Ir para conteúdo
Fórum Script Brasil

likeastone88

Membros
  • Total de itens

    5
  • Registro em

  • Última visita

Sobre likeastone88

likeastone88's Achievements

0

Reputação

  1. O log está aí. Só uma pergunta, é interessante deixar o pendrive conectado ao Pc durante a execução do ComboFix? Pois ele também está com o malware. Att, likeastone88. ComboFix 08-11-12.01 - Administrador 2008-11-13 21:39:32.3 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.70 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\arquivos de programas\Mjcore c:\arquivos de programas\Mjcore\Mjcore.dll c:\documents and settings\Administrador\Configurações locais\Temporary Internet Files\bestwiner.stt c:\documents and settings\Administrador\Configurações locais\Temporary Internet Files\CPV.stt c:\documents and settings\Administrador\Configurações locais\Temporary Internet Files\fbk.sts c:\documents and settings\Administrador\Dados de aplicativos\gadcom c:\documents and settings\Administrador\Dados de aplicativos\gadcom\gadcom.exe c:\documents and settings\Administrador\Dados de aplicativos\gadcom\gadcom.exe76 c:\documents and settings\Administrador\Dados de aplicativos\SpeedRunner c:\documents and settings\Administrador\Dados de aplicativos\SpeedRunner\config.cfg c:\documents and settings\Administrador\Dados de aplicativos\SpeedRunner\SpeedRunner.exe c:\documents and settings\Administrador\Dados de aplicativos\SpeedRunner\SRUninstall.exe c:\windows\system32\AutoRun.inf c:\windows\system32\csrcs.exe c:\windows\system32\Flashy.exe c:\windows\system32\kaxs.dat c:\windows\system32\rbsgam.dll c:\windows\system32\rs32net.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_restore (((((((((((((((( Arquivos/Ficheiros criados de 2008-10-14 to 2008-11-14 )))))))))))))))))))))))))))) . 2008-11-13 21:35 . 2008-11-13 21:35 <DIR> d-------- c:\windows\system32\LogFiles 2008-11-13 08:17 . 2008-11-13 08:17 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Twain 2008-11-13 08:14 . 2008-11-13 08:14 0 -rahs---- C:\khr 2008-11-13 08:12 . 2008-11-13 08:12 <DIR> d-------- c:\arquivos de programas\Webtools 2008-11-12 21:57 . 2008-11-12 21:57 <DIR> d--hs---- C:\FOUND.001 2008-11-12 17:22 . 2008-11-12 17:22 705 --a------ C:\kbpfhc.exe 2008-11-12 17:22 . 2008-11-12 17:22 0 --a------ C:\pvgejsn.exe 2008-11-12 17:21 . 2008-11-12 17:21 77,950 --a------ C:\rsufmlel.exe 2008-11-12 17:21 . 2008-11-12 17:22 7,680 --a------ C:\afpnrm.exe 2008-11-12 17:21 . 2008-11-12 17:22 2 --a------ C:\442307029 2008-11-12 17:15 . 2008-11-12 17:15 <DIR> d-------- C:\PenClean 2008-11-12 17:09 . 2008-11-12 17:09 32,512 --a------ c:\windows\system32\drivers\ati6psxx.sys 2008-11-12 17:09 . 2008-11-12 17:09 527 --a------ c:\windows\system32\TDSSosvd.dat 2008-11-12 08:54 . 2008-10-24 08:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 08:53 . 2008-09-04 14:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2008-11-08 19:15 . 2008-11-08 19:15 17,951 -r-hs---- c:\windows\system32\.vbs 2008-11-07 08:54 . 2008-11-12 17:21 17,951 -r-hs---- c:\windows\system32\.vbe 2008-11-06 21:23 . 2008-11-06 21:23 0 -rahs---- C:\khq 2008-11-06 11:07 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX 2008-11-06 11:07 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll 2008-11-06 11:06 . 2008-11-06 11:07 <DIR> d-------- c:\arquivos de programas\PDFCreator 2008-11-06 11:06 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL 2008-10-29 21:03 . 2008-10-29 21:04 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\MSN6 2008-10-28 21:22 . 2008-10-28 21:22 <DIR> d-------- c:\arquivos de programas\MSXML 4.0 2008-10-28 09:52 . 2008-09-08 07:41 333,824 --------- c:\windows\system32\dllcache\srv.sys 2008-10-28 09:52 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\dllcache\bthport.sys 2008-10-28 09:51 . 2008-09-15 12:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys 2008-10-28 09:51 . 2008-05-09 07:55 512,000 --------- c:\windows\system32\dllcache\jscript.dll 2008-10-28 09:51 . 2008-05-09 07:55 430,080 --------- c:\windows\system32\dllcache\vbscript.dll 2008-10-28 09:51 . 2008-05-09 07:55 180,224 --------- c:\windows\system32\dllcache\scrobj.dll 2008-10-28 09:51 . 2008-05-09 07:55 172,032 --------- c:\windows\system32\dllcache\scrrun.dll 2008-10-28 09:51 . 2008-05-08 08:24 155,648 --------- c:\windows\system32\dllcache\wscript.exe 2008-10-28 09:51 . 2008-05-09 05:45 135,168 --------- c:\windows\system32\dllcache\cscript.exe 2008-10-28 09:51 . 2008-05-09 07:55 90,112 --------- c:\windows\system32\dllcache\wshext.dll 2008-10-28 09:50 . 2008-08-14 10:24 2,193,408 --------- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-28 09:50 . 2008-08-14 10:24 2,149,376 --------- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-28 09:50 . 2008-08-14 10:24 2,070,272 --------- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-28 09:50 . 2008-08-14 10:24 2,028,032 --------- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-28 09:46 . 2008-05-08 11:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys 2008-10-28 09:45 . 2008-04-11 16:05 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll 2008-10-28 09:45 . 2008-05-01 11:36 331,776 --------- c:\windows\system32\dllcache\msadce.dll 2008-10-28 09:44 . 2008-10-15 13:36 337,408 --------- c:\windows\system32\dllcache\netapi32.dll 2008-10-27 09:55 . 2008-04-13 19:21 16,384 --a------ c:\windows\system32\ipsink.ax 2008-10-27 09:55 . 2008-04-13 19:21 16,384 --a------ c:\windows\system32\dllcache\ipsink.ax 2008-10-27 09:55 . 2008-04-13 11:46 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys 2008-10-27 09:55 . 2008-04-13 11:46 15,232 --a------ c:\windows\system32\dllcache\streamip.sys 2008-10-27 09:55 . 2008-04-13 11:46 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys 2008-10-27 09:55 . 2008-04-13 11:46 10,880 --a------ c:\windows\system32\dllcache\ndisip.sys 2008-10-27 09:55 . 2008-04-13 11:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys 2008-10-27 09:55 . 2008-04-13 11:39 5,504 --a------ c:\windows\system32\dllcache\mstee.sys 2008-10-27 09:39 . 2008-10-27 09:39 <DIR> d-------- c:\documents and settings\LocalService\Menu Iniciar 2008-10-27 09:26 . 2008-10-27 09:26 <DIR> d-------- c:\windows\system32\pt-br 2008-10-27 09:24 . 2008-10-27 09:24 <DIR> d-------- c:\windows\ServicePackFiles 2008-10-27 09:24 . 2008-04-13 19:20 33,792 --------- c:\windows\system32\dllcache\custsat.dll 2008-10-27 09:19 . 2006-12-28 12:01 19,569 --a------ c:\windows\002686_.tmp 2008-10-27 09:16 . 2008-10-27 09:16 <DIR> d-------- c:\windows\EHome 2008-10-24 22:02 . 2008-10-24 22:02 <DIR> d-------- c:\arquivos de programas\Trend Micro . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-02 14:05 63,728 ----a-w c:\documents and settings\Administrador\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-07 03:05 --------- d-----w c:\arquivos de programas\VDOWNLOADER 2008-10-05 14:05 720,896 ----a-w c:\windows\iun6002ev.exe 2008-10-05 14:03 --------- d-----w c:\arquivos de programas\Johnny Castaway 2008-10-03 14:26 --------- d-----w c:\arquivos de programas\CoolSMS 2008-09-30 19:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-29 16:02 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Winamp 2008-09-29 16:02 --------- d-----w c:\arquivos de programas\Winamp 2008-09-29 14:23 --------- d-----w c:\arquivos de programas\eMule 2008-09-18 03:35 21,035 ----a-w c:\windows\system32\drivers\AegisP.sys 2008-09-18 03:35 --------- d-----w c:\arquivos de programas\REALTEK RTL8185 Wireless LAN Driver and Utility 2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll 2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-20 05:09 668,160 ----a-w c:\windows\system32\wininet.dll 2008-08-20 05:09 668,160 ------w c:\windows\system32\dllcache\wininet.dll 2008-08-20 05:09 619,520 ------w c:\windows\system32\dllcache\urlmon.dll 2008-08-20 05:09 3,088,896 ------w c:\windows\system32\dllcache\mshtml.dll 2008-08-20 05:09 1,499,136 ------w c:\windows\system32\dllcache\shdocvw.dll 2008-08-14 13:24 2,193,408 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 13:24 2,070,272 ----a-w c:\windows\system32\ntkrnlpa.exe 2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-09-24 5033984] "NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648] "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032] "USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe" [2001-10-28 77891] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2006-10-25 282624] "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2006-10-30 256576] "WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2008-08-03 36352] "nwiz"="nwiz.exe" [2003-09-24 c:\windows\system32\nwiz.exe] "AGRSMMSG"="AGRSMMSG.exe" [2003-05-22 c:\windows\AGRSMMSG.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "MATHEUS"=".vbe" [2008-11-12 c:\windows\system32\.vbe] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ AutoCAD Startup Accelerator.lnk - c:\arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe [2005-03-05 10872] REALTEK RTL8185 Wireless LAN Utility.lnk - c:\arquivos de programas\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe [2008-09-18 675840] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6psxx.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] --a------ 2003-05-05 08:57 143360 c:\arquivos de programas\Analog Devices\SoundMAX\SMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA] --a------ 2001-10-28 18:06 77891 c:\windows\system32\usrmlnka.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\iTunes\\iTunes.exe"= R3 SjyPkt;SjyPkt;c:\windows\System32\Drivers\SjyPkt.sys [2002-10-02 13532] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512] S3 ati6psxx;ati6psxx;c:\windows\System32\drivers\ati6psxx.sys [2008-11-12 32512] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f4faf6c-d4e5-11dc-9384-000ea6aa095d}] \Shell\AutoRun\command - wscript.exe .vbs \Shell\open\command - wscript.exe .vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cf9d2ea-ac61-11dd-accc-806d6172696f}] \Shell\AutoRun\command - F:\dbxwdt.exe \Shell\explore\Command - F:\dbxwdt.exe \Shell\open\Command - F:\dbxwdt.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d79d897c-b524-11db-abe9-000ea6aa095d}] \Shell\AutoRun\command - wscript.exe .vbs \Shell\open\command - wscript.exe .vbs . Conteúdo da pasta 'Tarefas Agendadas' 2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13] . . ------- Scan Suplementar ------- . FireFox -: Profile - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\3dy6o3ic.default\ FF -: plugin - c:\arquivos de programas\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-13 21:42:38 Windows 5.1.2600 Service Pack 3 FAT NTAPI Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\SYSTEM32\USRSHUTA.EXE c:\arquivos de programas\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE c:\arquivos de programas\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE c:\windows\SYSTEM32\WDFMGR.EXE c:\arquivos de programas\IPOD\BIN\IPODSERVICE.EXE c:\windows\SYSTEM32\WSCNTFY.EXE . ************************************************************************** . Tempo para conclusão: 2008-11-13 21:43:50 - Máquina reiniciou ComboFix2.txt 2008-10-25 23:11:46 ComboFix-quarantined-files.txt 2008-11-14 00:43:48 Pré-execução: 2.552.168.448 bytes disponíveis Pós execução: 2,577,661,952 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 213 --- E O F --- 2008-11-12 13:07:03
  2. Amigão, o Flashy.exe voltou a aparecer. Eu tinha um Pen muito velho, ae coloquei ele no Pc, e esqueci q poderia ter malwares. Aí vai o novo log do hijack. vlw Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27:07, on 12/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\cftm.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\WINDOWS\SYSTEM32\USRshutA.exe C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Winamp\winampa.exe C:\WINDOWS\system32\cftm.exe C:\WINDOWS\system32\Flashy.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cscript.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\csrcs.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe O2 - BHO: IbestBHO Class - {7E6CDC1C-3B90-47D7-B2A8-24438CA96075} - C:\Arquivos de programas\Discador Digerati\bho.dll (file missing) O2 - BHO: Alive MP3 WAV Converter Toolbar Helper - {C12D2216-6A10-4c7d-A38F-D801D9CF9D03} - C:\Arquivos de programas\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll (file missing) O3 - Toolbar: Alive MP3 WAV Converter Toolbar - {50D31413-8B14-4158-94A5-80BE78E23058} - C:\Arquivos de programas\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [uSRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - HKLM\..\Run: [cftm] C:\WINDOWS\system32\cftm.exe O4 - HKLM\..\Run: [Flashy Bot] C:\WINDOWS\system32\Flashy.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunServices: [cftm] C:\WINDOWS\system32\cftm.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [MATHEUS] .vbe O4 - HKLM\..\Policies\Explorer\Run: [cftm] C:\WINDOWS\system32\cftm.exe O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe O4 - Startup: palmOne Registration.lnk = C:\Arquivos de programas\palmOne\register.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ? O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{091BEFE6-A14C-4BA2-9240-7AC5B68D777D}: NameServer = 10.1.1.1,200.199.241.17 O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exe (file missing) O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5672 bytes
  3. Amigo, valeu mesmo!!!! Aquele Flashy.exe tava me enchendo o saco. Agora fico DEZ! Brigadão ! (y) Só mais uma pergunta, qual anti-vírus você recomenda? Vlw!
  4. Aí estão o log do combofix + log do hijack VLW ! (y) ComboFix 08-10-24.02 - Administrador 2008-10-25 20:07:17.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1046.18.99 [GMT -3:00] Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe Comandos utilizados :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt.txt * Criado um novo ponto de restauro FILE :: C:\WINDOWS\System32\Flashy.exe C:\WINDOWS\System32\hp100.tmp . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\System32\hp100.tmp . (((((((((((((((( Arquivos/Ficheiros criados de 2008-09-25 to 2008-10-25 )))))))))))))))))))))))))))) . 2008-10-24 22:02 . 2008-10-24 22:02 <DIR> d-------- C:\Arquivos de programas\Trend Micro 2008-10-07 10:34 . 2008-10-07 10:34 <DIR> d--hs---- C:\FOUND.000 2008-10-07 00:05 . 2008-10-07 00:05 <DIR> d-------- C:\Arquivos de programas\VDOWNLOADER 2008-10-05 11:03 . 2008-10-05 11:03 <DIR> d-------- C:\Arquivos de programas\Johnny Castaway 2008-10-05 11:03 . 2008-10-05 11:05 720,896 --a------ C:\WINDOWS\iun6002ev.exe 2008-10-05 11:03 . 2008-10-05 11:05 36 --a------ C:\WINDOWS\johncast.bat 2008-10-03 11:26 . 2008-10-03 11:26 <DIR> d-------- C:\Arquivos de programas\CoolSMS 2008-09-29 13:02 . 2008-09-29 13:02 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Winamp 2008-09-29 13:02 . 2008-09-29 13:02 <DIR> d-------- C:\Arquivos de programas\Winamp 2008-09-29 12:27 . 2007-03-07 20:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-09-29 12:27 . 2007-03-07 20:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-09-29 12:27 . 2007-03-07 20:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-09-29 11:23 . 2008-09-29 11:23 <DIR> d-------- C:\Arquivos de programas\eMule . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-08 14:06 62,952 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2008-09-18 03:35 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-09-18 03:35 --------- d-----w C:\Arquivos de programas\REALTEK RTL8185 Wireless LAN Driver and Utility . ((((((((((((((((((((((((((((( snapshot@2008-10-25_ 7.47.39.78 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-25 10:31:28 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat + 2008-10-25 23:03:44 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat - 2008-10-25 10:31:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat + 2008-10-25 23:03:44 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat - 2008-10-25 10:31:28 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-10-25 23:03:44 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-24 5033984] "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 155648] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032] "USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2001-10-28 77891] "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-10-25 282624] "iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2006-10-30 256576] "WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2008-08-03 36352] "nwiz"="nwiz.exe" [2003-09-24 C:\WINDOWS\system32\nwiz.exe] "AGRSMMSG"="AGRSMMSG.exe" [2003-05-22 C:\WINDOWS\AGRSMMSG.exe] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ AutoCAD Startup Accelerator.lnk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe [2005-03-05 10872] REALTEK RTL8185 Wireless LAN Utility.lnk - C:\Arquivos de programas\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe [2008-09-18 675840] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] --a------ 2003-05-05 08:57 143360 C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA] --a------ 2001-10-28 18:06 77891 C:\WINDOWS\system32\usrmlnka.exe R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 13532] R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\System32\DRIVERS\USRpdA.sys [2001-08-17 113762] S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512] . Conteúdo da pasta 'Tarefas Agendadas' 2008-06-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-25 20:10:34 Windows 5.1.2600 Service Pack 1 FAT NTAPI Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . ------------------------ Outros Processos em Execução ------------------------ . C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\WINDOWS\SYSTEM32\USRSHUTA.EXE C:\ARQUIVOS DE PROGRAMAS\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE C:\WINDOWS\SYSTEM32\WDFMGR.EXE C:\ARQUIVOS DE PROGRAMAS\IPOD\BIN\IPODSERVICE.EXE . ************************************************************************** . Tempo para conclusão: 2008-10-25 20:11:42 - Máquina reiniciou ComboFix-quarantined-files.txt 2008-10-25 23:11:40 ComboFix2.txt 2008-10-25 10:48:10 Pré-execução: 2.164.850.688 bytes disponíveis Pós execução: 2,210,234,368 bytes disponíveis 105 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:14:06, on 25/10/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\WINDOWS\SYSTEM32\USRshutA.exe C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: IbestBHO Class - {7E6CDC1C-3B90-47D7-B2A8-24438CA96075} - C:\Arquivos de programas\Discador Digerati\bho.dll (file missing) O2 - BHO: Alive MP3 WAV Converter Toolbar Helper - {C12D2216-6A10-4c7d-A38F-D801D9CF9D03} - C:\Arquivos de programas\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll (file missing) O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Alive MP3 WAV Converter Toolbar - {50D31413-8B14-4158-94A5-80BE78E23058} - C:\Arquivos de programas\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [uSRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - Startup: palmOne Registration.lnk = C:\Arquivos de programas\palmOne\register.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ? O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{091BEFE6-A14C-4BA2-9240-7AC5B68D777D}: NameServer = 10.1.1.1,200.199.241.17 O17 - HKLM\System\CS1\Services\Tcpip\..\{091BEFE6-A14C-4BA2-9240-7AC5B68D777D}: NameServer = 10.1.1.1,200.199.241.17 O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exe (file missing) O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 4864 bytes
  5. Aí estão meus dois logs: -O primeiro do hijack, o segundo do combofix (após sua execução) Agradeço a Atenção ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:36:43, on 25/10/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\WINDOWS\System32\Flashy.exe C:\WINDOWS\SYSTEM32\USRshutA.exe C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.MSN.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/?v=msgrv75 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp O2 - BHO: IbestBHO Class - {7E6CDC1C-3B90-47D7-B2A8-24438CA96075} - C:\Arquivos de programas\Discador Digerati\bho.dll (file missing) O2 - BHO: Alive MP3 WAV Converter Toolbar Helper - {C12D2216-6A10-4c7d-A38F-D801D9CF9D03} - C:\Arquivos de programas\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll (file missing) O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Alive MP3 WAV Converter Toolbar - {50D31413-8B14-4158-94A5-80BE78E23058} - C:\Arquivos de programas\Alive MP3 WAV Converter Toolbar\v2.0.0.2\Alive_MP3_WAV_Converter_Toolbar.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [uSRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Flashy Bot] C:\WINDOWS\System32\Flashy.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - HKCU\..\Run: [Discador Digerati] "C:\Arquivos de programas\Discador Digerati\autoupdate.exe" O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\System32\ O4 - Startup: palmOne Registration.lnk = C:\Arquivos de programas\palmOne\register.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ? O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{091BEFE6-A14C-4BA2-9240-7AC5B68D777D}: NameServer = 10.1.1.1,200.199.241.17 O17 - HKLM\System\CS1\Services\Tcpip\..\{091BEFE6-A14C-4BA2-9240-7AC5B68D777D}: NameServer = 10.1.1.1,200.199.241.17 O22 - SharedTaskScheduler: bloodthirst - {f85e05f5-667e-41b0-ab8a-147337a99e65} - (no file) O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exe (file missing) O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5307 bytes ComboFix 08-10-24.02 - Administrador 2008-10-25 7:43:41.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1046.18.63 [GMT -3:00] Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Iniciar\Online Security Guide.url C:\Documents and Settings\All Users\Menu Iniciar\Security Troubleshooting.url C:\WINDOWS\Downloaded Program Files\UERSZ_0001_N69M0703NetInstaller.exe C:\WINDOWS\system32\atmclk.exe C:\WINDOWS\system32\dcomcfg.exe C:\WINDOWS\system32\Flashy.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\regperf.exe C:\WINDOWS\system32\xuefh.dll . (((((((((((((((( Arquivos/Ficheiros criados de 2008-09-25 to 2008-10-25 )))))))))))))))))))))))))))) . 2008-10-24 22:02 . 2008-10-24 22:02 <DIR> d-------- C:\Arquivos de programas\Trend Micro 2008-10-07 10:34 . 2008-10-07 10:34 <DIR> d--hs---- C:\FOUND.000 2008-10-07 00:05 . 2008-10-07 00:05 <DIR> d-------- C:\Arquivos de programas\VDOWNLOADER 2008-10-05 11:03 . 2008-10-05 11:03 <DIR> d-------- C:\Arquivos de programas\Johnny Castaway 2008-10-05 11:03 . 2008-10-05 11:05 720,896 --a------ C:\WINDOWS\iun6002ev.exe 2008-10-05 11:03 . 2008-10-05 11:05 36 --a------ C:\WINDOWS\johncast.bat 2008-10-03 11:26 . 2008-10-03 11:26 <DIR> d-------- C:\Arquivos de programas\CoolSMS 2008-09-29 13:02 . 2008-09-29 13:02 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Winamp 2008-09-29 13:02 . 2008-09-29 13:02 <DIR> d-------- C:\Arquivos de programas\Winamp 2008-09-29 12:27 . 2007-03-07 20:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-09-29 12:27 . 2007-03-07 20:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-09-29 12:27 . 2007-03-07 20:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-09-29 11:23 . 2008-09-29 11:23 <DIR> d-------- C:\Arquivos de programas\eMule . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-08 14:06 62,952 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2008-09-18 03:35 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-09-18 03:35 --------- d-----w C:\Arquivos de programas\REALTEK RTL8185 Wireless LAN Driver and Utility . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-24 5033984] "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 155648] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032] "USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2001-10-28 77891] "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-10-25 282624] "iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2006-10-30 256576] "WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2008-08-03 36352] "nwiz"="nwiz.exe" [2003-09-24 C:\WINDOWS\system32\nwiz.exe] "AGRSMMSG"="AGRSMMSG.exe" [2003-05-22 C:\WINDOWS\AGRSMMSG.exe] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ AutoCAD Startup Accelerator.lnk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe [2005-03-05 10872] REALTEK RTL8185 Wireless LAN Utility.lnk - C:\Arquivos de programas\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe [2008-09-18 675840] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] --a------ 2003-05-05 08:57 143360 C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA] --a------ 2001-10-28 18:06 77891 C:\WINDOWS\system32\usrmlnka.exe R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 13532] R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\System32\DRIVERS\USRpdA.sys [2001-08-17 113762] S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512] . Conteúdo da pasta 'Tarefas Agendadas' 2008-06-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13] . - - - - ORFÃOS REMOVIDOS - - - - HKCU-Run-Discador Digerati - C:\Arquivos de programas\Discador Digerati\autoupdate.exe HKCU-Run-CoolSMS - (no file) SharedTaskScheduler-{f85e05f5-667e-41b0-ab8a-147337a99e65} - (no file) MSConfigStartUp-CloneCDTray - C:\Arquivos de programas\Elaborate Bytes\CloneCD\CloneCDTray.exe MSConfigStartUp-Run - c:\windows\winfig.exe . ------- Scan Suplementar ------- . FireFox -: Profile - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\3dy6o3ic.default\ FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-25 07:46:49 Windows 5.1.2600 Service Pack 1 FAT NTAPI Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\catchme] "ImagePath"="\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\catchme.sys" [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\catchme] "ImagePath"="\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\catchme.sys" . ------------------------ Outros Processos em Execução ------------------------ . C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\WINDOWS\SYSTEM32\USRSHUTA.EXE C:\ARQUIVOS DE PROGRAMAS\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE C:\WINDOWS\SYSTEM32\WDFMGR.EXE C:\ARQUIVOS DE PROGRAMAS\IPOD\BIN\IPODSERVICE.EXE . ************************************************************************** . Tempo para conclusão: 2008-10-25 7:48:07 - Máquina reiniciou ComboFix-quarantined-files.txt 2008-10-25 10:48:04 Pré-execução: 1.695.055.872 bytes disponíveis Pós execução: 2,212,298,752 bytes disponíveis winxpsp1_br_pro_bf.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect 122
×
×
  • Criar Novo...