×
×
Ir ao conteúdo
  • Cadastre-se

Analisem por favor!


Posts recomendados

Olá pessoal, estou aqui para que vocês se puderem.. possam estar me ajudando. É o seguinte, peguei um virus que me impede de abrir qualquer arquivo .exe (ou seja, quase tudo) foi criado um papel de parede escrito WARNING e outras coisas... consigui entrar no site pelo modo seguro com rede.. estou aqui no aguardo. Abraço!

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK

Run by Administrador at 12:59:13,50 on s b 01/08/2009

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1279.883 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\Explorer.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\csrcs.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\net.exe

C:\Documents and Settings\Administrador\Desktop\Operação Vírus\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mURLSearchHooks: H - No File

mWinlogon: Shell=Explorer.exe csrcs.exe

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,c:\windows\system32\bndmss.exe,c:\docume~1\tea45~1\config~1\temp\867.exe,c:\docume~1\tea45~1\config~1\temp\444.exe

mWinlogon: Taskman=c:\recycler\s-1-5-21-7917415899-4442237792-249019742-0698\wmiprvse.exe

BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\arquivos de programas\java\jre6\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\arquivos de programas\daemon tools toolbar\DTToolbar.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRunOnce: [NeroHomeFirstStart] c:\arquivos de programas\arquivos comuns\ahead\lib\NMFirstStart.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [soundMan] SOUNDMAN.EXE

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\qttask.exe" -atboottime

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [reader_s] c:\windows\system32\reader_s.exe

mRun: [Microsoft® System Manager] c:\windows\system32\sysmgr.exe

mRun: [Windows Network Data Management System Service] "c:\docume~1\tea45~1\config~1\temp\444.exe" *

mRun: [14626874] c:\documents and settings\all users\dados de aplicativos\14626874\14626874.exe

mRun: [cftu] c:\windows\system32\cftu.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRunServices: [cftu] c:\windows\system32\cftu.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

mExplorerRun: [cftu] c:\windows\system32\cftu.exe

mExplorerRun: [csrcs] c:\windows\system32\csrcs.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

TCP: {37896977-F821-4424-BD40-E4188205003A} = 200.204.0.10,200.204.0.138

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: hook dll rising: {bb4c402f-882a-4526-8c08-51278ea437c1} - c:\windows\system32\e8main0.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\6blopg20.default\

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-31 108552]

S1 8e4c333c;8e4c333c;c:\windows\system32\drivers\8e4c333c.sys [2009-7-31 89804]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-31 335240]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-31 27784]

S1 glaide32;glaide32;c:\windows\system32\drivers\glaide32.sys [2009-7-31 107724]

S2 avg8wd;AVG Free8 WatchDog;d:\arquiv~1\avg\avg8\avgwdsvc.exe [2009-7-31 297752]

S2 bndmss;Windows Network Data Management System Service;c:\windows\system32\bndmss.exe --> c:\windows\system32\bndmss.exe [?]

S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-3-10 2560]

S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]

=============== Created Last 30 ================

2009-08-01 12:52 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Wise Installation Wizard

2009-08-01 12:47 0 a--shr-- C:\khv

2009-08-01 12:39 55 ---shr-- C:\autorun.inf

2009-08-01 12:12 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Sports Interactive

2009-08-01 11:28 244 a---h--- C:\sqmnoopt07.sqm

2009-08-01 11:28 232 a---h--- C:\sqmdata07.sqm

2009-07-31 17:28 134,656 a------- c:\windows\msc.exe

2009-07-31 17:10 10,240 a------- C:\pxhojtod.exe

2009-07-31 17:08 0 a------- c:\windows\system32\commonpriv.log.lock

2009-07-31 16:49 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-07-31 16:49 108,552 a------- c:\windows\system32\drivers\avgtdix.sys

2009-07-31 16:49 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-07-31 16:49 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-07-31 13:23 138,752 a------- c:\windows\msb.exe

2009-07-31 13:23 380 a------- c:\windows\system32\946344

2009-07-31 13:21 10,240 a------- C:\khqsqeg.exe

2009-07-31 13:15 533,198 a------- c:\windows\system32\cftu.exe

2009-07-31 13:12 107,724 a------- c:\windows\system32\drivers\glaide32.sys

2009-07-31 11:30 705 a------- C:\wmcqqk.exe

2009-07-31 11:30 89,600 a------- C:\mktrrepj.exe

2009-07-31 11:30 220,299 a------- C:\xlhxx.exe

2009-07-31 11:30 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\14626874

2009-07-31 11:30 138,752 a------- c:\windows\msa.exe

2009-07-31 11:29 142,340 a------- c:\windows\system32\msxml71.dll

2009-07-31 11:29 380 a------- c:\windows\system32\529261

2009-07-31 11:29 705 a------- C:\lype.exe

2009-07-31 11:29 89,804 a------- c:\windows\system32\drivers\8e4c333c.sys

2009-07-31 11:29 89,600 a------- C:\knvpd.exe

2009-07-31 11:28 203,517 a------- C:\blbweld.exe

2009-07-30 22:20 244 a---h--- C:\sqmnoopt06.sqm

2009-07-30 22:20 232 a---h--- C:\sqmdata06.sqm

2009-07-30 18:30 244 a---h--- C:\sqmnoopt05.sqm

2009-07-30 18:30 232 a---h--- C:\sqmdata05.sqm

2009-07-30 16:39 268 a---h--- C:\sqmdata04.sqm

2009-07-30 16:39 244 a---h--- C:\sqmnoopt04.sqm

2009-07-30 14:18 244 a---h--- C:\sqmnoopt03.sqm

2009-07-30 14:18 232 a---h--- C:\sqmdata03.sqm

2009-07-30 14:17 244 a---h--- C:\sqmnoopt02.sqm

2009-07-30 14:17 232 a---h--- C:\sqmdata02.sqm

2009-07-28 22:29 169 a------- c:\windows\RtlRack.ini

2009-07-28 22:27 102,554 a------- c:\windows\system32\msvcrt2.dll

2009-07-28 10:33 27,136 a------- C:\metrison.exe

2009-07-28 10:32 198,699 a------- C:\rkqwmn.exe

2009-07-28 10:31 <DIR> --dsh--- c:\windows\system32\lowsec

2009-07-27 23:34 108,530 ---shr-- C:\mb9x.exe

2009-07-26 15:27 108,204 ---shr-- C:\hm1bfpuj.exe

2009-07-24 16:37 106,496 a------- c:\windows\system32\mouse.exe

2009-07-24 15:05 108,281 ---shr-- C:\xs6kpr0.exe

2009-07-21 23:12 65,536 a------- c:\windows\system32\drivers\vsfoceotfuwbpe.sys

2009-07-21 23:12 36,864 ---shr-- c:\windows\system32\flashd32.dll

2009-07-21 23:11 182,656 ac------ c:\windows\system32\dllcache\ndis.sys

2009-07-21 23:11 705 a------- C:\fqwttqw.exe

2009-07-21 23:11 705 a------- C:\rwknrwld.exe

2009-07-21 23:11 2 a------- C:\348267001

2009-07-21 23:11 12,288 a------- C:\cfmrsrsj.exe

2009-07-21 23:11 12,800 a------- c:\windows\system32\ubb.exe

2009-07-21 23:11 2,686 a--shr-- c:\windows\system32\autorun.in

2009-07-21 23:11 939 a--shr-- c:\windows\system32\autorun.i

2009-07-18 11:26 <DIR> --d-h--- C:\$AVG8.VAULT$

2009-07-18 02:05 107,672 ---shr-- C:\w9hw8.exe

2009-07-18 01:08 <DIR> --d----- c:\arquivos de programas\CCleaner

2009-07-08 22:57 0 a--shr-- C:\khu

2009-07-03 12:35 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Sports Interactive

2009-07-03 12:20 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll

2009-07-03 12:15 <DIR> --d-h--- c:\arquivos de programas\Zero G Registry

2009-07-02 14:59 105,984 ---shr-- c:\windows\system32\nmdfgds0.dll

==================== Find3M ====================

2009-07-21 23:11 182,656 a------- c:\windows\system32\drivers\ndis.sys

2009-07-02 22:20 105,984 ---shr-- c:\windows\system32\nmdfgds1.dll

2009-07-02 12:47 105,984 ---shr-- c:\windows\system32\nmdfgds2.dll

2009-06-29 12:58 827,392 a------- c:\windows\system32\wininet.dll

2009-06-29 12:58 78,336 a------- c:\windows\system32\ieencode.dll

2009-06-29 12:58 17,408 a------- c:\windows\system32\corpol.dll

2009-06-16 11:39 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 11:39 81,920 a------- c:\windows\system32\fontsub.dll

2009-06-03 16:10 1,295,872 a------- c:\windows\system32\quartz.dll

2009-05-07 12:33 347,136 a------- c:\windows\system32\localspl.dll

2009-05-02 17:26 32 a----r-- c:\documents and settings\all users\hash.dat

2008-04-13 11:19 533,198 a--shr-- c:\windows\system32\csrcs.exe

============= FINISH: 12:59:49,15 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/9/2008 14:32:19

System Uptime: 8/1/2009 12:40:58 (4920 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5S800-VM

Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 2992/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 29 GiB total, 6,536 GiB free.

D: is FIXED (NTFS) - 99 GiB total, 20,987 GiB free.

E: is CDROM ()

F: is CDROM ()

H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.4 - Português

Adobe Shockwave Player 11.5

Agere Systems PCI Soft Modem

AOEMView 2008

Apple Software Update

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização Crítica para o Windows Media Player 11 (KB959772)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player 11 (KB936782)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 7 (KB963027)

Atualização de Segurança para Windows Internet Explorer 7 (KB969897)

Atualização de Segurança para Windows Internet Explorer 7 (KB972260)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB953839)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956391)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB957095)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958690)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960715)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB961371)

Atualização de Segurança para Windows XP (KB961373)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969898)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB973346)

Atualização para Windows XP (KB951072-v2)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB967715)

Autodesk Data Management Server 2008

Autodesk Design Review 2008

Autodesk Inventor Professional 2008

Autodesk Vault 2008

CCleaner (remove only)

DAEMON Tools Toolbar

DWG TrueView 2007

Football Manager 2009

FormatFactory

FormatFactory 1.80

FrostWire 4.17.0

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

Java 6 Update 11

Java 6 Update 7

LG USB Modem driver

Messenger Plus! Live

Microsoft .NET Framework 2.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edição 2003

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft WSE 3.0 Runtime

Mozilla Firefox (3.0.11)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 6.0 Parser

Nero 7 Ultra Edition

neroxml

NVIDIA Drivers

PowerDVD

Pro Evolution Soccer 2009

QuickTime

Real Alternative 1.9.0

Realtek AC'97 Audio

Riva FLV Player

Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)

SopCast 3.0.3

System Requirements Lab

VBA (2627.01)

VDownloader 0.77

WebFldrs XP

WinAVI MP4 Converter

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Live installer

Windows Live Mail

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows XP Service Pack 3

Xvid 1.1.3 final uninstall

==== End Of File ===========================

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Leia o tópico "Leia Antes de Postar" e poste os logs solicitados.

Link para o comentário
Compartilhar em outros sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/9/2008 14:32:19

System Uptime: 8/1/2009 12:40:58 (4920 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5S800-VM

Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 2992/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 29 GiB total, 6,536 GiB free.

D: is FIXED (NTFS) - 99 GiB total, 20,987 GiB free.

E: is CDROM ()

F: is CDROM ()

H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.4 - Português

Adobe Shockwave Player 11.5

Agere Systems PCI Soft Modem

AOEMView 2008

Apple Software Update

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização Crítica para o Windows Media Player 11 (KB959772)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player 11 (KB936782)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 7 (KB963027)

Atualização de Segurança para Windows Internet Explorer 7 (KB969897)

Atualização de Segurança para Windows Internet Explorer 7 (KB972260)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB953839)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956391)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB957095)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958690)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960715)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB961371)

Atualização de Segurança para Windows XP (KB961373)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969898)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB973346)

Atualização para Windows XP (KB951072-v2)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB967715)

Autodesk Data Management Server 2008

Autodesk Design Review 2008

Autodesk Inventor Professional 2008

Autodesk Vault 2008

CCleaner (remove only)

DAEMON Tools Toolbar

DWG TrueView 2007

Football Manager 2009

FormatFactory

FormatFactory 1.80

FrostWire 4.17.0

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

Java 6 Update 11

Java 6 Update 7

LG USB Modem driver

Messenger Plus! Live

Microsoft .NET Framework 2.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edição 2003

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft WSE 3.0 Runtime

Mozilla Firefox (3.0.11)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 6.0 Parser

Nero 7 Ultra Edition

neroxml

NVIDIA Drivers

PowerDVD

Pro Evolution Soccer 2009

QuickTime

Real Alternative 1.9.0

Realtek AC'97 Audio

Riva FLV Player

Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)

SopCast 3.0.3

System Requirements Lab

VBA (2627.01)

VDownloader 0.77

WebFldrs XP

WinAVI MP4 Converter

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Live installer

Windows Live Mail

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows XP Service Pack 3

Xvid 1.1.3 final uninstall

==== End Of File ===========================

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Por gentileza, não edite seu post, sempre use o botão RESPONDER.

Vejo que você tem uma infecção por backdoor. Este programa tem a capacidade de roubar senhas e outras informações do seu computador. Recomendo que tome essas seguintes providências o quanto antes:

  • Informe seu banco do ocorrido, caso use banco pela internet, tomando as devidas precauções para que não haja fraudes.
  • Após eu dar o log como limpo troque suas senhas de e-mails e demais serviços que usa pela internet.
  • Considere informações que possam ter sido roubadas de seu computador e tome as providências necessárias.

Agora vamos a remoção.

Faça o download do Malwarebytes Anti-Malware:

Link1

Link alternativo

Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.

  • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
  • Se existirem atualizações, elas serão baixadas e instaladas.
  • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
  • O scan iniciará e poderá ser demorado. Por favor seja paciente.
  • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
  • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
  • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
  • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
  • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Por gentileza, não edite seu post, sempre use o botão RESPONDER.

Vejo que você tem uma infecção por backdoor. Este programa tem a capacidade de roubar senhas e outras informações do seu computador. Recomendo que tome essas seguintes providências o quanto antes:

  • Informe seu banco do ocorrido, caso use banco pela internet, tomando as devidas precauções para que não haja fraudes.
  • Após eu dar o log como limpo troque suas senhas de e-mails e demais serviços que usa pela internet.
  • Considere informações que possam ter sido roubadas de seu computador e tome as providências necessárias.

Agora vamos a remoção.

Faça o download do Malwarebytes Anti-Malware:

Link1

Link alternativo

Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.

  • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
  • Se existirem atualizações, elas serão baixadas e instaladas.
  • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
  • O scan iniciará e poderá ser demorado. Por favor seja paciente.
  • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
  • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
  • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
  • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
  • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Link para o comentário
Compartilhar em outros sites

Muito obrigado Renato, felizmente não usava o sistema de banco online...mais mesmo assim vou trocar as minhas senhas..

Tipo de Verificação: Rápida

Objetos verificados: 91348

Tempo decorrido: 5 minute(s), 21 second(s)

Processos da Memória infectados: 1

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 7

Valores do Registro infectados: 5

Ítens do Registro infectados: 4

Pastas infectadas: 3

Arquivos infectados: 49

Processos da Memória infectados:

C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Unloaded process successfully.

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{83fda784-0154-418f-810b-f1839272c361} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\14626874 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,C:\WINDOWS\system32\bndmss.exe,C:\DOCUME~1\TEA45~1\CONFIG~1\Temp\867.exe,C:\DOCUME~1\TEA45~1\CONFIG~1\Temp\444.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Pastas infectadas:

C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\T®\Menu Iniciar\Programas\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Arquivos infectados:

C:\Documents and Settings\All Users\Dados de aplicativos\14626874\14626874.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

c:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\msc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\flashd32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\drivers\vsfoceotfuwbpe.sys (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\blbweld.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\cfmrsrsj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\hm1bfpuj.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\khqsqeg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\knvpd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\metrison.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\mktrrepj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\rkqwmn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\RECYCLER\s-1-5-21-0167562501-6413691741-243542316-2003\wnzip32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\RECYCLER\s-1-5-21-1969853201-1785062144-572366210-2522\wnzip32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\RECYCLER\s-1-5-21-7129120389-1076724246-075832322-2518\wnzip32.exe (Malware.Packer) -> Quarantined and deleted successfully.

c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\documents and settings\T®\menu iniciar\programas\system security\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.

c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.

c:\WINDOWS\msd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\BN26.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\BN27.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\BN28.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\BN29.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\BN2A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\BN2B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\BN2C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\BN4A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.

c:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\nmdfgds2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

C:\m0vnonh.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msvcrt2.dll (Trojan.Donbot) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\xlhxx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Poste novo log do DDS.

Link para o comentário
Compartilhar em outros sites

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\csrcs.exe

C:\Documents and Settings\Administrador\Desktop\Operação Vírus\dds.scr

============== Pseudo HJT Report ===============

mURLSearchHooks: H - No File

mWinlogon: Shell=Explorer.exe csrcs.exe

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,

mWinlogon: Taskman=c:\recycler\s-1-5-21-8586180435-5834276328-913348855-5922\yv8g67.exe

BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\arquivos de programas\java\jre6\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\arquivos de programas\daemon tools toolbar\DTToolbar.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Barra de Ferramentas &Crawler: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\arquiv~1\crawler\toolbar\ctbr.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [spywareTerminatorUpdate] "c:\arquivos de programas\spyware terminator\SpywareTerminatorUpdate.exe"

uRunOnce: [NeroHomeFirstStart] c:\arquivos de programas\arquivos comuns\ahead\lib\NMFirstStart.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [soundMan] SOUNDMAN.EXE

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\qttask.exe" -atboottime

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [spywareTerminator] "c:\arquivos de programas\spyware terminator\SpywareTerminatorShield.exe"

mRun: [MicrosoftNAPC] c:\windows\sysdiag64.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

mExplorerRun: [MicrosoftCorp] c:\windows\sysdiag64.exe

mExplorerRun: [csrcs] c:\windows\system32\csrcs.exe

IE: Crawler Search - tbr:iemenu

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

TCP: {37896977-F821-4424-BD40-E4188205003A} = 200.204.0.10,200.204.0.138

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\crawler\toolbar\ctbr.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\6blopg20.default\

FF - component: c:\arquivos de programas\crawler\toolbar\firefox\components\xcomm.dll

FF - component: c:\arquivos de programas\crawler\toolbar\firefox\components\xshared.dll

FF - component: c:\arquivos de programas\crawler\toolbar\firefox\components\xsupport.dll

FF - component: c:\arquivos de programas\crawler\toolbar\firefox\components\xwsg.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-31 108552]

S1 6653dd44;6653dd44;c:\windows\system32\drivers\6653dd44.sys [2009-8-4 111692]

S1 8e4c333c;8e4c333c;c:\windows\system32\drivers\8e4c333c.sys [2009-7-31 89804]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-31 335240]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-31 27784]

S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-8-2 142592]

S2 avg8wd;AVG Free8 WatchDog;d:\arquiv~1\avg\avg8\avgwdsvc.exe [2009-7-31 297752]

S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-3-10 2560]

S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]

=============== Created Last 30 ================

2009-08-04 15:58 111,692 a------- c:\windows\system32\drivers\6653dd44.sys

2009-08-03 22:47 0 a--shr-- C:\khv

2009-08-03 14:41 <DIR> --dsh--- c:\windows\system32\lowsec

2009-08-03 02:45 8 a------- c:\windows\system32\DROPPEDFILEOK.tmp

2009-08-03 00:09 253,987 ---shr-- c:\windows\sysdiag64.exe

2009-08-02 20:13 <DIR> --d----- c:\arquivos de programas\WinClamAVShield

2009-08-02 20:02 244 a---h--- C:\sqmnoopt13.sqm

2009-08-02 20:02 232 a---h--- C:\sqmdata13.sqm

2009-08-02 20:01 244 a---h--- C:\sqmnoopt12.sqm

2009-08-02 20:01 232 a---h--- C:\sqmdata12.sqm

2009-08-02 13:37 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Malwarebytes

2009-08-02 13:37 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-02 13:37 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-08-02 13:37 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-08-02 13:37 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-08-02 02:56 244 a---h--- C:\sqmnoopt11.sqm

2009-08-02 02:56 232 a---h--- C:\sqmdata11.sqm

2009-08-02 02:13 <DIR> --d----- c:\arquivos de programas\Crawler

2009-08-02 02:13 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys

2009-08-02 02:13 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Spyware Terminator

2009-08-02 02:13 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spyware Terminator

2009-08-02 02:13 <DIR> --d----- c:\arquivos de programas\Spyware Terminator

2009-08-01 15:42 244 a---h--- C:\sqmnoopt10.sqm

2009-08-01 15:42 232 a---h--- C:\sqmdata10.sqm

2009-08-01 13:15 244 a---h--- C:\sqmnoopt09.sqm

2009-08-01 13:15 232 a---h--- C:\sqmdata09.sqm

2009-08-01 13:13 244 a---h--- C:\sqmnoopt08.sqm

2009-08-01 13:13 232 a---h--- C:\sqmdata08.sqm

2009-08-01 12:52 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Wise Installation Wizard

2009-08-01 12:12 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Sports Interactive

2009-08-01 11:28 244 a---h--- C:\sqmnoopt07.sqm

2009-08-01 11:28 232 a---h--- C:\sqmdata07.sqm

2009-07-31 17:08 1,024,088 a------- c:\windows\system32\commonpriv.log.2

2009-07-31 17:08 1,024,010 a------- c:\windows\system32\commonpriv.log.1

2009-07-31 17:08 0 a------- c:\windows\system32\commonpriv.log.lock

2009-07-31 16:49 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-07-31 16:49 108,552 a------- c:\windows\system32\drivers\avgtdix.sys

2009-07-31 16:49 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-07-31 16:49 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-07-31 13:23 380 a------- c:\windows\system32\946344

2009-07-31 11:30 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\14626874

2009-07-31 11:29 380 a------- c:\windows\system32\529261

2009-07-31 11:29 89,804 a------- c:\windows\system32\drivers\8e4c333c.sys

2009-07-30 22:20 244 a---h--- C:\sqmnoopt06.sqm

2009-07-30 22:20 232 a---h--- C:\sqmdata06.sqm

2009-07-30 18:30 244 a---h--- C:\sqmnoopt05.sqm

2009-07-30 18:30 232 a---h--- C:\sqmdata05.sqm

2009-07-30 16:39 268 a---h--- C:\sqmdata04.sqm

2009-07-30 16:39 244 a---h--- C:\sqmnoopt04.sqm

2009-07-30 14:18 244 a---h--- C:\sqmnoopt03.sqm

2009-07-30 14:18 232 a---h--- C:\sqmdata03.sqm

2009-07-30 14:17 244 a---h--- C:\sqmnoopt02.sqm

2009-07-30 14:17 232 a---h--- C:\sqmdata02.sqm

2009-07-28 22:29 169 a------- c:\windows\RtlRack.ini

2009-07-24 16:37 106,496 a------- c:\windows\system32\mouse.exe

2009-07-24 15:05 108,281 ---shr-- C:\xs6kpr0.exe

2009-07-21 23:11 182,656 ac------ c:\windows\system32\dllcache\ndis.sys

2009-07-21 23:11 2,686 a--shr-- c:\windows\system32\autorun.in

2009-07-21 23:11 939 a--shr-- c:\windows\system32\autorun.i

2009-07-18 11:26 <DIR> --d-h--- C:\$AVG8.VAULT$

2009-07-18 02:05 107,672 ---shr-- C:\w9hw8.exe

2009-07-18 01:08 <DIR> --d----- c:\arquivos de programas\CCleaner

2009-07-08 22:57 0 a--shr-- C:\khu

==================== Find3M ====================

2009-07-21 23:11 182,656 a------- c:\windows\system32\drivers\ndis.sys

2009-06-29 12:58 827,392 a------- c:\windows\system32\wininet.dll

2009-06-29 12:58 78,336 a------- c:\windows\system32\ieencode.dll

2009-06-29 12:58 17,408 a------- c:\windows\system32\corpol.dll

2009-06-16 11:39 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 11:39 81,920 a------- c:\windows\system32\fontsub.dll

2009-06-03 16:10 1,295,872 a------- c:\windows\system32\quartz.dll

2009-05-07 12:33 347,136 a------- c:\windows\system32\localspl.dll

2009-05-02 17:26 32 a----r-- c:\documents and settings\all users\hash.dat

2008-04-13 22:44 519,318 a--shr-- c:\windows\system32\csrcs.exe

============= FINISH: 17:44:10,53 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/9/2008 14:32:19

System Uptime: 8/4/2009 17:42:25 (2832 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5S800-VM

Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 2992/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 29 GiB total, 6,109 GiB free.

D: is FIXED (NTFS) - 99 GiB total, 22,686 GiB free.

E: is CDROM ()

F: is CDROM ()

H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.4 - Português

Adobe Shockwave Player 11.5

Agere Systems PCI Soft Modem

AOEMView 2008

Apple Software Update

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização Crítica para o Windows Media Player 11 (KB959772)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player 11 (KB936782)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 7 (KB963027)

Atualização de Segurança para Windows Internet Explorer 7 (KB969897)

Atualização de Segurança para Windows Internet Explorer 7 (KB972260)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB953839)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956391)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB957095)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958690)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960715)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB961371)

Atualização de Segurança para Windows XP (KB961373)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969898)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB973346)

Atualização para Windows XP (KB951072-v2)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB967715)

Autodesk Data Management Server 2008

Autodesk Design Review 2008

Autodesk Inventor Professional 2008

Autodesk Vault 2008

CCleaner (remove only)

Crawler Toolbar with Web Security Guard

DAEMON Tools Toolbar

DWG TrueView 2007

Football Manager 2009

FormatFactory

FormatFactory 1.80

FrostWire 4.17.0

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

Java 6 Update 11

Java 6 Update 7

LG USB Modem driver

Malwarebytes' Anti-Malware

Messenger Plus! Live

Microsoft .NET Framework 2.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edição 2003

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft WSE 3.0 Runtime

Mozilla Firefox (3.0.11)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 6.0 Parser

Nero 7 Ultra Edition

neroxml

NVIDIA Drivers

PowerDVD

Pro Evolution Soccer 2009

QuickTime

Real Alternative 1.9.0

Realtek AC'97 Audio

Riva FLV Player

Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)

SopCast 3.0.3

Spyware Terminator

System Requirements Lab

VBA (2627.01)

VDownloader 0.77

WebFldrs XP

WinAVI MP4 Converter

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Live installer

Windows Live Mail

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows XP Service Pack 3

Xvid 1.1.3 final uninstall

==== End Of File ===========================

Link para o comentário
Compartilhar em outros sites

  • Coordenador

O log do DDS está incompleto.

Link para o comentário
Compartilhar em outros sites

Se você precisar do Gmer eu providencio.

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK

Run by Administrador at 19:29:57,78 on qui 06/08/2009

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.757 [GMT -3:00]

AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\csrcs.exe

C:\Documents and Settings\Administrador\Desktop\Operação Vírus\dds.scr

============== Pseudo HJT Report ===============

mURLSearchHooks: H - No File

mWinlogon: Shell=Explorer.exe csrcs.exe

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,

mWinlogon: Taskman=c:\recycler\s-1-5-21-8586180435-5834276328-913348855-5922\yv8g67.exe

BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\arquivos de programas\java\jre6\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\arquivos de programas\daemon tools toolbar\DTToolbar.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Barra de Ferramentas &Crawler: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\arquiv~1\crawler\toolbar\ctbr.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [spywareTerminatorUpdate] "c:\arquivos de programas\spyware terminator\SpywareTerminatorUpdate.exe"

uRunOnce: [NeroHomeFirstStart] c:\arquivos de programas\arquivos comuns\ahead\lib\NMFirstStart.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [soundMan] SOUNDMAN.EXE

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\qttask.exe" -atboottime

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [spywareTerminator] "c:\arquivos de programas\spyware terminator\SpywareTerminatorShield.exe"

mRun: [MicrosoftNAPC] c:\windows\sysdiag64.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Microsoft® System Manager] c:\windows\system32\sysmgr.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

mExplorerRun: [MicrosoftCorp] c:\windows\sysdiag64.exe

mExplorerRun: [csrcs] c:\windows\system32\csrcs.exe

IE: Crawler Search - tbr:iemenu

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

TCP: {37896977-F821-4424-BD40-E4188205003A} = 200.204.0.10,200.204.0.138

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\crawler\toolbar\ctbr.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\6blopg20.default\

FF - component: c:\arquivos de programas\crawler\toolbar\firefox\components\xcomm.dll

FF - component: c:\arquivos de programas\crawler\toolbar\firefox\components\xshared.dll

FF - component: c:\arquivos de programas\crawler\toolbar\firefox\components\xsupport.dll

FF - component: c:\arquivos de programas\crawler\toolbar\firefox\components\xwsg.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-31 108552]

S1 6653dd44;6653dd44;c:\windows\system32\drivers\6653dd44.sys [2009-8-4 111692]

S1 8e4c333c;8e4c333c;c:\windows\system32\drivers\8e4c333c.sys [2009-7-31 89804]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-31 335240]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-31 27784]

S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-8-2 142592]

S2 avg8wd;AVG Free8 WatchDog;d:\arquiv~1\avg\avg8\avgwdsvc.exe [2009-7-31 297752]

S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-3-10 2560]

S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]

=============== Created Last 30 ================

2009-08-06 15:28 102,749 a------- c:\windows\system32\msvcrt2.dll

2009-08-06 15:28 60,416 a------- c:\windows\system32\sysmgr.exe

2009-08-06 10:54 27,136 a------- C:\ibts.exe

2009-08-06 10:54 53,248 a------- C:\phheq.exe

2009-08-06 10:53 215,451 a------- C:\vkywt.exe

2009-08-06 10:53 2 a------- C:\348267001

2009-08-06 10:52 9,728 a------- C:\ifrsmauy.exe

2009-08-06 10:51 0 a--shr-- C:\khv

2009-08-05 11:02 244 a---h--- C:\sqmnoopt14.sqm

2009-08-05 11:02 232 a---h--- C:\sqmdata14.sqm

2009-08-04 15:58 111,692 a------- c:\windows\system32\drivers\6653dd44.sys

2009-08-03 14:41 <DIR> --dsh--- c:\windows\system32\lowsec

2009-08-03 02:45 8 a------- c:\windows\system32\DROPPEDFILEOK.tmp

2009-08-03 00:09 253,987 ---shr-- c:\windows\sysdiag64.exe

2009-08-02 20:13 <DIR> --d----- c:\arquivos de programas\WinClamAVShield

2009-08-02 20:02 244 a---h--- C:\sqmnoopt13.sqm

2009-08-02 20:02 232 a---h--- C:\sqmdata13.sqm

2009-08-02 20:01 244 a---h--- C:\sqmnoopt12.sqm

2009-08-02 20:01 232 a---h--- C:\sqmdata12.sqm

2009-08-02 13:37 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Malwarebytes

2009-08-02 13:37 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-02 13:37 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-08-02 13:37 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-08-02 13:37 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-08-02 02:56 244 a---h--- C:\sqmnoopt11.sqm

2009-08-02 02:56 232 a---h--- C:\sqmdata11.sqm

2009-08-02 02:13 <DIR> --d----- c:\arquivos de programas\Crawler

2009-08-02 02:13 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys

2009-08-02 02:13 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Spyware Terminator

2009-08-02 02:13 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spyware Terminator

2009-08-02 02:13 <DIR> --d----- c:\arquivos de programas\Spyware Terminator

2009-08-01 15:42 244 a---h--- C:\sqmnoopt10.sqm

2009-08-01 15:42 232 a---h--- C:\sqmdata10.sqm

2009-08-01 13:15 244 a---h--- C:\sqmnoopt09.sqm

2009-08-01 13:15 232 a---h--- C:\sqmdata09.sqm

2009-08-01 13:13 244 a---h--- C:\sqmnoopt08.sqm

2009-08-01 13:13 232 a---h--- C:\sqmdata08.sqm

2009-08-01 12:52 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Wise Installation Wizard

2009-08-01 12:12 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Sports Interactive

2009-08-01 11:28 244 a---h--- C:\sqmnoopt07.sqm

2009-08-01 11:28 232 a---h--- C:\sqmdata07.sqm

2009-07-31 17:08 1,024,318 a------- c:\windows\system32\commonpriv.log.1

2009-07-31 17:08 1,024,088 a------- c:\windows\system32\commonpriv.log.3

2009-07-31 17:08 1,024,010 a------- c:\windows\system32\commonpriv.log.2

2009-07-31 17:08 0 a------- c:\windows\system32\commonpriv.log.lock

2009-07-31 16:49 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-07-31 16:49 108,552 a------- c:\windows\system32\drivers\avgtdix.sys

2009-07-31 16:49 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-07-31 16:49 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-07-31 13:23 380 a------- c:\windows\system32\946344

2009-07-31 11:30 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\14626874

2009-07-31 11:29 380 a------- c:\windows\system32\529261

2009-07-31 11:29 89,804 a------- c:\windows\system32\drivers\8e4c333c.sys

2009-07-30 22:20 244 a---h--- C:\sqmnoopt06.sqm

2009-07-30 22:20 232 a---h--- C:\sqmdata06.sqm

2009-07-30 18:30 244 a---h--- C:\sqmnoopt05.sqm

2009-07-30 18:30 232 a---h--- C:\sqmdata05.sqm

2009-07-30 16:39 268 a---h--- C:\sqmdata04.sqm

2009-07-30 16:39 244 a---h--- C:\sqmnoopt04.sqm

2009-07-30 14:18 244 a---h--- C:\sqmnoopt03.sqm

2009-07-30 14:18 232 a---h--- C:\sqmdata03.sqm

2009-07-30 14:17 244 a---h--- C:\sqmnoopt02.sqm

2009-07-30 14:17 232 a---h--- C:\sqmdata02.sqm

2009-07-28 22:29 169 a------- c:\windows\RtlRack.ini

2009-07-24 16:37 106,496 a------- c:\windows\system32\mouse.exe

2009-07-24 15:05 108,281 ---shr-- C:\xs6kpr0.exe

2009-07-21 23:11 182,656 ac------ c:\windows\system32\dllcache\ndis.sys

2009-07-21 23:11 2,686 a--shr-- c:\windows\system32\autorun.in

2009-07-21 23:11 939 a--shr-- c:\windows\system32\autorun.i

2009-07-18 11:26 <DIR> --d-h--- C:\$AVG8.VAULT$

2009-07-18 01:08 <DIR> --d----- c:\arquivos de programas\CCleaner

2009-07-08 22:57 0 a--shr-- C:\khu

==================== Find3M ====================

2009-07-21 23:11 182,656 a------- c:\windows\system32\drivers\ndis.sys

2009-06-29 12:58 827,392 a------- c:\windows\system32\wininet.dll

2009-06-29 12:58 78,336 a------- c:\windows\system32\ieencode.dll

2009-06-29 12:58 17,408 a------- c:\windows\system32\corpol.dll

2009-06-16 11:39 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 11:39 81,920 a------- c:\windows\system32\fontsub.dll

2009-06-03 16:10 1,295,872 a------- c:\windows\system32\quartz.dll

2009-05-02 17:26 32 a----r-- c:\documents and settings\all users\hash.dat

2008-04-13 10:47 526,236 a--shr-- c:\windows\system32\csrcs.exe

============= FINISH: 19:30:22,35 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/9/2008 14:32:19

System Uptime: 8/6/2009 19:28:11 (1416 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5S800-VM

Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 2992/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 29 GiB total, 5,982 GiB free.

D: is FIXED (NTFS) - 99 GiB total, 22,682 GiB free.

E: is CDROM ()

F: is CDROM ()

H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.5 - Português

Adobe Shockwave Player 11.5

Agere Systems PCI Soft Modem

AOEMView 2008

Apple Software Update

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização Crítica para o Windows Media Player 11 (KB959772)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player 11 (KB936782)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 7 (KB963027)

Atualização de Segurança para Windows Internet Explorer 7 (KB969897)

Atualização de Segurança para Windows Internet Explorer 7 (KB972260)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB953839)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956391)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB957095)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958690)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960715)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB961371)

Atualização de Segurança para Windows XP (KB961373)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969898)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB973346)

Atualização para Windows XP (KB951072-v2)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB967715)

Autodesk Data Management Server 2008

Autodesk Design Review 2008

Autodesk Inventor Professional 2008

Autodesk Vault 2008

CCleaner (remove only)

Crawler Toolbar with Web Security Guard

DAEMON Tools Toolbar

DWG TrueView 2007

Football Manager 2009

FormatFactory

FormatFactory 1.80

FrostWire 4.17.0

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

Java 6 Update 11

Java 6 Update 7

KB408682

LG USB Modem driver

Malwarebytes' Anti-Malware

Messenger Plus! Live

Microsoft .NET Framework 2.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edição 2003

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft WSE 3.0 Runtime

Mozilla Firefox (3.0.11)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 6.0 Parser

Nero 7 Ultra Edition

neroxml

NVIDIA Drivers

PowerDVD

Pro Evolution Soccer 2009

QuickTime

Real Alternative 1.9.0

Realtek AC'97 Audio

Riva FLV Player

Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)

SopCast 3.0.3

Spyware Terminator

System Requirements Lab

VBA (2627.01)

VDownloader 0.77

WebFldrs XP

WinAVI MP4 Converter

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Live installer

Windows Live Mail

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows XP Service Pack 3

Xvid 1.1.3 final uninstall

==== End Of File ===========================

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Link para o comentário
Compartilhar em outros sites

ComboFix 09-08-09.04 - T® 12/08/2009 0:32.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.572 [GMT -3:00]

Executando de: c:\documents and settings\T®\Desktop\ComboFix.exe

AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-12 to 2009-08-12 ))))))))))))))))))))))))))))

.

2009-08-08 20:13 . 2009-08-08 20:13 0 ----a-w- c:\documents and settings\T®\Dados de aplicativos\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe

2009-08-06 13:54 . 2009-08-06 13:54 27136 ----a-w- C:\ibts.exe

2009-08-02 23:13 . 2009-08-08 14:22 -------- d-----w- c:\arquivos de programas\WinClamAVShield

2009-08-02 16:54 . 2009-08-02 16:54 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\Malwarebytes

2009-08-02 16:37 . 2009-08-02 16:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-08-02 16:37 . 2009-07-13 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-02 16:37 . 2009-08-02 16:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-08-02 16:37 . 2009-08-02 16:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-08-02 16:37 . 2009-07-13 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-02 06:02 . 2009-08-11 01:40 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\Spyware Terminator

2009-08-02 05:13 . 2009-08-02 05:13 -------- d-----w- c:\arquivos de programas\Crawler

2009-08-02 05:13 . 2009-08-02 05:13 6144 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\sp_rsdel.exe

2009-08-02 05:13 . 2009-08-02 05:13 5632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\fileobjinfo.sys

2009-08-02 05:13 . 2009-08-02 05:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2009-08-02 05:13 . 2009-08-02 05:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Spyware Terminator

2009-08-02 05:13 . 2009-08-11 01:40 -------- d-----w- c:\arquivos de programas\Spyware Terminator

2009-08-02 05:13 . 2009-08-10 13:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator

2009-08-01 15:52 . 2009-08-01 15:52 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-08-01 15:12 . 2009-08-01 15:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sports Interactive

2009-07-31 19:49 . 2009-07-31 19:49 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-31 19:49 . 2009-07-31 19:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-31 19:49 . 2009-07-31 19:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-31 19:49 . 2009-07-31 19:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-07-31 19:49 . 2009-07-31 19:49 -------- d-----w- c:\windows\system32\drivers\Avg

2009-07-31 14:30 . 2009-08-02 16:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\14626874

2009-07-24 19:37 . 2009-07-24 19:38 106496 ----a-w- c:\windows\system32\mouse.exe

2009-07-22 02:11 . 2009-08-10 04:36 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys

2009-07-18 14:26 . 2009-08-08 15:02 -------- d--h--w- C:\$AVG8.VAULT$

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-12 03:15 . 2009-03-10 19:25 777 --sha-w- c:\windows\system32\mmf.sys

2009-08-11 04:51 . 2001-10-28 16:07 86012 ----a-w- c:\windows\system32\perfc016.dat

2009-08-11 04:51 . 2001-10-28 16:07 474694 ----a-w- c:\windows\system32\perfh016.dat

2009-08-10 15:24 . 2008-09-03 14:28 -------- d-----w- c:\arquivos de programas\Sports Interactive

2009-08-10 04:36 . 2004-08-04 02:14 182656 ----a-w- c:\windows\system32\drivers\ndis.sys

2009-08-09 00:20 . 2008-09-02 15:48 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\FrostWire

2009-08-04 15:14 . 2008-12-18 14:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avg8

2009-08-03 05:45 . 2009-08-03 05:45 8 ----a-w- c:\windows\system32\DROPPEDFILEOK.tmp

2009-08-01 15:12 . 2009-06-02 01:54 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-07-30 17:39 . 2008-09-02 19:22 -------- dcsh--w- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-07-30 17:33 . 2008-09-02 19:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-07-29 01:32 . 2008-09-02 15:44 -------- d-----w- c:\arquivos de programas\FrostWire

2009-07-29 01:30 . 2008-09-03 02:47 -------- d-----w- c:\arquivos de programas\LimeWire

2009-07-13 16:44 . 2008-09-02 15:42 -------- d-----w- c:\arquivos de programas\Google

2009-07-13 16:44 . 2008-09-02 15:27 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-07-06 06:07 . 2008-09-03 02:47 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\LimeWire

2009-07-06 06:07 . 2009-07-03 15:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sports Interactive

2009-07-03 15:35 . 2008-09-03 14:47 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\Sports Interactive

2009-07-03 15:15 . 2009-07-03 15:15 -------- d--h--w- c:\arquivos de programas\Zero G Registry

2009-07-02 04:40 . 2008-09-19 12:55 -------- d-----w- c:\arquivos de programas\Photo Recovery

2009-07-02 03:49 . 2009-06-27 15:45 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\gtk-2.0

2009-07-01 23:41 . 2009-07-01 20:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared

2009-06-29 15:58 . 2004-08-04 03:45 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 15:58 . 2004-08-04 03:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 15:58 . 2004-08-04 03:45 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-17 13:26 . 2008-12-26 21:04 -------- d-----w- c:\arquivos de programas\Fx MPEG Writer

2009-06-17 13:26 . 2009-04-19 16:30 -------- d-----w- c:\arquivos de programas\Real Alternative

2009-06-16 14:39 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 16:06 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-03 19:10 . 2004-08-04 03:45 1295872 ----a-w- c:\windows\system32\quartz.dll

2009-06-02 00:47 . 2009-06-02 00:47 552 ----a-w- c:\windows\system32\d3d8caps.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-08-10_04.43.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-12 03:15 . 2009-08-12 03:15 16384 c:\windows\Temp\Perflib_Perfdata_7b0.dat

+ 2001-10-28 16:07 . 2009-08-11 04:51 77262 c:\windows\system32\perfc009.dat

+ 2001-10-28 16:07 . 2009-08-11 04:51 441908 c:\windows\system32\perfh009.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminatorUpdate"="c:\arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-08-02 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-06 136600]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-01-05 413696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]

"SpywareTerminator"="c:\arquiv~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-08-02 2171904]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-27 68096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"d:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

"d:\\Arquivos de programas\\Sports Interactive\\Football Manager 2009\\fm.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/7/2009 16:49 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/7/2009 16:49 108552]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2/8/2009 02:13 142592]

R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [10/3/2009 16:25 2560]

S2 avg8wd;AVG Free8 WatchDog;d:\arquiv~1\AVG\AVG8\avgwdsvc.exe --> d:\arquiv~1\AVG\AVG8\avgwdsvc.exe [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

.

.

------- Scan Suplementar -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: crawler search - tbr:iemenu

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {37896977-F821-4424-BD40-E4188205003A} = 200.204.0.10,200.204.0.138

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\Toolbar\ctbr.dll

FF - ProfilePath - c:\documents and settings\T®\Dados de aplicativos\Mozilla\Firefox\Profiles\3iubjjbl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com/

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xcomm.dll

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xshared.dll

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xsupport.dll

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xwsg.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-12 00:35

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847]

"1"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,86,2b,9b,9b,f3,96,a9,

e9

"2"=hex:05,83,26,a9,dc,b6,17,45,de,2e,f0,41,a5,95,91,56,fe,07,ca,23,63,6c,c8,

df,a0,cb,29,a7,07,62,23,54

"3"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,39,39,6a,6e,1d,99,29,

0e,9a,9e,61,33,16,37,68,38,ee,25,f6,f1,91,9f,21,a9,58,ec,19,f6,96,30,78,09

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847\6356076A6F83BB1BBBE6B14F244E53BE]

"1"=hex:7e,63,ed,e4,ff,c6,da,b0,00,85,ab,7b,99,1c,f6,df,8b,3c,15,1f,e9,72,d8,

8c

"2"=hex:51,f1,0b,2b,54,76,7d,bf

"3"=hex:1b,64,9c,1b,09,c3,8f,b5,f2,0d,82,f6,55,36,81,3b,b1,87,6d,e6,af,a4,61,

55,f4,c1,9d,f2,f2,e7,ec,8a,d1,20,59,d2,9c,ae,88,71,91,cb,db,d9,11,d1,0e,16,\

"4"=hex:2f,ad,a2,e7,8a,bf,05,5e

"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,

1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\

"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,

51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20

"7"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,5c,6c,8a,b0,95,8d,88,

02,e9,37,15,54,28,a1,4d,91,f4,19,4f,4b,df,bd,95,c2,74,9c,18,d8,b7,e1,e6,9e,\

"8"=hex:02,80,95,16,5a,0c,20,6b,08,51,9f,b0,e2,97,33,3e,b4,4a,fa,7e,10,5c,20,

04,61,6e,a7,39,16,f7,14,87,4a,04,63,b9,c9,bb,da,d2

"9"=hex:81,20,8f,ab,28,6a,52,9c

"18"=hex:70,56,26,33,e3,20,f8,ab

"10"=hex:55,0c,d6,b4,90,c5,27,45

"11"=hex:81,20,8f,ab,28,6a,52,9c

"12"=hex:81,20,8f,ab,28,6a,52,9c

"13"=hex:81,20,8f,ab,28,6a,52,9c

"14"=hex:81,20,8f,ab,28,6a,52,9c

"24"=hex:81,20,8f,ab,28,6a,52,9c

"26"=hex:81,20,8f,ab,28,6a,52,9c

"27"=hex:81,20,8f,ab,28,6a,52,9c

"19"=hex:81,20,8f,ab,28,6a,52,9c

"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3804)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-08-12 0:37

ComboFix-quarantined-files.txt 2009-08-12 03:37

ComboFix2.txt 2009-08-10 04:47

Pré-execução: 6.194.851.840 bytes disponíveis

Pós execução: 6.147.407.872 bytes disponíveis

199 --- E O F --- 2009-07-29 14:29

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Olá,

Por que o ComboFix foi executado duas vezes?

Link para o comentário
Compartilhar em outros sites

Olá,

Porque foi o seguinte.. postei meu log dia 06, ninguém respondeu até o dia 11... como você mesmo disse o vírus era perigoso porque pegava minhas senhas e tal.. recebi uma recomendação do meu cunhado de que o ComboFix era bom e fui no baixaki e o baixei.. no 2 dias depois você respondeu e me passou o combofix para analisar meu computador...e segui todos as instruções novamente...o log que ele me forneceu na primeira vez foi esse..

ComboFix 09-08-09.04 - T® 12/08/2009 0:32.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.572 [GMT -3:00]

Executando de: c:\documents and settings\T®\Desktop\ComboFix.exe

AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-12 to 2009-08-12 ))))))))))))))))))))))))))))

.

2009-08-08 20:13 . 2009-08-08 20:13 0 ----a-w- c:\documents and settings\T®\Dados de aplicativos\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe

2009-08-06 13:54 . 2009-08-06 13:54 27136 ----a-w- C:\ibts.exe

2009-08-02 23:13 . 2009-08-08 14:22 -------- d-----w- c:\arquivos de programas\WinClamAVShield

2009-08-02 16:54 . 2009-08-02 16:54 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\Malwarebytes

2009-08-02 16:37 . 2009-08-02 16:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-08-02 16:37 . 2009-07-13 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-02 16:37 . 2009-08-02 16:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-08-02 16:37 . 2009-08-02 16:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-08-02 16:37 . 2009-07-13 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-02 06:02 . 2009-08-11 01:40 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\Spyware Terminator

2009-08-02 05:13 . 2009-08-02 05:13 -------- d-----w- c:\arquivos de programas\Crawler

2009-08-02 05:13 . 2009-08-02 05:13 6144 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\sp_rsdel.exe

2009-08-02 05:13 . 2009-08-02 05:13 5632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\fileobjinfo.sys

2009-08-02 05:13 . 2009-08-02 05:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2009-08-02 05:13 . 2009-08-02 05:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Spyware Terminator

2009-08-02 05:13 . 2009-08-11 01:40 -------- d-----w- c:\arquivos de programas\Spyware Terminator

2009-08-02 05:13 . 2009-08-10 13:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator

2009-08-01 15:52 . 2009-08-01 15:52 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-08-01 15:12 . 2009-08-01 15:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sports Interactive

2009-07-31 19:49 . 2009-07-31 19:49 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-31 19:49 . 2009-07-31 19:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-31 19:49 . 2009-07-31 19:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-31 19:49 . 2009-07-31 19:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-07-31 19:49 . 2009-07-31 19:49 -------- d-----w- c:\windows\system32\drivers\Avg

2009-07-31 14:30 . 2009-08-02 16:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\14626874

2009-07-24 19:37 . 2009-07-24 19:38 106496 ----a-w- c:\windows\system32\mouse.exe

2009-07-22 02:11 . 2009-08-10 04:36 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys

2009-07-18 14:26 . 2009-08-08 15:02 -------- d--h--w- C:\$AVG8.VAULT$

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-12 03:15 . 2009-03-10 19:25 777 --sha-w- c:\windows\system32\mmf.sys

2009-08-11 04:51 . 2001-10-28 16:07 86012 ----a-w- c:\windows\system32\perfc016.dat

2009-08-11 04:51 . 2001-10-28 16:07 474694 ----a-w- c:\windows\system32\perfh016.dat

2009-08-10 15:24 . 2008-09-03 14:28 -------- d-----w- c:\arquivos de programas\Sports Interactive

2009-08-10 04:36 . 2004-08-04 02:14 182656 ----a-w- c:\windows\system32\drivers\ndis.sys

2009-08-09 00:20 . 2008-09-02 15:48 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\FrostWire

2009-08-04 15:14 . 2008-12-18 14:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avg8

2009-08-03 05:45 . 2009-08-03 05:45 8 ----a-w- c:\windows\system32\DROPPEDFILEOK.tmp

2009-08-01 15:12 . 2009-06-02 01:54 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-07-30 17:39 . 2008-09-02 19:22 -------- dcsh--w- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-07-30 17:33 . 2008-09-02 19:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-07-29 01:32 . 2008-09-02 15:44 -------- d-----w- c:\arquivos de programas\FrostWire

2009-07-29 01:30 . 2008-09-03 02:47 -------- d-----w- c:\arquivos de programas\LimeWire

2009-07-13 16:44 . 2008-09-02 15:42 -------- d-----w- c:\arquivos de programas\Google

2009-07-13 16:44 . 2008-09-02 15:27 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-07-06 06:07 . 2008-09-03 02:47 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\LimeWire

2009-07-06 06:07 . 2009-07-03 15:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sports Interactive

2009-07-03 15:35 . 2008-09-03 14:47 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\Sports Interactive

2009-07-03 15:15 . 2009-07-03 15:15 -------- d--h--w- c:\arquivos de programas\Zero G Registry

2009-07-02 04:40 . 2008-09-19 12:55 -------- d-----w- c:\arquivos de programas\Photo Recovery

2009-07-02 03:49 . 2009-06-27 15:45 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\gtk-2.0

2009-07-01 23:41 . 2009-07-01 20:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared

2009-06-29 15:58 . 2004-08-04 03:45 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 15:58 . 2004-08-04 03:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 15:58 . 2004-08-04 03:45 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-17 13:26 . 2008-12-26 21:04 -------- d-----w- c:\arquivos de programas\Fx MPEG Writer

2009-06-17 13:26 . 2009-04-19 16:30 -------- d-----w- c:\arquivos de programas\Real Alternative

2009-06-16 14:39 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 16:06 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-03 19:10 . 2004-08-04 03:45 1295872 ----a-w- c:\windows\system32\quartz.dll

2009-06-02 00:47 . 2009-06-02 00:47 552 ----a-w- c:\windows\system32\d3d8caps.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-08-10_04.43.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-12 03:15 . 2009-08-12 03:15 16384 c:\windows\Temp\Perflib_Perfdata_7b0.dat

+ 2001-10-28 16:07 . 2009-08-11 04:51 77262 c:\windows\system32\perfc009.dat

+ 2001-10-28 16:07 . 2009-08-11 04:51 441908 c:\windows\system32\perfh009.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminatorUpdate"="c:\arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-08-02 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-06 136600]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-01-05 413696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]

"SpywareTerminator"="c:\arquiv~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-08-02 2171904]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-27 68096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"d:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

"d:\\Arquivos de programas\\Sports Interactive\\Football Manager 2009\\fm.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/7/2009 16:49 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/7/2009 16:49 108552]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2/8/2009 02:13 142592]

R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [10/3/2009 16:25 2560]

S2 avg8wd;AVG Free8 WatchDog;d:\arquiv~1\AVG\AVG8\avgwdsvc.exe --> d:\arquiv~1\AVG\AVG8\avgwdsvc.exe [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

.

.

------- Scan Suplementar -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: crawler search - tbr:iemenu

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {37896977-F821-4424-BD40-E4188205003A} = 200.204.0.10,200.204.0.138

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\Toolbar\ctbr.dll

FF - ProfilePath - c:\documents and settings\T®\Dados de aplicativos\Mozilla\Firefox\Profiles\3iubjjbl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com/

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xcomm.dll

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xshared.dll

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xsupport.dll

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xwsg.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-12 00:35

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847]

"1"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,86,2b,9b,9b,f3,96,a9,

e9

"2"=hex:05,83,26,a9,dc,b6,17,45,de,2e,f0,41,a5,95,91,56,fe,07,ca,23,63,6c,c8,

df,a0,cb,29,a7,07,62,23,54

"3"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,39,39,6a,6e,1d,99,29,

0e,9a,9e,61,33,16,37,68,38,ee,25,f6,f1,91,9f,21,a9,58,ec,19,f6,96,30,78,09

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847\6356076A6F83BB1BBBE6B14F244E53BE]

"1"=hex:7e,63,ed,e4,ff,c6,da,b0,00,85,ab,7b,99,1c,f6,df,8b,3c,15,1f,e9,72,d8,

8c

"2"=hex:51,f1,0b,2b,54,76,7d,bf

"3"=hex:1b,64,9c,1b,09,c3,8f,b5,f2,0d,82,f6,55,36,81,3b,b1,87,6d,e6,af,a4,61,

55,f4,c1,9d,f2,f2,e7,ec,8a,d1,20,59,d2,9c,ae,88,71,91,cb,db,d9,11,d1,0e,16,\

"4"=hex:2f,ad,a2,e7,8a,bf,05,5e

"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,

1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\

"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,

51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20

"7"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,5c,6c,8a,b0,95,8d,88,

02,e9,37,15,54,28,a1,4d,91,f4,19,4f,4b,df,bd,95,c2,74,9c,18,d8,b7,e1,e6,9e,\

"8"=hex:02,80,95,16,5a,0c,20,6b,08,51,9f,b0,e2,97,33,3e,b4,4a,fa,7e,10,5c,20,

04,61,6e,a7,39,16,f7,14,87,4a,04,63,b9,c9,bb,da,d2

"9"=hex:81,20,8f,ab,28,6a,52,9c

"18"=hex:70,56,26,33,e3,20,f8,ab

"10"=hex:55,0c,d6,b4,90,c5,27,45

"11"=hex:81,20,8f,ab,28,6a,52,9c

"12"=hex:81,20,8f,ab,28,6a,52,9c

"13"=hex:81,20,8f,ab,28,6a,52,9c

"14"=hex:81,20,8f,ab,28,6a,52,9c

"24"=hex:81,20,8f,ab,28,6a,52,9c

"26"=hex:81,20,8f,ab,28,6a,52,9c

"27"=hex:81,20,8f,ab,28,6a,52,9c

"19"=hex:81,20,8f,ab,28,6a,52,9c

"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3804)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-08-12 0:37

ComboFix-quarantined-files.txt 2009-08-12 03:37

ComboFix2.txt 2009-08-10 04:47

Pré-execução: 6.194.851.840 bytes disponíveis

Pós execução: 6.147.407.872 bytes disponíveis

199 --- E O F --- 2009-07-29 14:29

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Este não é o primeiro log. Procure o primeiro log em:

C:\Qoobox\Combofix1.txt

Obs: Executar o ComboFix sem acompanhamento pode ser perigoso.

Link para o comentário
Compartilhar em outros sites

O que eu tenho lá na pasta é isso.

ComboFix 09-08-09.04 - T® 10/08/2009 1:36.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.622 [GMT -3:00]

Executando de: c:\documents and settings\T®\Desktop\ComboFix.exe

AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Criado um novo ponto de restauração

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\Jcore

c:\arquivos de programas\Jcore\Jcore2.dll

c:\arquivos de programas\WWShow

c:\arquivos de programas\WWShow\WWShow.dll

c:\docume~1\TEA45~1\CONFIG~1\Temp\n.exe

c:\docume~1\TEA45~1\CONFIG~1\Temp\svchost.exe

c:\documents and settings\T®\Configurações locais\Temp\n.exe

c:\documents and settings\T®\Dados de aplicativos\bcrypt.html

c:\documents and settings\T®\Dados de aplicativos\digifast

c:\documents and settings\T®\Dados de aplicativos\digifast\config.cfg

c:\documents and settings\T®\Dados de aplicativos\digifast\DFUninstall.exe

c:\documents and settings\T®\Dados de aplicativos\digifast\digifast.exe

c:\documents and settings\T®\Dados de aplicativos\inst.exe

c:\documents and settings\T®\Desktop\pb.3x00.by.ptlinks.portugalseries.rmvb

c:\documents and settings\T®\Desktop\pb.3x00.by.ptlinks.portugalseries.rmvb

c:\documents and settings\T®\Desktop\pb.3x02.by.ptlinks.portugalseries.rmvb

c:\documents and settings\T®\Desktop\pb.3x02.by.ptlinks.portugalseries.rmvb

c:\documents and settings\T®\Desktop\pb.3x03.by.ptlinks.portugalseries.rmvb

c:\documents and settings\T®\Desktop\pb.3x03.by.ptlinks.portugalseries.rmvb

c:\documents and settings\T®\Desktop\pb.3x04.by.ptlinks.portugalseries.rmvb

c:\documents and settings\T®\Desktop\pb.3x04.by.ptlinks.portugalseries.rmvb

c:\documents and settings\T®\Desktop\pb.3x05.by.ptlinks.portugalseries.rmvb

c:\documents and settings\T®\Desktop\pb.3x05.by.ptlinks.portugalseries.rmvb

c:\documents and settings\T®\Desktop\pb.3x06.by.ptlinks.portugalseries.rmvb

c:\documents and settings\T®\Desktop\pb.3x06.by.ptlinks.portugalseries.rmvb

c:\documents and settings\T®\Desktop\pb.3x07.by.ptlinks.portugalseries.rmvb

c:\documents and settings\T®\Desktop\pb.3x07.by.ptlinks.portugalseries.rmvb

C:\ifrsmauy.exe

C:\phheq.exe

c:\recycler\S-1-5-21-0167562501-6413691741-243542316-2003

c:\recycler\S-1-5-21-1969853201-1785062144-572366210-2522

c:\recycler\S-1-5-21-4128555164-1020453772-594561757-0889

c:\recycler\S-1-5-21-4973698516-0130645653-202587581-9005

c:\recycler\S-1-5-21-4973698516-0130645653-202587581-9005\Desktop.ini

c:\recycler\S-1-5-21-4973698516-0130645653-202587581-9005\yv8g67.exe

c:\recycler\S-1-5-21-5666431795-1104566258-769606723-7057

c:\recycler\S-1-5-21-7129120389-1076724246-075832322-2518

c:\recycler\S-1-5-21-7917415899-4442237792-249019742-0698

c:\recycler\S-1-5-21-8251149910-9431272212-773967907-9217

c:\recycler\S-1-5-21-8471129343-7277404292-921336681-3493

c:\recycler\S-1-5-21-8586180435-5834276328-913348855-5922

c:\windows\Installer\162575.msi

c:\windows\Installer\2e35f4.msi

c:\windows\Installer\33103.msi

c:\windows\Installer\bb0bc.msi

c:\windows\system32\AutoRun.inf

c:\windows\system32\csrcs.exe

c:\windows\system32\drivers\6653dd44.sys

c:\windows\system32\drivers\8e4c333c.sys

c:\windows\system32\lowsec

c:\windows\system32\lowsec\local.ds

c:\windows\system32\lowsec\user.ds

c:\windows\system32\msvcrt2.dll

c:\windows\system32\sdra64.exe

c:\windows\Temp\14.exe

C:\xs6kpr0.exe

D:\hm1bfpuj.exe

D:\w9hw8.exe

D:\xs6kpr0.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_bndmss

-------\Service_6653dd44

-------\Service_8e4c333c

-------\Service_AVPsys

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-10 to 2009-08-10 ))))))))))))))))))))))))))))

.

2009-08-10 03:50 . 2009-08-10 03:50 35840 ----a-w- c:\documents and settings\T®\Dados de aplicativos\Microsoft\Windows\nppmt.exe

2009-08-10 03:14 . 2009-08-10 03:14 13824 ----a-w- c:\documents and settings\T®\Dados de aplicativos\cft\cft.exe

2009-08-10 03:14 . 2009-08-10 03:14 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\cft

2009-08-09 14:32 . 2009-08-09 14:32 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\pridl

2009-08-09 14:32 . 2009-08-09 14:32 11264 ----a-w- c:\documents and settings\T®\Dados de aplicativos\pridl\pridl.exe

2009-08-08 20:13 . 2009-08-08 20:13 0 ----a-w- c:\documents and settings\T®\Dados de aplicativos\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe

2009-08-06 13:54 . 2009-08-06 13:54 27136 ----a-w- C:\ibts.exe

2009-08-03 03:09 . 2009-08-03 03:09 253987 --sh--r- c:\windows\sysdiag64.exe

2009-08-02 23:13 . 2009-08-08 14:22 -------- d-----w- c:\arquivos de programas\WinClamAVShield

2009-08-02 16:54 . 2009-08-02 16:54 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\Malwarebytes

2009-08-02 16:37 . 2009-08-02 16:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-08-02 16:37 . 2009-07-13 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-02 16:37 . 2009-08-02 16:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-08-02 16:37 . 2009-08-02 16:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-08-02 16:37 . 2009-07-13 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-02 06:02 . 2009-08-10 04:24 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\Spyware Terminator

2009-08-02 05:13 . 2009-08-02 05:13 -------- d-----w- c:\arquivos de programas\Crawler

2009-08-02 05:13 . 2009-08-02 05:13 6144 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\sp_rsdel.exe

2009-08-02 05:13 . 2009-08-02 05:13 5632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\fileobjinfo.sys

2009-08-02 05:13 . 2009-08-02 05:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2009-08-02 05:13 . 2009-08-02 05:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Spyware Terminator

2009-08-02 05:13 . 2009-08-09 04:41 -------- d-----w- c:\arquivos de programas\Spyware Terminator

2009-08-02 05:13 . 2009-08-08 03:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator

2009-08-01 15:52 . 2009-08-01 15:52 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-08-01 15:12 . 2009-08-01 15:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sports Interactive

2009-07-31 19:49 . 2009-07-31 19:49 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-31 19:49 . 2009-07-31 19:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-31 19:49 . 2009-07-31 19:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-31 19:49 . 2009-07-31 19:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-07-31 19:49 . 2009-07-31 19:49 -------- d-----w- c:\windows\system32\drivers\Avg

2009-07-31 14:30 . 2009-08-02 16:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\14626874

2009-07-24 19:37 . 2009-07-24 19:38 106496 ----a-w- c:\windows\system32\mouse.exe

2009-07-22 02:11 . 2009-08-10 04:36 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys

2009-07-18 14:26 . 2009-08-08 15:02 -------- d--h--w- C:\$AVG8.VAULT$

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-10 04:43 . 2009-03-10 19:25 777 --sha-w- c:\windows\system32\mmf.sys

2009-08-10 04:36 . 2004-08-04 02:14 182656 ----a-w- c:\windows\system32\drivers\ndis.sys

2009-08-09 23:00 . 2008-09-03 14:28 -------- d-----w- c:\arquivos de programas\Sports Interactive

2009-08-09 00:20 . 2008-09-02 15:48 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\FrostWire

2009-08-04 15:14 . 2008-12-18 14:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avg8

2009-08-03 05:45 . 2009-08-03 05:45 8 ----a-w- c:\windows\system32\DROPPEDFILEOK.tmp

2009-08-01 15:12 . 2009-06-02 01:54 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-07-30 17:39 . 2008-09-02 19:22 -------- dcsh--w- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-07-30 17:33 . 2008-09-02 19:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-07-29 01:32 . 2008-09-02 15:44 -------- d-----w- c:\arquivos de programas\FrostWire

2009-07-29 01:30 . 2008-09-03 02:47 -------- d-----w- c:\arquivos de programas\LimeWire

2009-07-13 16:44 . 2008-09-02 15:42 -------- d-----w- c:\arquivos de programas\Google

2009-07-13 16:44 . 2008-09-02 15:27 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-07-06 06:07 . 2008-09-03 02:47 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\LimeWire

2009-07-06 06:07 . 2009-07-03 15:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sports Interactive

2009-07-03 15:35 . 2008-09-03 14:47 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\Sports Interactive

2009-07-03 15:15 . 2009-07-03 15:15 -------- d--h--w- c:\arquivos de programas\Zero G Registry

2009-07-02 04:40 . 2008-09-19 12:55 -------- d-----w- c:\arquivos de programas\Photo Recovery

2009-07-02 03:49 . 2009-06-27 15:45 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\gtk-2.0

2009-07-01 23:41 . 2009-07-01 20:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared

2009-06-29 15:58 . 2004-08-04 03:45 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 15:58 . 2004-08-04 03:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 15:58 . 2004-08-04 03:45 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-17 13:26 . 2008-12-26 21:04 -------- d-----w- c:\arquivos de programas\Fx MPEG Writer

2009-06-17 13:26 . 2009-04-19 16:30 -------- d-----w- c:\arquivos de programas\Real Alternative

2009-06-16 14:39 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 16:06 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-03 19:10 . 2004-08-04 03:45 1295872 ----a-w- c:\windows\system32\quartz.dll

2009-06-02 00:47 . 2009-06-02 00:47 552 ----a-w- c:\windows\system32\d3d8caps.dat

2009-08-10 03:50 . 2009-08-10 03:50 211968 ----a-w- c:\arquivos de programas\mozilla firefox\components\dfff.dll

2009-07-13 10:07 . 2009-07-13 10:07 89600 ----a-w- c:\arquivos de programas\mozilla firefox\components\WWShow.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminatorUpdate"="c:\arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-08-02 3055616]

"sysdiag64.exe"="c:\windows\sysdiag64.exe" [2009-08-03 253987]

"pridl"="c:\documents and settings\T®\Dados de aplicativos\pridl\pridl.exe" [2009-08-09 11264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-06 136600]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-01-05 413696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]

"SpywareTerminator"="c:\arquiv~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-08-02 2171904]

"MicrosoftNAPC"="c:\windows\sysdiag64.exe" [2009-08-03 253987]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-27 68096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"MicrosoftCorp"="c:\windows\sysdiag64.exe" [2009-08-03 253987]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"d:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Windows\\sysdiag64.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/7/2009 16:49 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/7/2009 16:49 108552]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2/8/2009 02:13 142592]

R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [10/3/2009 16:25 2560]

S2 avg8wd;AVG Free8 WatchDog;d:\arquiv~1\AVG\AVG8\avgwdsvc.exe [31/7/2009 16:49 297752]

S3 mbamswissarmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/8/2009 13:37 38160]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

.

- - - - ORFÃOS REMOVIDOS - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-DigiFast - c:\documents and settings\T®\Dados de aplicativos\digifast\digifast.exe

HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe

.

------- Scan Suplementar -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: crawler search - tbr:iemenu

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {37896977-F821-4424-BD40-E4188205003A} = 200.204.0.10,200.204.0.138

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\Toolbar\ctbr.dll

FF - ProfilePath - c:\documents and settings\T®\Dados de aplicativos\Mozilla\Firefox\Profiles\3iubjjbl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com/

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xcomm.dll

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xshared.dll

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xsupport.dll

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xwsg.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\components\dfff.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\components\WWShow.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-10 01:43

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847]

"1"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,86,2b,9b,9b,f3,96,a9,

e9

"2"=hex:05,83,26,a9,dc,b6,17,45,de,2e,f0,41,a5,95,91,56,fe,07,ca,23,63,6c,c8,

df,a0,cb,29,a7,07,62,23,54

"3"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,39,39,6a,6e,1d,99,29,

0e,9a,9e,61,33,16,37,68,38,ee,25,f6,f1,91,9f,21,a9,58,ec,19,f6,96,30,78,09

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847\6356076A6F83BB1BBBE6B14F244E53BE]

"1"=hex:7e,63,ed,e4,ff,c6,da,b0,00,85,ab,7b,99,1c,f6,df,8b,3c,15,1f,e9,72,d8,

8c

"2"=hex:51,f1,0b,2b,54,76,7d,bf

"3"=hex:1b,64,9c,1b,09,c3,8f,b5,f2,0d,82,f6,55,36,81,3b,b1,87,6d,e6,af,a4,61,

55,f4,c1,9d,f2,f2,e7,ec,8a,d1,20,59,d2,9c,ae,88,71,91,cb,db,d9,11,d1,0e,16,\

"4"=hex:2f,ad,a2,e7,8a,bf,05,5e

"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,

1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\

"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,

51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20

"7"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,5c,6c,8a,b0,95,8d,88,

02,e9,37,15,54,28,a1,4d,91,f4,19,4f,4b,df,bd,95,c2,74,9c,18,d8,b7,e1,e6,9e,\

"8"=hex:02,80,95,16,5a,0c,20,6b,08,51,9f,b0,e2,97,33,3e,b4,4a,fa,7e,10,5c,20,

04,61,6e,a7,39,16,f7,14,87,4a,04,63,b9,c9,bb,da,d2

"9"=hex:81,20,8f,ab,28,6a,52,9c

"18"=hex:70,56,26,33,e3,20,f8,ab

"10"=hex:55,0c,d6,b4,90,c5,27,45

"11"=hex:81,20,8f,ab,28,6a,52,9c

"12"=hex:81,20,8f,ab,28,6a,52,9c

"13"=hex:81,20,8f,ab,28,6a,52,9c

"14"=hex:81,20,8f,ab,28,6a,52,9c

"24"=hex:81,20,8f,ab,28,6a,52,9c

"26"=hex:81,20,8f,ab,28,6a,52,9c

"27"=hex:81,20,8f,ab,28,6a,52,9c

"19"=hex:81,20,8f,ab,28,6a,52,9c

"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\agrsmsvc.exe

c:\arquivos de programas\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe

c:\arquivos de programas\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Spyware Terminator\sp_rsser.exe

c:\arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-08-10 1:47 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-10 04:47

Pré-execução: 3.079.204.864 bytes disponíveis

Pós execução: 3.028.877.312 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

291 --- E O F --- 2009-07-29 14:29

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em File to upload coloque: C:\ibts.exe

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Link para o comentário
Compartilhar em outros sites

Antivírus Versão Última Atualização Resultado a-squared 4.5.0.24 2009.08.11 Trojan-Downloader.Win32.PepperPaper!IK AhnLab-V3 5.0.0.2 2009.08.11 - AntiVir 7.9.1.0 2009.08.11 TR/Dldr.PepperPaper.JL Antiy-AVL 2.0.3.7 2009.08.11 Trojan/Win32.PepperPaper.gen Authentium 5.1.2.4 2009.08.11 - Avast 4.8.1335.0 2009.08.11 - AVG 8.5.0.406 2009.08.11 Downloader.Generic8.BGKN BitDefender 7.2 2009.08.11 Trojan.Vundo.GON CAT-QuickHeal 10.00 2009.08.11 TrojanDownloader.PepperPaper. ClamAV 0.94.1 2009.08.11 - Comodo 1946 2009.08.11 - DrWeb 5.0.0.12182 2009.08.11 Trojan.DownLoader.50219 eSafe 7.0.17.0 2009.08.11 Win32.TrojanDownload eTrust-Vet 31.6.6672 2009.08.11 - F-Prot 4.4.4.56 2009.08.11 - F-Secure 8.0.14470.0 2009.08.11 Trojan-Downloader.Win32.PepperPaper.jl Fortinet 3.120.0.0 2009.08.11 W32/PepperPaper.JL!tr.dldr GData 19 2009.08.11 Trojan.Vundo.GON Ikarus T3.1.1.64.0 2009.08.11 Trojan-Downloader.Win32.PepperPaper Jiangmin 11.0.800 2009.08.11 TrojanDownloader.PepperPaper.r K7AntiVirus 7.10.816 2009.08.11 Trojan-Downloader.Win32.PepperPaper.jl Kaspersky 7.0.0.125 2009.08.11 Trojan-Downloader.Win32.PepperPaper.jl McAfee 5706 2009.08.11 Generic Downloader.x!sf McAfee+Artemis 5706 2009.08.11 Generic Downloader.x!sf McAfee-GW-Edition 6.8.5 2009.08.11 Heuristic.LooksLike.Win32.Suspicious.B Microsoft 1.4903 2009.08.11 TrojanDownloader:Win32/Dontovo.A NOD32 4326 2009.08.11 Win32/TrojanDownloader.Small.NZM Norman 6.01.09 2009.08.11 - nProtect 2009.1.8.0 2009.08.11 - Panda 10.0.0.14 2009.08.11 Trj/CI.A PCTools 4.4.2.0 2009.08.11 - Prevx 3.0 2009.08.11 - Rising 21.42.14.00 2009.08.11 - Sophos 4.44.0 2009.08.11 - Sunbelt 3.2.1858.2 2009.08.11 Trojan.Win32.Generic!BT Symantec 1.4.4.12 2009.08.11 Downloader TheHacker 6.3.4.3.381 2009.08.11 - TrendMicro 8.950.0.1094 2009.08.11 TROJ_PEPPERPAP.E VBA32 3.12.10.9 2009.08.10 Trojan-Downloader.Win32.PepperPaper.jl ViRobot 2009.8.11.1879 2009.08.11 - VirusBuster 4.6.5.0 2009.08.11 Trojan.DL.PepperPaper.BO Informações adicionais File size: 27136 bytes MD5 : 795c3f52473b6a476342e062d925adf0 SHA1 : 2682adc65a179326918228624a7882ef2124730d SHA256: 85fe0193f572a972427dc13ecfedb188eec75266de1e26c3a48ee3b3db7e9abf PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x1000

timedatestamp.....: 0x49BF8188 (Tue Mar 17 11:55:04 2009)

machinetype.......: 0x14C (Intel I386)

( 7 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x508000 0x4E00 7.98 01329df875c102725c3f72f5692d084d

.data 0x509000 0x1000 0x200 0.72 15b746cf7a203be76e18891ae3b7bbb9

.rdata 0x50A000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b

.idata 0x50B000 0x1000 0x200 1.02 d7d3f7633505c32b81726705c8e4398b

.data 0x50C000 0x1000 0x400 2.99 469870a3fed906674de341c8d2c5e39a

fwas 0x50D000 0xB3A 0xC00 6.25 be1ec684d6dac578ae048867290cc149

.reloc 0x50E000 0x20 0x200 0.40 b47b5b9360ad31e0d61ec2b7f73d5443

( 1 imports )

> kernel32.dll: GetFileSize, lstrcpynW, ReadFile

( 0 exports )

TrID : File type identification

- ssdeep: 768:7NOkKf8hdUTkNAKSWA8bcuahOY8rfHSKWbKi:6f88k2pLH6fHEbR PEiD : - RDS : NSRL Reference Data Set

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":


File::

C:\ibts.exe
c:\windows\sysdiag64.exe
c:\documents and settings\T®\Dados de aplicativos\pridl\pridl.exe

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sysdiag64.exe"=-
"pridl"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MicrosoftNAPC"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MicrosoftCorp"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Windows\\sysdiag64.exe"=-

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Link para o comentário
Compartilhar em outros sites

ComboFix 09-08-09.04 - T® 20/08/2009 19:54.3.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.579 [GMT -3:00]

Executando de: c:\documents and settings\T®\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\T®\Desktop\CFScript.txt

AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

- MODO DE FUNCIONALIDADE REDUZIDA -

FILE ::

"c:\documents and settings\T®\Dados de aplicativos\pridl\pridl.exe"

"C:\ibts.exe"

"c:\windows\sysdiag64.exe"

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\ibts.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-20 to 2009-08-20 ))))))))))))))))))))))))))))

.

2009-08-13 14:03 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-08 20:13 . 2009-08-08 20:13 0 ----a-w- c:\documents and settings\T®\Dados de aplicativos\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe

2009-08-02 23:13 . 2009-08-18 14:17 -------- d-----w- c:\arquivos de programas\WinClamAVShield

2009-08-02 16:54 . 2009-08-02 16:54 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\Malwarebytes

2009-08-02 16:37 . 2009-08-02 16:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-08-02 16:37 . 2009-07-13 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-02 16:37 . 2009-08-02 16:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-08-02 16:37 . 2009-08-02 16:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-08-02 16:37 . 2009-07-13 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-02 06:02 . 2009-08-20 01:47 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\Spyware Terminator

2009-08-02 05:13 . 2009-08-02 05:13 -------- d-----w- c:\arquivos de programas\Crawler

2009-08-02 05:13 . 2009-08-02 05:13 6144 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\sp_rsdel.exe

2009-08-02 05:13 . 2009-08-02 05:13 5632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator\fileobjinfo.sys

2009-08-02 05:13 . 2009-08-02 05:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2009-08-02 05:13 . 2009-08-02 05:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Spyware Terminator

2009-08-02 05:13 . 2009-08-20 01:47 -------- d-----w- c:\arquivos de programas\Spyware Terminator

2009-08-02 05:13 . 2009-08-19 00:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator

2009-08-01 15:52 . 2009-08-01 15:52 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-08-01 15:12 . 2009-08-01 15:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sports Interactive

2009-07-31 19:49 . 2009-07-31 19:49 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-31 19:49 . 2009-07-31 19:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-31 19:49 . 2009-07-31 19:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-31 19:49 . 2009-07-31 19:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-07-31 19:49 . 2009-07-31 19:49 -------- d-----w- c:\windows\system32\drivers\Avg

2009-07-31 14:30 . 2009-08-02 16:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\14626874

2009-07-24 19:37 . 2009-07-24 19:38 106496 ----a-w- c:\windows\system32\mouse.exe

2009-07-22 02:11 . 2009-08-10 04:36 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-20 20:53 . 2009-03-10 19:25 777 --sha-w- c:\windows\system32\mmf.sys

2009-08-15 05:28 . 2008-09-02 15:48 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\FrostWire

2009-08-11 04:51 . 2001-10-28 16:07 86012 ----a-w- c:\windows\system32\perfc016.dat

2009-08-11 04:51 . 2001-10-28 16:07 474694 ----a-w- c:\windows\system32\perfh016.dat

2009-08-10 15:24 . 2008-09-03 14:28 -------- d-----w- c:\arquivos de programas\Sports Interactive

2009-08-10 04:36 . 2004-08-04 02:14 182656 ----a-w- c:\windows\system32\drivers\ndis.sys

2009-08-05 09:00 . 2004-08-04 03:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 15:14 . 2008-12-18 14:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avg8

2009-08-03 05:45 . 2009-08-03 05:45 8 ----a-w- c:\windows\system32\DROPPEDFILEOK.tmp

2009-08-01 15:12 . 2009-06-02 01:54 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-07-30 17:39 . 2008-09-02 19:22 -------- dcsh--w- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-07-30 17:33 . 2008-09-02 19:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-07-29 01:32 . 2008-09-02 15:44 -------- d-----w- c:\arquivos de programas\FrostWire

2009-07-29 01:30 . 2008-09-03 02:47 -------- d-----w- c:\arquivos de programas\LimeWire

2009-07-17 19:03 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 02:43 . 2004-08-04 03:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-13 16:44 . 2008-09-02 15:42 -------- d-----w- c:\arquivos de programas\Google

2009-07-13 16:44 . 2008-09-02 15:27 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-07-06 06:07 . 2008-09-03 02:47 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\LimeWire

2009-07-06 06:07 . 2009-07-03 15:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sports Interactive

2009-07-03 15:35 . 2008-09-03 14:47 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\Sports Interactive

2009-07-03 15:15 . 2009-07-03 15:15 -------- d--h--w- c:\arquivos de programas\Zero G Registry

2009-07-02 04:40 . 2008-09-19 12:55 -------- d-----w- c:\arquivos de programas\Photo Recovery

2009-07-02 03:49 . 2009-06-27 15:45 -------- d-----w- c:\documents and settings\T®\Dados de aplicativos\gtk-2.0

2009-07-01 23:41 . 2009-07-01 20:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared

2009-06-29 15:58 . 2004-08-04 03:45 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 15:58 . 2004-08-04 03:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 15:58 . 2004-08-04 03:45 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-25 08:27 . 2004-08-04 03:45 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:27 . 2004-08-04 03:45 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:27 . 2004-08-04 03:45 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:27 . 2004-08-04 03:45 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:27 . 2004-08-04 03:45 732672 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:27 . 2004-08-04 03:45 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2004-08-04 01:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:39 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 16:06 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-08-04 03:45 77824 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 10:44 . 2004-08-04 03:45 81408 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-10 14:14 . 2004-08-04 03:45 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 12:21 . 2008-09-01 17:26 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-08-04 03:45 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2004-08-04 03:45 1295872 ----a-w- c:\windows\system32\quartz.dll

2009-06-02 00:47 . 2009-06-02 00:47 552 ----a-w- c:\windows\system32\d3d8caps.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-08-10_04.43.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-20 20:53 . 2009-08-20 20:53 16384 c:\windows\Temp\Perflib_Perfdata_770.dat

- 2008-09-02 15:36 . 2008-07-09 07:34 26488 c:\windows\system32\spupdsvc.exe

+ 2008-09-02 15:36 . 2007-07-27 13:41 26488 c:\windows\system32\spupdsvc.exe

+ 2001-10-28 16:07 . 2009-08-11 04:51 77262 c:\windows\system32\perfc009.dat

+ 2009-06-25 08:27 . 2009-06-25 08:27 54272 c:\windows\system32\dllcache\wdigest.dll

+ 2009-06-15 10:44 . 2009-06-15 10:44 81408 c:\windows\system32\dllcache\tlntsess.exe

+ 2009-06-15 10:44 . 2009-06-15 10:44 77824 c:\windows\system32\dllcache\telnet.exe

+ 2009-02-03 19:58 . 2009-06-25 08:27 56832 c:\windows\system32\dllcache\secur32.dll

- 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll

+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys

+ 2009-06-10 14:14 . 2009-06-10 14:14 85504 c:\windows\system32\dllcache\avifil32.dll

+ 2009-07-17 19:03 . 2009-07-17 19:03 58880 c:\windows\system32\dllcache\atl.dll

- 2008-09-02 15:39 . 2009-07-15 22:49 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-09-02 15:39 . 2009-08-13 22:26 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-09-02 15:39 . 2009-07-15 22:49 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-09-02 15:39 . 2009-08-13 22:26 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-09-02 15:39 . 2009-07-15 22:49 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-09-02 15:39 . 2009-08-13 22:26 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-09-02 15:39 . 2009-08-13 22:26 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-09-02 15:39 . 2009-07-15 22:49 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-09-02 15:39 . 2009-07-15 22:49 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-09-02 15:39 . 2009-08-13 22:26 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-09-02 15:39 . 2009-08-13 22:26 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-09-02 15:39 . 2009-07-15 22:49 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-09-02 15:39 . 2009-07-15 22:49 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-09-02 15:39 . 2009-08-13 22:26 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2001-10-28 16:07 . 2009-08-11 04:51 441908 c:\windows\system32\perfh009.dat

+ 2004-08-04 03:45 . 2009-07-14 02:43 286208 c:\windows\system32\dllcache\wmpdxm.dll

+ 2009-06-10 06:15 . 2009-06-10 06:15 132096 c:\windows\system32\dllcache\wkssvc.dll

+ 2008-12-05 06:58 . 2009-06-25 08:27 147456 c:\windows\system32\dllcache\schannel.dll

+ 2009-06-03 19:08 . 2009-08-05 09:00 205312 c:\windows\system32\dllcache\mswebdvd.dll

+ 2009-06-25 08:27 . 2009-06-25 08:27 136192 c:\windows\system32\dllcache\msv1_0.dll

+ 2009-04-15 19:21 . 2009-06-25 08:27 732672 c:\windows\system32\dllcache\lsasrv.dll

+ 2009-06-25 08:27 . 2009-06-25 08:27 301568 c:\windows\system32\dllcache\kerberos.dll

- 2009-03-12 17:45 . 2009-08-05 03:55 295606 c:\windows\Installer\{AC76BA86-7AD7-1046-7B44-A81300000003}\SC_Reader.exe

+ 2009-03-12 17:45 . 2009-08-15 04:51 295606 c:\windows\Installer\{AC76BA86-7AD7-1046-7B44-A81300000003}\SC_Reader.exe

- 2008-09-02 15:39 . 2009-07-15 22:49 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-09-02 15:39 . 2009-08-13 22:26 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2008-09-02 15:39 . 2009-07-15 22:49 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-09-02 15:39 . 2009-08-13 22:26 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-09-02 15:39 . 2009-07-15 22:49 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-09-02 15:39 . 2009-08-13 22:26 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-09-02 15:39 . 2009-08-13 22:26 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-09-02 15:39 . 2009-07-15 22:49 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-09-02 15:39 . 2009-08-13 22:26 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-09-02 15:39 . 2009-07-15 22:49 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-09-02 15:39 . 2009-08-13 22:26 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-09-02 15:39 . 2009-07-15 22:49 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2007-01-23 14:39 . 2007-01-23 14:39 443904 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7448A3100000030\8.1.3\JP2KLib.dll

+ 2003-07-15 14:18 . 2003-07-15 14:18 141360 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\ATP.DLL

+ 2008-09-01 17:26 . 2009-06-10 12:21 2066432 c:\windows\system32\dllcache\mstscax.dll

+ 2009-08-05 05:11 . 2009-08-05 05:11 5518848 c:\windows\Installer\a6671e.msp

+ 2009-07-01 16:21 . 2009-07-01 16:21 8891904 c:\windows\Installer\a66707.msp

+ 2009-08-15 04:50 . 2009-08-15 04:50 9680384 c:\windows\Installer\36efa5.msp

+ 2007-05-10 16:45 . 2007-05-10 16:45 8069464 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\OWC11.DLL

+ 2007-03-14 16:10 . 2007-03-14 16:10 7255384 c:\windows\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\OWC10.DLL

+ 2004-08-04 03:45 . 2009-07-14 02:43 10841088 c:\windows\system32\wmp.dll

+ 2008-09-02 16:54 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe

+ 2004-08-04 03:45 . 2009-07-14 02:43 10841088 c:\windows\system32\dllcache\wmp.dll

+ 2009-07-01 16:19 . 2009-07-01 16:19 10607104 c:\windows\Installer\a66708.msp

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminatorUpdate"="c:\arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-08-02 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-06 136600]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-01-05 413696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]

"SpywareTerminator"="c:\arquiv~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-08-02 2171904]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-27 68096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"d:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

"d:\\Arquivos de programas\\Sports Interactive\\Football Manager 2009\\fm.exe"=

"c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/7/2009 16:49 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/7/2009 16:49 108552]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2/8/2009 02:13 142592]

R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [10/3/2009 16:25 2560]

S2 avg8wd;AVG Free8 WatchDog;d:\arquiv~1\AVG\AVG8\avgwdsvc.exe --> d:\arquiv~1\AVG\AVG8\avgwdsvc.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff8ff0d6-cebb-11dd-82f7-001b11060894}]

\Shell\AutoRun\command - G:\cahpcg.cmd

\Shell\open\Command - G:\cahpcg.cmd

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: crawler search - tbr:iemenu

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {37896977-F821-4424-BD40-E4188205003A} = 200.204.0.10,200.204.0.138

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\Toolbar\ctbr.dll

FF - ProfilePath - c:\documents and settings\T®\Dados de aplicativos\Mozilla\Firefox\Profiles\3iubjjbl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com/

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xcomm.dll

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xshared.dll

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xsupport.dll

FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xwsg.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-20 19:55

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847]

"1"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,86,2b,9b,9b,f3,96,a9,

e9

"2"=hex:05,83,26,a9,dc,b6,17,45,de,2e,f0,41,a5,95,91,56,fe,07,ca,23,63,6c,c8,

df,a0,cb,29,a7,07,62,23,54

"3"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,39,39,6a,6e,1d,99,29,

0e,9a,9e,61,33,16,37,68,38,ee,25,f6,f1,91,9f,21,a9,58,ec,19,f6,96,30,78,09

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847\6356076A6F83BB1BBBE6B14F244E53BE]

"1"=hex:7e,63,ed,e4,ff,c6,da,b0,00,85,ab,7b,99,1c,f6,df,8b,3c,15,1f,e9,72,d8,

8c

"2"=hex:51,f1,0b,2b,54,76,7d,bf

"3"=hex:1b,64,9c,1b,09,c3,8f,b5,f2,0d,82,f6,55,36,81,3b,b1,87,6d,e6,af,a4,61,

55,f4,c1,9d,f2,f2,e7,ec,8a,d1,20,59,d2,9c,ae,88,71,91,cb,db,d9,11,d1,0e,16,\

"4"=hex:2f,ad,a2,e7,8a,bf,05,5e

"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,

1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\

"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,

51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20

"7"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,5c,6c,8a,b0,95,8d,88,

02,e9,37,15,54,28,a1,4d,91,f4,19,4f,4b,df,bd,95,c2,74,9c,18,d8,b7,e1,e6,9e,\

"8"=hex:02,80,95,16,5a,0c,20,6b,08,51,9f,b0,e2,97,33,3e,b4,4a,fa,7e,10,5c,20,

04,61,6e,a7,39,16,f7,14,87,4a,04,63,b9,c9,bb,da,d2

"9"=hex:81,20,8f,ab,28,6a,52,9c

"18"=hex:70,56,26,33,e3,20,f8,ab

"10"=hex:55,0c,d6,b4,90,c5,27,45

"11"=hex:81,20,8f,ab,28,6a,52,9c

"12"=hex:81,20,8f,ab,28,6a,52,9c

"13"=hex:81,20,8f,ab,28,6a,52,9c

"14"=hex:81,20,8f,ab,28,6a,52,9c

"24"=hex:81,20,8f,ab,28,6a,52,9c

"26"=hex:81,20,8f,ab,28,6a,52,9c

"27"=hex:81,20,8f,ab,28,6a,52,9c

"19"=hex:81,20,8f,ab,28,6a,52,9c

"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-08-20 19:57

ComboFix-quarantined-files.txt 2009-08-20 22:57

ComboFix2.txt 2009-08-12 03:37

ComboFix3.txt 2009-08-10 04:47

Pré-execução: 6.137.225.216 bytes disponíveis

Pós execução: 6.188.724.224 bytes disponíveis

283 --- E O F --- 2009-08-18 02:59

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Tem usado mídias removíveis como pendrive, mp3, mp4, etc?

Link para o comentário
Compartilhar em outros sites

Visitante
Este tópico está impedido de receber novos posts.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Curso de Hacker Ético

LANÇAMENTO!

CLIQUE AQUI E CONFIRA!

* Este curso não é ministrado pela equipe do Clube do Hardware.