Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
baeta

Problemas com vírus... vários deles...

Recommended Posts

Pessoal,

Tive problemas com vírus e cia, vários arquivos infectados por sinal, daí acho que consegui eliminar boa parte dos vírus, spywares e trojans com os programas antivírus que utilizo mas nunca sei se a máquina está toda limpa. Por este motivo peço que alguém analise, por favor, os logs do HijackThis e do Combofix, pois não tenho experiência neste tipo de análise. Obrigado.

HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 20:32:37, on 24/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Xtune\Canary\Historian\HDAServer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Xtune\Canary\Logger\CLILogger.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files\OCS Inventory Agent\ocsservice.exe

C:\PIPC\BIN\pilogsrv.exe

C:\PIPC\BIN\pinetmgr.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Xtune\CALCUL~1\xpptcalcengine.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

C:\PIPC\BIN\pimsgss.exe

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\OpcEnum.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.72.121:8080

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehabn.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://valeweb.cvrd.com.br/http/cvrdmrasc01.cvrd.br/iNotes6W.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://valeweb.cvrd.com.br/nortel_cacheable/iewiper.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{596B8BB4-B985-4DC5-AADB-7DFDB3A2F7DC}: NameServer = 172.18.72.23,172.18.86.75

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: 1784-PCIDS DeviceNet - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: PI-Buffer Server (bufserv) - OSI Software Inc. - C:\PIPC\BIN\bufserv.exe

O23 - Service: Canary Labs Error Log Server - Canary Labs, Inc. - C:\Xtune\Canary\Shared\ErrorLogServer.exe

O23 - Service: Canary Labs HDA Server - Canary Labs, Inc. - C:\Xtune\Canary\Historian\HDAServer.exe

O23 - Service: Canary Labs Logger - Canary Labs, Inc. - C:\Xtune\Canary\Logger\CLILogger.exe

O23 - Service: Canary Labs Trend Historian - Canary Labs, Inc. - C:\Xtune\Canary\Historian\CLIHistorian.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://ocsinventory.sourceforge.net - C:\Program Files\OCS Inventory Agent\ocsservice.exe

O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe

O23 - Service: PIPC Log Server (pilogsrv) - OSI Software - C:\PIPC\BIN\pilogsrv.exe

O23 - Service: PI Message Subsystem (pimsgss) - OSI Software, Inc. - C:\PIPC\BIN\pimsgss.exe

O23 - Service: PI Network Manager (pinetmgr) - OSI Software, Inc. - C:\PIPC\BIN\pinetmgr.exe

O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: 1789-SIM Simulator Module (SimModuleService) - Unknown owner - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

O23 - Service: XpPt Assess (xpassess) - Unknown owner - C:\Xtune\PT\xpassess.exe

O23 - Service: ExperTune PlantTriage Equation Builder CalcEngine (XpPtCalcEngine) - ExperTune Inc. - C:\Xtune\CALCUL~1\xpptcalcengine.exe

O23 - Service: XpPtStartServ - Unknown owner - C:\Xtune\PT\XPPTST~2.EXE

Combofix

ComboFix 08-03-24.1 - baeta 2008-03-24 20:40:09.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.164 [GMT -3:00]Running from: C:\Documents and Settings\baeta\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\Cache

.

((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))

.

2008-03-24 20:31 . 2008-03-24 20:32 <DIR> d-------- C:\HijackThis

2008-03-24 18:04 . 2008-03-24 18:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-03-24 16:18 . 2008-03-24 16:18 <DIR> d-------- C:\Documents and Settings\PlantTriage\Application Data\AVG7

2008-03-24 16:18 . 2008-03-24 16:18 <DIR> d-------- C:\Documents and Settings\baeta\Application Data\AVG7

2008-03-23 23:15 . 2008-03-24 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2008-03-23 23:08 . 2008-03-23 23:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-23 23:08 . 2008-03-23 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-03-23 23:06 . 2008-03-23 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2008-03-23 21:44 . 2008-03-23 22:15 12 --a------ C:\WINDOWS\system32\mapisvc.inf

2008-03-23 21:42 . 2008-03-23 22:16 <DIR> d-------- C:\Program Files\ESET

2008-03-23 17:46 . 2007-01-18 09:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2008-03-23 16:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-23 16:38 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-23 16:38 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-23 16:23 . 2008-03-23 16:23 <DIR> d-------- C:\Documents and Settings\baeta\Application Data\Grisoft

2008-03-23 16:23 . 2008-03-24 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-23 16:23 . 2007-05-30 09:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-03-18 08:37 . 2008-03-18 08:37 <DIR> d-------- C:\Program Files\RealVNC

2008-03-12 15:50 . 2008-03-18 14:42 <DIR> d-------- C:\Documents and Settings\baeta\Application Data\U3

2008-03-12 11:08 . 2008-03-12 11:08 <DIR> d-------- C:\WINDOWS\system32\Resource

2008-03-12 11:08 . 2008-03-12 11:08 <DIR> d-------- C:\Program Files\Citrix

2008-03-12 11:08 . 2008-03-12 11:09 <DIR> d-------- C:\Documents and Settings\baeta\Application Data\ICAClient

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-24 22:43 32,768 ----a-w C:\WINDOWS\system32\1stscrhook.dll

2008-03-24 01:44 --------- d-----w C:\Program Files\OCS Inventory Agent

2008-03-12 11:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-03-04 17:54 10,680 --sh--r C:\EVRSI.SYS

2008-02-20 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira

2008-02-18 13:16 --------- d-----w C:\Program Files\DWG TrueView 2008

2008-02-18 13:15 --------- d-----w C:\Program Files\Common Files\Autodesk Shared

2008-02-18 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk

2008-02-14 12:25 --------- d-----w C:\Documents and Settings\baeta\Application Data\AdobeUM

2008-02-13 20:07 --------- d-----w C:\Documents and Settings\baeta\Application Data\Autodesk

2008-02-13 18:20 --------- d-----w C:\Documents and Settings\baeta\Application Data\PISystem

2008-02-13 17:54 --------- d-----w C:\Documents and Settings\baeta\Application Data\Thinstall

2008-02-12 15:13 --------- d-----w C:\Documents and Settings\eric.baeta\Application Data\PISystem

2008-02-12 15:10 --------- d-----w C:\Program Files\Office

2008-02-11 00:08 --------- d-----w C:\Program Files\GbPlugin

2008-01-28 18:32 --------- d-----w C:\Program Files\Volo View Express

2008-01-28 18:28 --------- d-----w C:\Documents and Settings\eric.baeta\Application Data\Autodesk

2008-01-28 18:21 --------- d-----w C:\Program Files\Common Files\Adobe

2008-01-25 18:30 --------- d-----w C:\Program Files\Rockwell Software

2008-01-25 18:30 --------- d-----w C:\Program Files\Common Files\Rockwell

2008-01-25 18:30 --------- d-----w C:\Program Files\Common Files\OPC Foundation

2008-01-25 18:05 --------- d-----w C:\Documents and Settings\eric.baeta\Application Data\skypePM

2008-01-25 17:58 --------- d-----w C:\Documents and Settings\eric.baeta\Application Data\Skype

2008-01-25 10:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2008-01-25 10:57 --------- d-----w C:\Program Files\Skype

2008-01-25 10:57 --------- d-----w C:\Program Files\Common Files\Skype

2008-01-25 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2008-01-07 16:05 46,700 ----a-w C:\WINDOWS\system32\pdfmon.dll

2008-01-07 16:05 114,738 ----a-w C:\WINDOWS\system32\pdfmona.dll

2007-12-28 18:52 67,440 ----a-w C:\WINDOWS\system32\DCP.EXE

2007-12-28 18:52 104,368 ----a-w C:\WINDOWS\system32\DCOMPERM.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 08:20 88363 C:\WINDOWS\AGRSMMSG.exe]

"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 07:50 112216]

"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 12:39 136768]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 16:35 32768]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 08:47 131072]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 08:47 163840]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 08:46 135168]

"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 09:00 143360]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 17:04 761945]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-20 16:43 385024]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 06:25 6731312]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-24 18:13 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-24 16:17 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

Microsoft Firewall Client Management.lnk - C:\WINDOWS\Installer\{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}\NewShortcut1_8C7A59A89ABE459A9A9308C281A4A264.exe [2007-12-27 12:07:50 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\PROGRA~1\GbPlugin\gbieh.dll [2007-12-03 15:30 347976]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\PROGRA~1\GbPlugin\gbiehabn.dll [2008-01-22 14:01 346536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\PROGRA~1\GbPlugin\gbiehabn.dll 2008-01-22 14:01 346536 C:\PROGRA~1\GbPlugin\gbiehabn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\PROGRA~1\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\PROGRA~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-923149249-806584011-604069369-17081\Scripts\Logon\0\0]

"Script"=\\Arquivos\Planilhas\Addins\ConfigAtanAddIn.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-923149249-806584011-604069369-17081\Scripts\Logon\1\0]

"Script"=spap_sites_seguros.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-923149249-806584011-604069369-17081\Scripts\Logon\2\0]

"Script"=printers.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"C:\\Xtune\\Canary\\Historian\\HistorianAdmin.exe"=

"C:\\WINDOWS\\system32\\mmc.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Canary Labs HDA Server;Canary Labs HDA Server;C:\Xtune\Canary\Historian\HDAServer.exe [2007-09-11 08:43]

R2 Canary Labs Logger;Canary Labs Logger;C:\Xtune\Canary\Logger\CLILogger.exe [2007-09-11 08:43]

R2 FwcAgent;Firewall Client Agent;"C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe" [2006-01-18 01:01]

R2 OCS INVENTORY;OCS INVENTORY SERVICE;"C:\Program Files\OCS Inventory Agent\ocsservice.exe" [2007-02-27 16:32]

R2 SentinelKeysServer;Sentinel Keys Server;"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [2007-04-27 00:00]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 00:56]

R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29]

R2 XpPtCalcEngine;ExperTune PlantTriage Equation Builder CalcEngine;C:\Xtune\CALCUL~1\xpptcalcengine.exe [2007-07-27 06:46]

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 13:26]

S2 XpPtStartServ;XpPtStartServ;C:\Xtune\PT\XPPTST~2.EXE [2007-11-20 09:40]

S3 1784-PCIDS DeviceNet;1784-PCIDS DeviceNet;C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe [2005-07-08 09:22]

S3 Canary Labs Error Log Server;Canary Labs Error Log Server;"C:\Xtune\Canary\Shared\ErrorLogServer.exe" [2007-09-11 08:38]

S3 Canary Labs Trend Historian;Canary Labs Trend Historian;C:\Xtune\Canary\Historian\CLIHistorian.exe [2007-09-11 08:39]

S3 SimModuleService;1789-SIM Simulator Module;C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe [2005-07-08 09:05]

S3 xpassess;XpPt Assess;C:\Xtune\PT\xpassess.exe [2007-12-14 13:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]

\Shell\AutoRun\command - n6j.com

\Shell\explore\Command - n6j.com

\Shell\open\Command - n6j.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - n6j.com

\Shell\explore\Command - n6j.com

\Shell\open\Command - n6j.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83426063-ef5b-11dc-b87c-001438664ebf}]

\Shell\AutoRun\command - F:\n6j.com

\Shell\explore\Command - F:\n6j.com

\Shell\open\Command - F:\n6j.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b836b19e-f0ec-11dc-b880-001438664ebf}]

\Shell\AutoRun\command - F:\n6j.com

\Shell\explore\Command - F:\n6j.com

\Shell\open\Command - F:\n6j.com

.

Contents of the 'Scheduled Tasks' folder

"2008-03-24 23:02:15 C:\WINDOWS\Tasks\PlantTriageReporter.job"

- C:\Xtune\pt\Browser\Bin\Reporter.exe

"2007-12-28 18:54:54 C:\WINDOWS\Tasks\ValidatorStart.job"

- C:\Xtune\pt\Validator.exe.-start

"2007-12-28 18:54:55 C:\WINDOWS\Tasks\ValidatorStop.job"

- C:\Xtune\pt\Validator.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-24 20:44:46

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-24 20:46:00

ComboFix-quarantined-files.txt 2008-03-24 23:45:47

.

2008-03-23 20:51:18 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Abra o HijackThis, clique em Do a system scan only e marque a entrada abaixo:

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83426063-ef5b-11dc-b87c-001438664ebf}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b836b19e-f0ec-11dc-b880-001438664ebf}]

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • JoseMelo,

    Obrigado por ter respondido. Desculpe a demora para retornar. Tentei fazer o procedimento que você me indicou, mas a linha O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe já não existia mais no HijackThis. Daí fui rodar o Combofix , qu estava na pasta C:\ComboFix com o arquivo CFScript.txt conforme indicado e aprentemente não aconteceu nada, o micro não reiniciou sozinho. Esperei alguns instantes e reiniciei o micro manualmente e quando fui abrir a pasta C:\ComboFix novamente estava com os arquivos conforme figura em anexo.

    combofixarqsmr7.jpg

    Baixei novamente eo ComboFix e tentei rodar mas também não aconteceu nada aparentemente. De qualquer forma segue o log do HijackThis depois disso tudo. O que posso ter feito de errado?

    Log HijackThis

    Logfile of HijackThis v1.99.1

    Scan saved at 22:42:36, on 7/4/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\PROGRA~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Xtune\Canary\Historian\HDAServer.exe

    C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe

    C:\WINDOWS\system32\inetsrv\inetinfo.exe

    C:\Program Files\McAfee\Common Framework\FrameworkService.exe

    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\OCS Inventory Agent\ocsservice.exe

    C:\PIPC\BIN\pilogsrv.exe

    C:\PIPC\BIN\pinetmgr.exe

    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\Program Files\RealVNC\VNC4\WinVNC4.exe

    C:\PIPC\BIN\pimsgss.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

    C:\Program Files\McAfee\Common Framework\UdaterUI.exe

    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    C:\Program Files\McAfee\Common Framework\McTray.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

    C:\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.71.121:8080

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GbPlugin\gbieh.dll

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehabn.dll

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

    O11 - Options group: [iNTERNATIONAL] International*

    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://valeweb.cvrd.com.br/http/cvrdmrasc01.cvrd.br/iNotes6W.cab

    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

    O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://valeweb.cvrd.com.br/nortel_cacheable/iewiper.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{596B8BB4-B985-4DC5-AADB-7DFDB3A2F7DC}: NameServer = 172.18.71.23,172.18.86.75

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehabn.dll

    O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GbPlugin\gbieh.dll

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

    O23 - Service: 1784-PCIDS DeviceNet - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: PI-Buffer Server (bufserv) - OSI Software Inc. - C:\PIPC\BIN\bufserv.exe

    O23 - Service: Canary Labs Error Log Server - Canary Labs, Inc. - C:\Xtune\Canary\Shared\ErrorLogServer.exe

    O23 - Service: Canary Labs HDA Server - Canary Labs, Inc. - C:\Xtune\Canary\Historian\HDAServer.exe

    O23 - Service: Canary Labs Logger - Canary Labs, Inc. - C:\Xtune\Canary\Logger\CLILogger.exe

    O23 - Service: Canary Labs Trend Historian - Canary Labs, Inc. - C:\Xtune\Canary\Historian\CLIHistorian.exe

    O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

    O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://ocsinventory.sourceforge.net - C:\Program Files\OCS Inventory Agent\ocsservice.exe

    O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe

    O23 - Service: PIPC Log Server (pilogsrv) - OSI Software - C:\PIPC\BIN\pilogsrv.exe

    O23 - Service: PI Message Subsystem (pimsgss) - OSI Software, Inc. - C:\PIPC\BIN\pimsgss.exe

    O23 - Service: PI Network Manager (pinetmgr) - OSI Software, Inc. - C:\PIPC\BIN\pinetmgr.exe

    O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

    O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

    O23 - Service: 1789-SIM Simulator Module (SimModuleService) - Unknown owner - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe

    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

    O23 - Service: XpPt Assess (xpassess) - Unknown owner - C:\Xtune\PT\xpassess.exe

    O23 - Service: ExperTune PlantTriage Equation Builder CalcEngine (XpPtCalcEngine) - ExperTune Inc. - C:\Xtune\CALCUL~1\xpptcalcengine.exe

    O23 - Service: XpPtStartServ - Unknown owner - C:\Xtune\PT\XPPTST~2.EXE

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Ok, o log está limpo :)

    - Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

    • Abra o programa e clique em Executar Limpeza;
    • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

    - Desative e ative novamente a Restauração do Sistema

    - Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • JoseMelo,

    Obrigado. Realizei os procedimentos indicados.

    Só mais uma coisa. E quanto aos arquivos que apareceram na pasta C:\ComboFix, que mostrei na mensagem anterior, posso apagá-los?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • JoseMelo,

    Tudo bem, vou apagar. Obrigado.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×