Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
clspro

Log do Hijackthis

Recommended Posts

clspro    1

Estou desconfiado desse tal de "zzGBK", que aponta para um suposto arquivo "Setup.exe" que estaria em "J:\"

Só que essa é uma unidade de DVD. Desde já agradeço qualquer ajuda.

Aí vai o log:

C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\oodag.exe

C:\Program Files\UPHClean\uphclean.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\HijackThis\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [zzGBK] J:\setup.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B8E9B15-FE63-430D-A1A2-C9B1AEA8DE4D}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B8E9B15-FE63-430D-A1A2-C9B1AEA8DE4D}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{2B8E9B15-FE63-430D-A1A2-C9B1AEA8DE4D}: NameServer = 192.168.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
clspro    1
  • Autor do tópico
  • Desculpe a ignorância, mas o que seria o modo normal? Se você se refere ao Windows em modo normal ou modo de segurança, só posso dizer que esse log foi gerado em modo normal.

    Não sei se falei besteira...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    JoseMelo    64
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

    C:\Program Files\Eset\nod32krn.exe

    C:\WINDOWS\system32\oodag.exe

    C:\Program Files\UPHClean\uphclean.exe

    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    C:\HijackThis\HijackThis.exe

    A lista de processos está incompleta. Gere novo log com todos os processos e o cabeçalho.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    clspro    1
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 11:44:27 AM, on 9/9/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

    C:\Program Files\Eset\nod32kui.exe

    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE

    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

    C:\Program Files\Eset\nod32krn.exe

    C:\WINDOWS\system32\oodag.exe

    C:\Program Files\UPHClean\uphclean.exe

    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    C:\HijackThis\HijackThis.exe

    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

    O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"

    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [zzGBK] J:\setup.exe

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O17 - HKLM\System\CCS\Services\Tcpip\..\{2B8E9B15-FE63-430D-A1A2-C9B1AEA8DE4D}: NameServer = 192.168.1.1

    O17 - HKLM\System\CS1\Services\Tcpip\..\{2B8E9B15-FE63-430D-A1A2-C9B1AEA8DE4D}: NameServer = 192.168.1.1

    O17 - HKLM\System\CS2\Services\Tcpip\..\{2B8E9B15-FE63-430D-A1A2-C9B1AEA8DE4D}: NameServer = 192.168.1.1

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    JoseMelo    64

    - Faça o download do ComboFix

    • Desative, temporariamente, o antivírus;
    • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
    • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
    • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
    • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.
    • Para parar ou sair do ComboFix, tecle "N".
    • Cole o ComboFix.txt na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    clspro    1
  • Autor do tópico
  • ComboFix 07-09-10.6 - "c L s P r O" 2007-09-10 20:58:26.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1698 [GMT -3:00]

    * Created a new restore point

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini

    ((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))

    .

    2007-09-10 20:58 51,200 --a------ C:\WINDOWS\NirCmd.exe

    2007-09-10 20:57 1,485,491 --a------ C:\ComboFix.exe

    2007-09-10 11:02 <DIR> d-------- C:\DOCUME~1\CLSPRO~1\APPLIC~1\GetRightToGo

    2007-09-09 23:30 <DIR> d-------- C:\Program Files\WinImage

    2007-09-09 21:03 <DIR> d-------- C:\Program Files\OpenVideoConverter

    2007-09-09 16:34 <DIR> d-------- C:\Program Files\Firetune

    2007-09-08 18:55 <DIR> d-------- C:\DOCUME~1\CLSPRO~1\.GalleryRemote

    2007-09-07 21:40 <DIR> d-------- C:\DOCUME~1\CLSPRO~1\APPLIC~1\DVDFab

    2007-09-07 21:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk

    2007-09-07 21:09 <DIR> d-------- C:\Program Files\DVDFab Platinum 3

    2007-09-07 19:16 <DIR> d-------- C:\Program Files\DVDInfoPro

    2007-09-07 18:47 <DIR> d-------- C:\DOCUME~1\CLSPRO~1\APPLIC~1\CopyToDvd

    2007-09-07 17:48 <DIR> d-------- C:\Program Files\Ashampoo

    2007-09-07 17:31 87,608 --a------ C:\DOCUME~1\CLSPRO~1\APPLIC~1\ezpinst.exe

    2007-09-07 13:09 <DIR> d-------- C:\DOCUME~1\CLSPRO~1\APPLIC~1\SlySoft

    2007-09-07 13:02 5,600 --a------ C:\WINDOWS\system32\WINASPI.DLL

    2007-09-07 13:02 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL

    2007-09-07 13:02 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

    2007-09-06 22:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink

    2007-09-06 18:19 <DIR> d-------- C:\Program Files\DriverCleanerDotNET

    2007-09-06 18:07 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

    2007-09-06 18:07 207,736 --a------ C:\WINDOWS\system32\muweb.dll

    2007-09-06 15:50 <DIR> d-------- C:\DOCUME~1\CLSPRO~1\APPLIC~1\Help

    2007-09-05 23:06 <DIR> d-------- C:\HijackThis

    2007-09-05 22:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

    2007-09-05 22:14 <DIR> d-------- C:\Program Files\Messenger Plus! Live

    2007-09-05 22:09 <DIR> d-------- C:\DOCUME~1\CLSPRO~1\Contacts

    2007-09-05 22:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

    2007-09-05 22:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller

    2007-09-05 22:07 <DIR> d-------- C:\Program Files\Windows Live

    2007-09-05 22:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    2007-09-05 22:05 <DIR> d-------- C:\Program Files\PowerPoint Viewer

    2007-09-05 20:45 <DIR> d-------- C:\Program Files\Infogrames

    2007-09-05 18:21 <DIR> d-------- C:\Program Files\Atlantis

    2007-09-05 16:18 <DIR> d-------- C:\DOCUME~1\CLSPRO~1\APPLIC~1\Media Player Classic

    2007-09-05 16:16 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

    2007-09-05 16:16 <DIR> d-------- C:\DOCUME~1\CLSPRO~1\APPLIC~1\Real

    2007-09-05 16:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real

    2007-09-05 15:28 <DIR> d--h----- C:\WINDOWS\$hf_mig$

    2007-09-05 13:16 <DIR> d-------- C:\Program Files\Everest

    2007-09-04 23:25 <DIR> d-------- C:\Program Files\Azureus

    2007-09-04 23:25 <DIR> d-------- C:\DOCUME~1\CLSPRO~1\APPLIC~1\Azureus

    2007-09-04 23:02 <DIR> d-------- C:\Program Files\eMule

    2007-09-04 22:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

    2007-09-04 20:47 52,736 --a--c--- C:\WINDOWS\system32\dllcache\i8042prt.sys

    2007-09-04 20:47 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys

    2007-09-04 19:53 39 --a------ C:\deltemp.bat

    2007-09-04 19:16 <DIR> d-------- C:\Program Files\CCleaner

    2007-09-04 19:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

    2007-09-04 16:01 1,416 --a------ C:\WINDOWS\mozver.dat

    2007-09-04 15:33 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

    2007-09-04 15:30 <DIR> d-------- C:\WINDOWS\system32\xircom

    2007-09-04 15:30 <DIR> d-------- C:\Program Files\microsoft frontpage

    2007-09-04 15:29 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM

    2007-09-04 15:19 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll

    2007-09-04 15:19 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll

    2007-09-04 14:50 <DIR> d-------- C:\DOCUME~1\CLSPRO~1\APPLIC~1\Steinberg

    2007-09-04 14:45 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys

    2007-09-04 14:43 <DIR> d-------- C:\Program Files\Steinberg

    2007-09-04 14:42 704,512 --a------ C:\WINDOWS\system32\SYNSOACC.dll

    2007-09-04 14:42 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe

    2007-09-04 14:42 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys

    2007-09-04 14:42 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll

    2007-09-04 14:42 <DIR> d-------- C:\Program Files\Syncrosoft

    2007-09-04 14:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acronis

    2007-09-04 14:22 <DIR> d-------- C:\DOCUME~1\CLSPRO~1\APPLIC~1\Cakewalk

    2007-09-04 14:19 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

    2007-09-04 13:49 87,608 --a------ C:\DOCUME~1\CLSPRO~1\APPLIC~1\inst.exe

    2007-09-04 13:49 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

    2007-09-04 13:49 47,360 --a------ C:\DOCUME~1\CLSPRO~1\APPLIC~1\pcouffin.sys

    2007-09-04 13:49 <DIR> d-------- C:\DOCUME~1\CLSPRO~1\APPLIC~1\Vso

    2007-09-04 13:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\1Click DVD Copy

    2007-09-04 13:47 <DIR> d-------- C:\Program Files\Gnmidi 2.47

    2007-09-04 13:40 <DIR> d-------- C:\Program Files\UPHClean

    2007-09-04 13:34 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

    2007-09-04 13:34 299,392 --a------ C:\WINDOWS\system32\imon.dll

    2007-09-04 13:34 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

    2007-09-04 13:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft

    2007-09-04 13:29 221,184 --a------ C:\WINDOWS\InZU31.exe

    2007-09-04 13:29 15,172 --a------ C:\WINDOWS\system32\drivers\PzWDM.sys

    2007-09-04 13:29 <DIR> d-------- C:\Program Files\ONES (E)

    2007-09-04 13:27 <DIR> d-------- C:\Program Files\Acoustica CD Label Maker

    2007-09-04 13:27 <DIR> d-------- C:\DOCUME~1\CLSPRO~1\APPLIC~1\Acoustica

    2007-09-04 13:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage

    2007-09-04 13:12 981,336 --a------ C:\MGADiag.exe

    2007-09-04 13:12 <DIR> d-------- C:\WINDOWS\system32\oodag

    2007-09-04 13:11 3,477,504 --a------ C:\Program Files\FoxitReader2.0Beta.exe

    2007-09-04 13:11 <DIR> d-------- C:\Program Files\jv16 PowerTools 2006

    2007-09-04 13:06 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys

    2007-09-04 13:06 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys

    2007-09-04 13:06 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys

    2007-09-04 13:05 <DIR> d-------- C:\Program Files\Common Files\Acronis

    2007-09-04 13:05 <DIR> d-------- C:\Program Files\Acronis

    2007-09-04 13:02 <DIR> d-------- C:\Program Files\Jasc Software Inc

    2007-09-04 13:00 <DIR> d-------- C:\Program Files\OO Software

    2007-09-04 12:58 <DIR> d-------- C:\Program Files\SPL-Desser

    2007-09-04 12:57 <DIR> d-------- C:\Program Files\7-Zip

    2007-09-04 12:56 118,784 --a------ C:\WINDOWS\dsdxirmv.exe

    2007-09-04 12:55 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

    2007-09-04 12:55 225,280 --a------ C:\WINDOWS\system32\ReWire.dll

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2007-09-05 10:15 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL

    2007-09-05 10:15 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS

    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

    2007-07-29 17:51 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll

    2007-07-25 15:24 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll

    2007-06-26 03:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

    2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

    2007-06-13 07:23 1033216 --a------ C:\WINDOWS\explorer.exe

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 17:26]

    "nwiz"="nwiz.exe" [2007-04-19 17:26 C:\WINDOWS\system32\nwiz.exe]

    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 17:26]

    "Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [2004-05-05 05:54]

    "EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [2005-03-08 16:00]

    "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-09 20:33]

    "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-09 20:50]

    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-09 20:39]

    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-04 13:34]

    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-07-10 21:47]

    "EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [2005-03-08 16:00]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoRecentDocsMenu"=1 (0x1)

    "NoSMHelp"=1 (0x1)

    "NoSMMyPictures"=1 (0x1)

    "NoStartMenuMyMusic"=1 (0x1)

    "NoSMBalloonTip"=1 (0x1)

    "NoSMConfigurePrograms"=1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    "Authentication Packages"= msv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]

    "Script"=C:\deltemp.bat

    R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys

    R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys

    R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys

    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys

    R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys

    R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys

    *Newly Created Service* - CATCHME

    .

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-09-10 20:58:51

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    Completion time: 2007-09-10 20:59:16

    C:\ComboFix-quarantined-files.txt ... 2007-09-10 20:59

    .

    --- E O F ---

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    clspro    1
  • Autor do tópico
  • BitDefender Online Scanner

    Scan report generated at: Wed, Sep 12, 2007 - 11:15:32

    Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

    Statistics

    Time

    00:13:59

    Files

    93430

    Folders

    1979

    Boot Sectors

    4

    Archives

    1239

    Packed Files

    3037

    Results

    Identified Viruses

    0

    Infected Files

    0

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    0

    Engines Info

    Virus Definitions

    803565

    Engine build

    AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

    Scan plugins

    14

    Archive plugins

    38

    Unpack plugins

    7

    E-mail plugins

    6

    System plugins

    1

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    No virus found.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    clspro    1
  • Autor do tópico
  • José Melo, muito obrigado pela sua ajuda. Valeu!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×