:35.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.2039.1619 [GMT -4:00]

Executando de: c:\documents and settings\Anacleton\Desktop\ComboFix.exe

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\2u.com

C:\3rl3lqbq.bat

C:\autorun.inf

C:\e.cmd

C:\h3.bat

C:\i.bat

C:\ij.bat

C:\m2nl.bat

C:\ncyrf.bat

C:\p1y2.cmd

C:\rcukd.cmd

c:\windows\system32\gasretyw0.dll

c:\windows\system32\gasretyw1.dll

c:\windows\system32\kamsoft.exe

D:\2u.com

D:\3rl3lqbq.bat

D:\abk.bat

D:\Autorun.inf

D:\e.cmd

D:\h3.bat

D:\i.bat

D:\ij.bat

D:\m2nl.bat

D:\ncyrf.bat

D:\p1y2.cmd

D:\rcukd.cmd

E:\2u.com

E:\3rl3lqbq.bat

E:\Autorun.inf

E:\h3.bat

E:\p1y2.cmd

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-17 to 2008-12-17 ))))))))))))))))))))))))))))

.

2008-12-16 18:34 . 2008-12-16 18:34 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-16 18:20 . 2008-12-16 18:20 <DIR> d-------- c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2008-12-16 18:02 . 2008-12-16 18:02 <DIR> d-------- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2008-12-16 17:58 . 2008-12-16 18:23 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-12-16 17:58 . 2008-12-16 18:00 <DIR> d-------- c:\arquivos de programas\Spybot - Search & Destroy

2008-12-16 17:44 . 2008-12-16 18:45 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2008-12-15 20:02 . 2008-12-15 20:02 <DIR> d-------- c:\windows\Sun

2008-12-15 20:01 . 2008-12-16 18:34 <DIR> d-------- c:\arquivos de programas\Java

2008-12-15 20:01 . 2008-12-16 18:34 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-12-15 19:54 . 2008-12-15 19:54 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Java

2008-12-13 11:59 . 2008-12-13 12:00 <DIR> d-------- C:\JOGOS

2008-12-12 14:41 . 2008-12-12 14:41 <DIR> d-------- c:\windows\system32\URTTemp

2008-12-12 14:20 . 2008-12-12 14:20 <DIR> d-------- c:\arquivos de programas\PhotonFX

2008-12-12 10:41 . 2008-12-08 15:51 107,045 -r-hs---- C:\m9ma.exe

2008-12-12 10:41 . 2008-12-08 15:51 107,045 -r-hs---- C:\6fnlpetp.exe

2008-12-10 06:33 . 2008-12-17 06:27 85,504 -r-hs---- c:\windows\system32\vbsdfe1.dll

2008-12-09 10:09 . 2008-12-17 06:27 114,076 -r-hs---- c:\windows\system32\vamsoft.exe

2008-12-09 10:09 . 2008-12-17 12:20 85,504 -r-hs---- c:\windows\system32\vbsdfe0.dll

2008-12-01 16:40 . 2008-12-01 16:40 <DIR> d-------- C:\Temp

2008-11-30 21:04 . 2008-11-30 21:04 <DIR> d-------- c:\arquivos de programas\TVAntsX

2008-11-30 11:44 . 2008-12-02 19:36 <DIR> d-------- c:\documents and settings\Anacleton\Dados de aplicativos\Vso

2008-11-30 11:44 . 2008-11-30 11:44 <DIR> d-------- c:\arquivos de programas\vso

2008-11-30 11:44 . 2008-11-30 11:44 87,608 --a------ c:\documents and settings\Anacleton\Dados de aplicativos\ezpinst.exe

2008-11-30 11:44 . 2008-11-30 11:44 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys

2008-11-30 11:44 . 2008-11-30 11:44 47,360 --a------ c:\documents and settings\Anacleton\Dados de aplicativos\pcouffin.sys

2008-11-28 20:41 . 2008-11-28 20:41 121 --a------ c:\windows\bdagent.INI

2008-11-28 17:54 . 2008-11-29 08:18 111,636 -r-hs---- C:\o1.com

2008-11-27 21:08 . 2008-11-27 21:08 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\TVU Networks

2008-11-26 18:11 . 2008-12-02 19:32 <DIR> d-------- c:\arquivos de programas\SopCast

2008-11-26 09:39 . 2008-11-26 09:39 850 --a------ c:\windows\system32\ProductTweaks.xml

2008-11-26 09:39 . 2008-11-26 09:39 385 --a------ c:\windows\system32\user_gensett.xml

2008-11-25 23:05 . 2008-11-25 23:06 <DIR> d-------- c:\documents and settings\Anacleton\Dados de aplicativos\Media Player Classic

2008-11-25 23:01 . 2007-07-21 17:39 1,875,968 --a------ c:\windows\system32\msir3jp.lex

2008-11-25 23:01 . 2007-07-21 17:39 1,677,824 --a------ c:\windows\system32\chsbrkr.dll

2008-11-25 23:01 . 2007-07-21 17:39 1,158,818 --a------ c:\windows\system32\korwbrkr.lex

2008-11-25 23:01 . 2007-07-21 17:39 838,144 --a------ c:\windows\system32\chtbrkr.dll

2008-11-25 23:01 . 2007-07-21 17:39 98,304 --a------ c:\windows\system32\msir3jp.dll

2008-11-25 23:01 . 2007-07-21 17:39 70,656 --a------ c:\windows\system32\korwbrkr.dll

2008-11-25 23:01 . 2007-07-21 17:39 2,060 --a------ c:\windows\system32\noise.jpn

2008-11-25 23:01 . 2007-07-21 17:39 1,486 --a------ c:\windows\system32\noise.kor

2008-11-25 22:59 . 2007-07-21 17:39 811,064 --a------ c:\windows\system32\imjp81k.dll

2008-11-25 22:58 . 2001-08-18 06:36 8,704 --a------ c:\windows\system32\kbdjpn.dll

2008-11-25 22:58 . 2001-08-18 06:36 8,192 --a------ c:\windows\system32\kbdkor.dll

2008-11-25 22:58 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd106.dll

2008-11-25 22:58 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101c.dll

2008-11-25 22:58 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101b.dll

2008-11-25 22:58 . 2001-08-17 22:55 5,632 --a------ c:\windows\system32\kbd103.dll

2008-11-25 22:38 . 2008-11-25 22:38 <DIR> d-------- c:\documents and settings\Anacleton\Dados de aplicativos\BitDefender

2008-11-25 22:37 . 2008-11-25 22:39 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\BitDefender

2008-11-25 22:37 . 2008-11-25 22:37 <DIR> d-------- c:\arquivos de programas\BitDefender

2008-11-25 22:37 . 2008-11-25 22:37 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\BitDefender

2008-11-25 22:13 . 2008-11-25 22:13 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-11-25 22:13 . 2008-11-25 22:16 <DIR> d-------- c:\arquivos de programas\NitroPC

2008-11-25 21:59 . 2008-11-25 21:59 <DIR> d-------- c:\documents and settings\Anacleton\Dados de aplicativos\Pointstone

2008-11-25 21:57 . 2008-11-25 21:57 <DIR> d-------- c:\arquivos de programas\Marcos Velasco Security

2008-11-25 21:56 . 2008-11-25 21:56 <DIR> d-------- c:\arquivos de programas\Pointstone

2008-11-25 21:56 . 2008-12-08 23:34 <DIR> d-------- c:\arquivos de programas\Megacubo

2008-11-25 21:56 . 2008-11-25 21:56 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Pointstone

2008-11-25 21:55 . 2008-11-25 21:55 <DIR> d-------- c:\arquivos de programas\Foxit Software

2008-11-25 21:49 . 2008-11-25 21:49 <DIR> d-------- c:\documents and settings\Anacleton\Dados de aplicativos\Ashampoo

2008-11-25 21:48 . 2008-11-25 21:48 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\ashampoo

2008-11-25 21:48 . 2008-11-25 21:48 <DIR> d-------- c:\arquivos de programas\Ashampoo

2008-11-25 21:44 . 2008-11-25 21:47 <DIR> d-------- c:\arquivos de programas\Winamp

2008-11-25 21:44 . 2008-11-25 21:44 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack

2008-11-25 21:43 . 2008-11-25 21:43 <DIR> d-------- c:\arquivos de programas\Real Alternative

2008-11-25 21:35 . 2008-11-25 21:35 <DIR> d-------- c:\windows\SHELLNEW

2008-11-25 21:35 . 2008-11-25 21:35 <DIR> d-------- c:\arquivos de programas\Microsoft.NET

2008-11-25 21:35 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll

2008-11-25 21:35 . 2008-11-25 21:35 421 --a------ c:\windows\ODBC.INI

2008-11-25 21:33 . 2008-11-25 21:33 <DIR> dr-h----- C:\MSOCache

2008-11-25 21:16 . 2008-11-25 21:16 20 --a------ c:\windows\twain.dat

2008-11-25 21:14 . 2008-12-01 15:57 <DIR> d-------- c:\arquivos de programas\Anyplace Control

2008-11-25 21:14 . 2008-11-25 23:17 47 --a------ c:\windows\anyplace-control.ini

2008-11-25 21:12 . 2008-11-25 21:12 14 --a------ c:\windows\system32\getfile.dat

2008-11-25 21:12 . 2008-11-25 21:12 0 --a------ c:\windows\system32\x_dtrace_log

2008-11-25 17:38 . 2008-11-25 21:11 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Softwin

2008-11-25 17:27 . 2008-11-25 17:27 <DIR> d--hs---- c:\windows\system32\PdmHist

2008-11-25 17:23 . 2008-12-12 10:50 <DIR> d-------- c:\arquivos de programas\Kaspersky Lab

2008-11-25 17:20 . 2008-11-25 17:20 <DIR> d----c--- c:\windows\system32\DRVSTORE

2008-11-25 17:20 . 2008-11-25 17:20 <DIR> d-------- c:\documents and settings\Anacleton\Dados de aplicativos\InstallShield

2008-11-25 17:20 . 2008-11-25 17:20 <DIR> d-------- c:\arquivos de programas\RALINK

2008-11-25 17:20 . 2007-05-14 22:03 445,696 --a------ c:\windows\system32\drivers\rt73.sys

2008-11-25 17:20 . 2008-11-25 17:20 21,419 --a------ c:\windows\system32\drivers\AegisP.sys

2008-11-25 17:15 . 2008-11-25 17:15 <DIR> d-------- c:\arquivos de programas\VS Revo Group

2008-11-25 17:08 . 2008-12-14 19:16 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-11-25 17:07 . 2008-11-25 17:07 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-11-25 17:00 . 2008-11-25 17:00 <DIR> d-------- c:\windows\system32\Lang

2008-11-25 17:00 . 2008-11-25 17:00 940,794 --a------ c:\windows\system32\LoopyMusic.wav

2008-11-25 17:00 . 2008-11-25 17:00 146,650 --a------ c:\windows\system32\BuzzingBee.wav

2008-11-25 17:00 . 2005-11-28 01:56 143,360 -ra------ c:\windows\system32\igfxres.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-26 02:06 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2008-11-25 21:20 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-25 20:58 315,392 ----a-w c:\windows\HideWin.exe

2008-11-25 20:58 --------- d-----w c:\arquivos de programas\Realtek

2008-11-25 20:58 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2008-11-25 20:55 --------- d-----w c:\arquivos de programas\Intel

2008-11-25 20:50 --------- d-----w c:\arquivos de programas\MSXML 6.0

2008-11-25 20:50 --------- d-----w c:\arquivos de programas\MSXML 4.0

2008-11-25 20:48 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-11-25 20:47 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2008-10-09 19:31 192,512 ----a-w c:\windows\system32\txmlutil.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-07-21 15360]

"vamsoft"="c:\windows\system32\vamsoft.exe" [2008-12-17 114076]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"BDAgent"="c:\arquivos de programas\BitDefender\BitDefender 2009\bdagent.exe" [2008-10-30 741376]

"BitDefender Antiphishing Helper"="c:\arquivos de programas\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-12-16 136600]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Ralink Wireless Utility.lnk - c:\arquivos de programas\RALINK\Common\RaUI.exe [2008-11-25 2101248]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]

S3 Arrakis3;BitDefender Arrakis Server;"c:\arquivos de programas\Arquivos comuns\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" [2008-07-17 118784]

S3 AVPsys;AVPsys; []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

*Newly Created Service* - PROCEXP90

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: {226C57D6-1505-40F5-A4CC-F51730543B2A} = 192.168.0.1,200.221.11.100

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-17 13:00:54

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-12-17 13:01:28

ComboFix-quarantined-files.txt 2008-12-17 17:01:26

Pré-execução: 7,020,990,464 bytes disponíveis

Pós execução: 7,087,644,672 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

210

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não foi pedido o log do ComboFix.

Faça o download de DDS e salve no desktop.

  • Temporariamente desative os seus programas de proteção.
  • Duplo clique em dds.scr.
  • Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
  • Quando terminar, o DDS.txt irá abrir.
  • Surgirá também uma nova caixa "D.D.S - Optional_Scan", clique em Sim.
  • Uma nova janela do Bloco de Notas irá abrir com o log "Attach.txt".
  • Uma caixa final irá surgir, clique em OK.
  • Salve ambos os resultados (DDS.txt e Attach.txt) e cole-os na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×