Ir para conteúdo
Fórum Script Brasil
  • 0

[Resolvido]PC infectado por um trojan desconhecido

Darknnez

Perguntado por Darknnez,

 Share

Pergunta

Darknnez

Darknnez

Postado
Postado

Olá.

Recentemente meu computador começou a dar sinais de estar infectado por um trojan, através da seguinte mensagem:

pcinfectednr3.th.jpg

Eu passei o anti-vírus (avast) e o SpyBot, ambos devidamente atualizados, mas essa mensagem continuou aparecendo.

Espero que possam me ajudar.

--------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:13:15, on 25/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atletico.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Video decompressor - {12723304-463C-4377-8FEE-FCAB14BF8083} - C:\WINDOWS\pandsf.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.3.19.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] //~c:\arquivos de programas\java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Download all links using BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 7015 bytes

Link para o comentário
Compartilhar em outros sites

13 respostass a esta questão

Posts Recomendados

  • 0
JackSSA

JackSSA

Postado
Postado

Baixe o ComboFix e salve no desktop.

Feche todas as janelas e programas.

Dê um duplo-clique no combofix.exe e tecle "1" em seguida Enter para prosseguir o Fix. Vai durar uma média de 10 minutos.

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção.

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

Link para o comentário
Compartilhar em outros sites
  • 0
Darknnez

Darknnez

Postado
  • Autor
Postado

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:08:10, on 25/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atletico.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Video decompressor - {12723304-463C-4377-8FEE-FCAB14BF8083} - C:\WINDOWS\pandsf.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.3.19.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] //~c:\arquivos de programas\java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Download all links using BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 6983 bytes

ComboFix

ComboFix 08-01-23.1C - PA 2008-01-25 19:49:07.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.138 [GMT -2:00]

Executando de: C:\Documents and Settings\PA\Meus documentos\MyStuff\Downloads\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\windows.exe

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))

.

2008-01-25 19:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-01-25 16:02 . 2008-01-25 16:47 <DIR> d-------- C:\WINDOWS\system32\CatRoot2

2008-01-25 01:12 . 2008-01-25 01:12 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-01-24 00:33 . 2008-01-24 01:07 223,232 --a------ C:\WINDOWS\pandsf.dll

2008-01-24 00:33 . 2008-01-24 01:07 42 --a------ C:\tmp.bat

2008-01-23 04:41 . 2008-01-23 04:42 110 --a------ C:\DFregistros.dfs

2008-01-23 02:25 . 2008-01-23 02:25 <DIR> d-------- C:\Arquivos de programas\TLC

2008-01-21 17:42 . 2008-01-21 17:42 <DIR> d-------- C:\Arquivos de programas\Desktop Favoritos

2008-01-21 17:42 . 2004-02-23 22:42 1,386,496 --a------ C:\WINDOWS\system32\msvbvm60.dll

2008-01-21 17:42 . 1998-06-24 01:00 140,096 --a------ C:\WINDOWS\system32\COMDLG32.OCX

2008-01-21 17:42 . 2004-11-28 20:41 102,912 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2008-01-21 16:16 . 2008-01-21 16:16 3,760 --a------ C:\WINDOWS\SETUP.LST

2008-01-21 16:16 . 2008-01-21 16:16 303 --a------ C:\WINDOWS\ST6UNST.000

2008-01-21 16:08 . 2008-01-21 17:38 <DIR> d-------- C:\Arquivos de programas\ISTool

2008-01-21 16:02 . 2008-01-21 16:02 <DIR> d-------- C:\Arquivos de programas\Inno Setup 5

2008-01-21 15:48 . 2008-01-21 15:48 286,720 --------- C:\WINDOWS\Setup1.exe

2008-01-21 15:48 . 2008-01-21 15:48 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-01-11 20:35 . 2008-01-11 20:35 <DIR> d-------- C:\Arquivos de programas\Ares

2008-01-09 18:09 . 2008-01-09 18:10 <DIR> d-------- C:\Arquivos de programas\Glary Utilities

2008-01-07 11:17 . 2008-01-07 11:17 <DIR> d-------- C:\Arquivos de programas\Solar System Technologies

2008-01-06 18:20 . 2008-01-06 18:21 35,840 --a------ C:\WINDOWS\system32\COMDLG32.oca

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-25 21:43 4,000 ----a-w C:\ao.dat

2008-01-25 18:35 --------- d-----w C:\Arquivos de programas\FlashGet

2008-01-23 20:00 --------- d-----w C:\Arquivos de programas\Google

2008-01-20 19:21 --------- d-----w C:\Arquivos de programas\CrossLoop

2008-01-20 17:15 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-01-20 16:40 124 ----a-w C:\GAME.EXE

2007-12-20 05:08 --------- d-----w C:\Arquivos de programas\Poker Superstars III

2007-12-20 05:07 --------- d-----w C:\Arquivos de programas\ReflexiveArcade

2007-12-20 01:02 --------- d-----w C:\Arquivos de programas\bfgclient

2007-12-15 23:09 --------- d-----w C:\Arquivos de programas\Uplink

2007-12-08 15:35 --------- d-----w C:\Arquivos de programas\Boa Constructor

2007-05-04 23:59 56 --sh--r C:\WINDOWS\system32\E617820868.sys

2007-05-04 23:59 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12723304-463C-4377-8FEE-FCAB14BF8083}]

2008-01-24 01:07 223232 --a------ C:\WINDOWS\pandsf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 14:24 1694208]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2007-04-03 20:29 165784]

"AdobeUpdater"="C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-23 18:00 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2003-08-20 01:56 45056 C:\WINDOWS\system32\VTTimer.exe]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 08:06 79224]

"SunJavaUpdateSched"="//~c:\arquivos de programas\java\jre1.5.0_03\bin\jusched.exe" [ ]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

C:\Documents and Settings\PA\Menu Iniciar\Programas\Inicializar\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 20:05:02 630784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoInstrumentation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^PA^Menu Iniciar^Programas^Inicializar^BitComet Acceleration Patch.lnk]

backup=C:\WINDOWS\pss\BitComet Acceleration Patch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^PA^Menu Iniciar^Programas^Inicializar^eMule Acceleration Patch.lnk]

backup=C:\WINDOWS\pss\eMule Acceleration Patch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 13:54 5674352 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 08:00]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-25 19:59:36

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll

.

Tempo para conclusÆo: 2008-01-25 20:04:05 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-25 22:04:00

.

2008-01-25 18:52:29 --- E O F ---

Link para o comentário
Compartilhar em outros sites
  • 0
Darknnez

Darknnez

Postado
  • Autor
Postado

C:\WINDOWS\Setup1.exe

Antivírus Versão Última Atualização Resultado

AhnLab-V3 2008.1.18.10 2008.01.17 -

AntiVir 7.6.0.48 2008.01.17 -

Authentium 4.93.8 2008.01.17 -

Avast 4.7.1098.0 2008.01.17 -

AVG 7.5.0.516 2008.01.17 -

BitDefender 7.2 2008.01.17 -

CAT-QuickHeal 9.00 2008.01.17 -

ClamAV 0.91.2 2008.01.17 -

DrWeb 4.44.0.09170 2008.01.17 -

eSafe 7.0.15.0 2008.01.16 -

eTrust-Vet 31.3.5465 2008.01.17 -

Ewido 4.0 2008.01.17 -

FileAdvisor 1 2008.01.17 -

Fortinet 3.14.0.0 2008.01.17 -

F-Prot 4.4.2.54 2008.01.17 -

F-Secure 6.70.13260.0 2008.01.17 -

Ikarus T3.1.1.20 2008.01.17 -

Kaspersky 7.0.0.125 2008.01.17 -

McAfee 5210 2008.01.17 -

Microsoft 1.3109 2008.01.17 -

NOD32v2 2802 2008.01.17 -

Norman 5.80.02 2008.01.17 -

Panda 9.0.0.4 2008.01.17 -

Prevx1 V2 2008.01.17 -

Rising 20.27.31.00 2008.01.17 -

Sophos 4.24.0 2008.01.17 -

Sunbelt 2.2.907.0 2008.01.17 -

Symantec 10 2008.01.17 -

TheHacker 6.2.9.189 2008.01.17 -

VBA32 3.12.2.5 2008.01.15 -

VirusBuster 4.3.26:9 2008.01.17 -

Webwasher-Gateway 6.6.2 2008.01.17 -

Informações adicionais

File size: 286720 bytes

MD5: e40041e0ca436c712332edaa9db7df08

SHA1: deb8ead922f4f1acbadebf0db998f6ba2dc53db0

PEiD: -

C:\ao.dat

Antivírus Versão Última Atualização Resultado

AhnLab-V3 2008.1.26.10 2008.01.25 -

AntiVir 7.6.0.53 2008.01.25 -

Authentium 4.93.8 2008.01.26 -

Avast 4.7.1098.0 2008.01.26 -

AVG 7.5.0.516 2008.01.26 -

BitDefender 7.2 2008.01.26 -

CAT-QuickHeal 9.00 2008.01.25 -

ClamAV 0.91.2 2008.01.26 -

DrWeb 4.44.0.09170 2008.01.26 -

eSafe 7.0.15.0 2008.01.16 -

eTrust-Vet 31.3.5486 2008.01.26 -

Ewido 4.0 2008.01.26 -

FileAdvisor 1 2008.01.26 -

Fortinet 3.14.0.0 2008.01.26 -

F-Prot 4.4.2.54 2008.01.26 -

F-Secure 6.70.13260.0 2008.01.26 -

Ikarus T3.1.1.20 2008.01.26 -

Kaspersky 7.0.0.125 2008.01.26 -

McAfee 5216 2008.01.26 -

Microsoft 1.3109 2008.01.26 -

NOD32v2 2824 2008.01.26 -

Norman 5.80.02 2008.01.24 -

Panda 9.0.0.4 2008.01.26 -

Prevx1 V2 2008.01.26 -

Rising 20.28.52.00 2008.01.26 -

Sophos 4.25.0 2008.01.26 -

Sunbelt 2.2.907.0 2008.01.25 -

Symantec 10 2008.01.26 -

TheHacker 6.2.9.199 2008.01.26 -

VBA32 3.12.2.5 2008.01.21 -

VirusBuster 4.3.26:9 2008.01.26 -

Webwasher-Gateway 6.6.2 2008.01.26 -

Informações adicionais

File size: 4000 bytes

MD5: ecefd67a00c4109f9a863ad680856b33

SHA1: 2ae5d4d9a2c6f2a11545a9c8f7f00b1e53f04158

PEiD: -

C:\GAME.EXE

Antivírus Versão Última Atualização Resultado

AhnLab-V3 2008.1.26.10 2008.01.25 -

AntiVir 7.6.0.53 2008.01.25 -

Authentium 4.93.8 2008.01.26 -

Avast 4.7.1098.0 2008.01.26 -

AVG 7.5.0.516 2008.01.26 -

BitDefender 7.2 2008.01.26 -

CAT-QuickHeal 9.00 2008.01.25 -

ClamAV 0.91.2 2008.01.26 -

DrWeb 4.44.0.09170 2008.01.26 -

eSafe 7.0.15.0 2008.01.16 -

eTrust-Vet 31.3.5486 2008.01.26 -

Ewido 4.0 2008.01.26 -

FileAdvisor 1 2008.01.26 -

Fortinet 3.14.0.0 2008.01.26 -

F-Prot 4.4.2.54 2008.01.26 -

F-Secure 6.70.13260.0 2008.01.26 -

Ikarus T3.1.1.20 2008.01.26 -

Kaspersky 7.0.0.125 2008.01.26 -

McAfee 5216 2008.01.26 -

Microsoft 1.3109 2008.01.26 -

NOD32v2 2824 2008.01.26 -

Norman 5.80.02 2008.01.24 -

Panda 9.0.0.4 2008.01.26 -

Prevx1 V2 2008.01.26 -

Rising 20.28.52.00 2008.01.26 -

Sophos 4.25.0 2008.01.26 -

Sunbelt 2.2.907.0 2008.01.25 -

Symantec 10 2008.01.26 -

TheHacker 6.2.9.199 2008.01.26 -

VBA32 3.12.2.5 2008.01.21 -

VirusBuster 4.3.26:9 2008.01.26 -

Webwasher-Gateway 6.6.2 2008.01.26 -

Informações adicionais

File size: 124 bytes

MD5: 46dcad93ed0cfc44aad8b3dba71655da

SHA1: 966176e138910a5564ca5ebb1f5e0c61a591df0a

PEiD: -

Link para o comentário
Compartilhar em outros sites
  • 0
JackSSA

JackSSA

Postado
Postado

Delete a pasta qoobox que está localizada em C:\, delete também o log ComboFix.txt também localizado em C:\.

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

File::

C:\WINDOWS\pandsf.dll

C:\WINDOWS\system32\E617820868.sys

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12723304-463C-4377-8FEE-FCAB14BF8083}]

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Poste também o novo Log ComboFix.txt à sua resposta.

Poste também um novo Log do Hijackthis.

Link para o comentário
Compartilhar em outros sites
  • 0
Darknnez

Darknnez

Postado
  • Autor
Postado (editado)

Uma dúvida: após arrastar o CFScript.txt para o ComboFix, eu tenho que apertar 1 para dar continuidade ao processo, ou deveria começar automaticamente? Por que ao arrastar, o que acontece é que o ComboFix abre e pede para digitar 1 ou 2, e a sua explicação deu a entender que todo o processo seria automático.

Desculpe-me se entendi errado.

Editado por Darknnez
Link para o comentário
Compartilhar em outros sites
  • 0
Darknnez

Darknnez

Postado
  • Autor
Postado

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:51:31, on 28/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\VTTimer.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atletico.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.3.19.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] //~c:\arquivos de programas\java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\ARQUIV~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\ARQUIV~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Download all links using BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 6698 bytes

ComboFix

ComboFix 08-01-29.2 - PA 2008-01-28 22:05:25.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.128 [GMT -2:00]

Executando de: C:\Documents and Settings\PA\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\PA\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE

C:\WINDOWS\pandsf.dll

C:\WINDOWS\system32\E617820868.sys

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\pandsf.dll

C:\WINDOWS\system32\E617820868.sys

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))))

.

2008-01-27 04:47 . 2008-01-27 04:47 <DIR> d-------- C:\Arquivos de programas\Graymalkin Software

2008-01-27 04:47 . 2004-10-18 12:04 161,280 --a------ C:\WINDOWS\system32\fmod.dll

2008-01-27 04:47 . 2005-07-10 09:58 135,168 --a------ C:\WINDOWS\system32\Input32X.ocx

2008-01-27 04:47 . 2001-11-06 09:57 75,264 --a------ C:\WINDOWS\system32\smartmenuxp.ocx

2008-01-27 04:47 . 2005-10-16 11:47 67,072 --a------ C:\WINDOWS\vorbiscomment.exe

2008-01-27 04:47 . 2005-04-03 16:58 18,944 --a------ C:\WINDOWS\system32\xtag.dll

2008-01-27 04:47 . 2002-03-15 17:25 17,408 --a------ C:\WINDOWS\system32\animatedgif.ocx

2008-01-27 04:47 . 1998-05-21 02:38 13,312 --a------ C:\WINDOWS\system32\trayico.ocx

2008-01-27 04:47 . 2002-09-29 14:01 10,752 --a------ C:\WINDOWS\system32\xcomm.dll

2008-01-27 04:47 . 2001-10-14 01:48 9,728 --a------ C:\WINDOWS\system32\smartmenuxp.dll

2008-01-26 22:41 . 2008-01-27 00:30 <DIR> d-------- C:\Arquivos de programas\Kudos Rock Legend

2008-01-26 22:04 . 2008-01-26 22:04 240,128 --a------ C:\WINDOWS\system32\COMCTL32.oca

2008-01-26 22:04 . 2008-01-26 22:04 52,224 --a------ C:\WINDOWS\system32\COMCT232.oca

2008-01-26 02:45 . 2008-01-26 02:45 4,096 --a------ C:\WINDOWS\d3dx.dat

2008-01-25 16:02 . 2008-01-28 22:02 <DIR> d-------- C:\WINDOWS\system32\CatRoot2

2008-01-25 01:12 . 2008-01-25 01:12 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-01-24 00:33 . 2008-01-24 01:07 42 --a------ C:\tmp.bat

2008-01-23 04:41 . 2008-01-23 04:42 110 --a------ C:\DFregistros.dfs

2008-01-23 02:25 . 2008-01-23 02:25 <DIR> d-------- C:\Arquivos de programas\TLC

2008-01-21 17:42 . 2008-01-21 17:42 <DIR> d-------- C:\Arquivos de programas\Desktop Favoritos

2008-01-21 17:42 . 2004-02-23 22:42 1,386,496 --a------ C:\WINDOWS\system32\msvbvm60.dll

2008-01-21 17:42 . 1999-06-22 12:36 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-01-21 17:42 . 2004-11-28 20:41 102,912 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2008-01-21 16:16 . 2008-01-21 16:16 3,760 --a------ C:\WINDOWS\SETUP.LST

2008-01-21 16:16 . 2008-01-21 16:16 303 --a------ C:\WINDOWS\ST6UNST.000

2008-01-21 16:08 . 2008-01-21 16:08 <DIR> d-------- C:\Documents and Settings\PA\Dados de aplicativos\ISTool

2008-01-21 16:08 . 2008-01-21 17:38 <DIR> d-------- C:\Arquivos de programas\ISTool

2008-01-21 16:02 . 2008-01-21 16:02 <DIR> d-------- C:\Arquivos de programas\Inno Setup 5

2008-01-21 15:48 . 2008-01-21 15:48 286,720 --------- C:\WINDOWS\Setup1.exe

2008-01-21 15:48 . 2008-01-21 15:48 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-01-11 20:35 . 2008-01-11 20:35 <DIR> d-------- C:\Arquivos de programas\Ares

2008-01-09 18:13 . 2008-01-09 18:13 <DIR> d-------- C:\Documents and Settings\PA\Dados de aplicativos\GlarySoft

2008-01-09 18:09 . 2008-01-09 18:10 <DIR> d-------- C:\Arquivos de programas\Glary Utilities

2008-01-07 11:17 . 2008-01-07 11:17 <DIR> d-------- C:\Arquivos de programas\Solar System Technologies

2008-01-06 18:20 . 2008-01-06 18:21 35,840 --a------ C:\WINDOWS\system32\COMDLG32.oca

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-28 08:48 4,000 ----a-w C:\ao.dat

2008-01-25 18:35 --------- d-----w C:\Arquivos de programas\FlashGet

2008-01-23 20:00 --------- d-----w C:\Arquivos de programas\Google

2008-01-20 19:21 --------- d-----w C:\Arquivos de programas\CrossLoop

2008-01-20 17:15 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-01-20 16:40 124 ----a-w C:\GAME.EXE

2007-12-20 05:10 --------- d-----w C:\Documents and Settings\PA\Dados de aplicativos\funkitron

2007-12-20 05:08 --------- d-----w C:\Arquivos de programas\Poker Superstars III

2007-12-20 05:07 --------- d-----w C:\Arquivos de programas\ReflexiveArcade

2007-12-20 03:05 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2007-12-20 01:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BigFishGamesCache

2007-12-20 01:02 --------- d-----w C:\Arquivos de programas\bfgclient

2007-12-15 23:09 --------- d-----w C:\Arquivos de programas\Uplink

2007-12-08 15:35 --------- d-----w C:\Arquivos de programas\Boa Constructor

2007-08-06 02:51 40 ----a-w C:\Documents and Settings\PA\language.dat

2007-05-04 23:59 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 14:24 1694208]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2007-04-03 20:29 165784]

"AdobeUpdater"="C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-23 18:00 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2003-08-20 01:56 45056 C:\WINDOWS\system32\VTTimer.exe]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 08:06 79224]

"SunJavaUpdateSched"="//~c:\arquivos de programas\java\jre1.5.0_03\bin\jusched.exe" [ ]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

C:\Documents and Settings\PA\Menu Iniciar\Programas\Inicializar\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 20:05:02 630784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoInstrumentation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^PA^Menu Iniciar^Programas^Inicializar^BitComet Acceleration Patch.lnk]

backup=C:\WINDOWS\pss\BitComet Acceleration Patch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^PA^Menu Iniciar^Programas^Inicializar^eMule Acceleration Patch.lnk]

backup=C:\WINDOWS\pss\eMule Acceleration Patch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 13:54 5674352 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 08:00]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-28 22:37:07

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\locator.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-01-28 22:41:49 - machine was rebooted [PA]

ComboFix-quarantined-files.txt 2008-01-29 00:41:37

.

2008-01-25 18:52:29 --- E O F ---

Link para o comentário
Compartilhar em outros sites
  • 0
Darknnez

Darknnez

Postado
  • Autor
Postado

Antivírus Versão Última Atualização Resultado

AhnLab-V3 2008.1.29.11 2008.01.29 -

AntiVir 7.6.0.57 2008.01.29 -

Authentium 4.93.8 2008.01.29 -

Avast 4.7.1098.0 2008.01.28 -

AVG 7.5.0.516 2008.01.29 -

BitDefender 7.2 2008.01.29 -

CAT-QuickHeal 9.00 2008.01.28 -

ClamAV 0.91.2 2008.01.29 -

DrWeb 4.44.0.09170 2008.01.29 -

eSafe 7.0.15.0 2008.01.28 -

eTrust-Vet 31.3.5494 2008.01.29 -

Ewido 4.0 2008.01.29 -

FileAdvisor 1 2008.01.29 -

Fortinet 3.14.0.0 2008.01.29 -

F-Prot 4.4.2.54 2008.01.28 -

F-Secure 6.70.13260.0 2008.01.29 -

Ikarus T3.1.1.20 2008.01.29 -

Kaspersky 7.0.0.125 2008.01.29 -

McAfee 5217 2008.01.28 -

Microsoft 1.3109 2008.01.28 -

NOD32v2 2831 2008.01.29 -

Norman 5.80.02 2008.01.29 -

Panda 9.0.0.4 2008.01.28 -

Prevx1 V2 2008.01.29 -

Rising 20.29.12.00 2008.01.29 -

Sophos 4.25.0 2008.01.29 -

Sunbelt 2.2.907.0 2008.01.29 -

Symantec 10 2008.01.29 -

TheHacker 6.2.9.201 2008.01.28 -

VBA32 3.12.2.5 2008.01.21 -

VirusBuster 4.3.26:9 2008.01.29 -

Webwasher-Gateway 6.6.2 2008.01.29 -

Informações adicionais

File size: 286720 bytes

MD5: e40041e0ca436c712332edaa9db7df08

SHA1: deb8ead922f4f1acbadebf0db998f6ba2dc53db0

PEiD: -

Link para o comentário
Compartilhar em outros sites
  • 0
JackSSA

JackSSA

Postado
Postado

Clique em Iniciar -> Executar -> digite combofix.exe /u -> Ok.

Quando solicitado, escolha a opção 2.

Aguarde a deinstalação.

Clique em Iniciar -> Configurações -> Painel de Controle -> Abra o item Sistema.

Clique na guia Restauração do Sistema -> Marque Desativar restauração do sistemas em todas as unidades -> Em seguida clique em Aplicar. Após aplicado, desmarque a caixa Desativar restauração do sistemas em todas as unidades e clique novamente em Aplicar depois Ok.

Seu Log está limpo. Ainda há algum problema com o PC?

Link para o comentário
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
 Share
Ir para lista de Perguntas


  • Estatísticas dos Fóruns

    • Tópicos
      152,1k
    • Posts
      651,8k
×
×
  • Criar Novo...