Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
RafaZ7

Ajuda com o log - KAVO.EXE

Recommended Posts

Galera, me ajudem plz.

Logfile of HijackThis v1.99.1

Scan saved at 10:40:53, on 7/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe

C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\Explorer.EXE

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Genie-Soft\GBMPro8\GBMAgent.exe

C:\Arquivos de programas\Enigma Software Group\SpyHunter\SpyHunter3.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\RocketDock\RocketDock.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\LClock\LClock.exe

C:\Documents and Settings\P4_intel\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.1.100:8080

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GBMPro8Agent] C:\Arquivos de programas\Genie-Soft\GBMPro8\GBMAgent.exe

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP Premium\DAP.exe" /STARTUP

O4 - HKLM\..\Run: [spyHunter Security Suite] "C:\Arquivos de programas\Enigma Software Group\SpyHunter\SpyHunter3.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [GBMPro8Agent] C:\Arquivos de programas\Genie-Soft\GBMPro8\GBMAgent.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1

O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP Premium\dapextie.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP Premium\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com.br/Genoogle/Components/ActiveX/SearchEngineQuery.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209470318783

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{57190319-DD19-4065-8BA2-86256246B2B1}: NameServer = 201.46.245.142,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{57190319-DD19-4065-8BA2-86256246B2B1}: NameServer = 201.46.245.142,200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{57190319-DD19-4065-8BA2-86256246B2B1}: NameServer = 201.46.245.142,200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

-----------------------------------------------------

ComboFix 08-07-05.1 - P4_intel 2008-07-07 10:16:44.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.548 [GMT -3:00]

Executando de: C:\Documents and Settings\P4_intel\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))))

.

2008-07-07 09:26 . 2008-07-07 10:11 <DIR> d-------- C:\WINDOWS\LastGood

2008-07-07 08:34 . 2008-07-07 09:21 <DIR> d-------- C:\Arquivos de programas\Enigma Software Group

2008-07-04 16:31 . 2008-07-04 16:31 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft

2008-07-04 16:12 . 2008-07-04 16:12 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab

2008-06-30 09:41 . 2008-06-30 09:42 <DIR> d-------- C:\Arquivos de programas\KP Software

2008-06-30 09:41 . 2002-04-29 23:45 323,584 --a------ C:\WINDOWS\system32\AudioControl.ocx

2008-06-30 09:41 . 2000-08-04 12:04 24,576 --a------ C:\WINDOWS\system32\JKTryIcn.ocx

2008-06-27 16:40 . 2008-06-27 16:40 <DIR> d-------- C:\Documents and Settings\P4_intel\Dados de aplicativos\Bitstream

2008-06-26 13:42 . 2008-06-26 13:42 <DIR> d-------- C:\Arquivos de programas\GNU

2008-06-26 13:42 . 2008-06-26 13:42 <DIR> d-------- C:\Arquivos de programas\AC3Filter

2008-06-26 13:42 . 2003-08-19 04:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl

2008-06-26 13:41 . 2008-06-26 13:41 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GRETECH

2008-06-26 13:40 . 2008-06-26 13:40 <DIR> d-------- C:\Documents and Settings\P4_intel\Dados de aplicativos\GRETECH

2008-06-26 13:40 . 2008-06-26 13:40 <DIR> d-------- C:\Arquivos de programas\GRETECH

2008-06-26 10:58 . 2008-06-26 11:26 <DIR> d-------- C:\ALEXANDRE_PIRES

2008-06-26 10:54 . 2008-06-26 10:55 <DIR> d-------- C:\Arquivos de programas\Free MSN Emoticons Pack 2

2008-06-26 10:54 . 2008-06-26 10:54 <DIR> d-------- C:\Arquivos de programas\DVD Shrink

2008-06-20 17:43 . 2008-06-20 17:43 244 --ah----- C:\sqmnoopt13.sqm

2008-06-20 17:43 . 2008-06-20 17:43 232 --ah----- C:\sqmdata13.sqm

2008-06-20 07:56 . 2008-06-20 07:56 244 --ah----- C:\sqmnoopt12.sqm

2008-06-20 07:56 . 2008-06-20 07:56 232 --ah----- C:\sqmdata12.sqm

2008-06-19 17:59 . 2008-06-19 17:59 244 --ah----- C:\sqmnoopt11.sqm

2008-06-19 17:59 . 2008-06-19 17:59 232 --ah----- C:\sqmdata11.sqm

2008-06-13 10:34 . 2008-07-07 07:50 <DIR> d-------- C:\Arquivos de programas\BrowsingEnhancer

2008-06-12 07:59 . 2008-06-12 07:59 <DIR> d-------- C:\Arquivos de programas\XPC Tools

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-07 11:09 --------- d-----w C:\Arquivos de programas\DAP Premium

2008-07-04 18:56 2,620 --sha-w C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-07-03 17:13 --------- d-----w C:\Documents and Settings\P4_intel\Dados de aplicativos\FileZilla

2008-07-03 14:53 --------- d-----w C:\Documents and Settings\P4_intel\Dados de aplicativos\Thinstall

2008-06-27 10:38 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Corel

2008-06-26 13:56 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-06-25 14:43 --------- d-----w C:\Documents and Settings\P4_intel\Dados de aplicativos\LimeWire

2008-06-17 11:06 --------- d-----w C:\Arquivos de programas\eMule

2008-06-11 18:04 --------- d-----w C:\Documents and Settings\P4_intel\Dados de aplicativos\MyPhoneExplorer

2008-06-06 11:27 --------- d--h--w C:\Arquivos de programas\Scpad

2008-05-28 10:35 --------- d-----w C:\Documents and Settings\P4_intel\Dados de aplicativos\AdobeUM

2008-05-27 12:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-05-24 13:53 --------- d-----w C:\Arquivos de programas\Full Speed

2008-05-21 10:55 --------- d-----w C:\Arquivos de programas\SopCast

2008-05-21 10:55 --------- d-----w C:\Arquivos de programas\Megacubo

2008-05-21 10:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-05-21 10:48 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-05-20 13:54 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-05-15 19:41 --------- d-----w C:\Arquivos de programas\TIM Web Movel

2008-05-15 16:16 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-05-15 16:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2008-05-14 15:35 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-04-22 19:04 25,600 ----a-w C:\Documents and Settings\P4_intel\usbsermptxp.sys

2008-04-22 19:04 22,768 ----a-w C:\Documents and Settings\P4_intel\usbsermpt.sys

2008-03-28 12:28 88 --sh--r C:\Documents and Settings\All Users\Dados de aplicativos\4208EB85B5.sys

.

((((((((((((((((((((((((((((( snapshot@2008-07-07_ 9.13.33,53 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-07 11:50:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-07 12:19:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2004-08-04 03:45:22 66,560 ----a-w C:\WINDOWS\LastGood\system32\cdm.dll

+ 2007-12-13 16:28:40 24,592 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\klim5.sys

+ 2004-08-04 03:45:30 431,616 ----a-w C:\WINDOWS\LastGood\system32\wuapi.dll

+ 2004-08-04 03:45:46 111,616 ----a-w C:\WINDOWS\LastGood\system32\wuauclt.exe

+ 2004-08-04 03:45:30 1,134,592 ----a-w C:\WINDOWS\LastGood\system32\wuaueng.dll

+ 2004-08-04 03:45:30 113,152 ----a-w C:\WINDOWS\LastGood\system32\wucltui.dll

+ 2004-08-04 03:45:30 36,864 ----a-w C:\WINDOWS\LastGood\system32\wups.dll

- 2004-08-04 03:45:22 66,560 ----a-w C:\WINDOWS\system32\cdm.dll

+ 2007-07-30 22:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

- 2004-08-04 03:45:22 66,560 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll

+ 2007-07-30 22:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll

- 2004-08-04 03:45:30 431,616 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll

+ 2007-07-30 22:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll

- 2004-08-04 03:45:46 111,616 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

+ 2007-07-30 22:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

- 2004-08-04 03:45:30 1,134,592 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

+ 2007-07-30 22:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

- 2004-08-04 03:45:30 113,152 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll

+ 2007-07-30 22:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll

+ 2007-07-30 22:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll

- 2004-12-07 13:11:00 258,352 ----a-w C:\WINDOWS\system32\unicows.dll

+ 2004-12-07 12:11:00 258,352 ----a-w C:\WINDOWS\system32\unicows.dll

- 2004-08-04 03:45:30 431,616 ----a-w C:\WINDOWS\system32\wuapi.dll

+ 2007-07-30 22:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

- 2004-08-04 03:45:46 111,616 ----a-w C:\WINDOWS\system32\wuauclt.exe

+ 2007-07-30 22:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

- 2004-08-04 03:45:30 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll

+ 2007-07-30 22:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

- 2004-08-04 03:45:30 113,152 ----a-w C:\WINDOWS\system32\wucltui.dll

+ 2007-07-30 22:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

+ 2007-07-30 22:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

- 2006-09-11 14:56:00 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll

+ 2006-09-11 13:56:00 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll

- 2006-12-21 18:18:00 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll

+ 2006-12-21 17:18:00 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2008-03-17 13:48 3739672]

"RocketDock"="C:\Arquivos de programas\RocketDock\RocketDock.exe" [2007-09-02 12:58 495616]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

"GBMPro8Agent"="C:\Arquivos de programas\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-01-27 09:55 230016]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-03-14 13:09 6731312]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]

"GBMPro8Agent"="C:\Arquivos de programas\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-01-27 09:55 230016]

"DownloadAccelerator"="C:\Arquivos de programas\DAP Premium\DAP.exe" [2007-11-24 18:12 2911744]

"SpyHunter Security Suite"="C:\Arquivos de programas\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]

"SoundMan"="SOUNDMAN.EXE" [2005-08-17 07:39 90112 C:\WINDOWS\SOUNDMAN.EXE]

"VTTimer"="VTTimer.exe" [2005-03-07 16:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 06:33 147456 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-02-07 10:14:07 25214]

Windows Desktop Search.lnk - C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= "C:\Arquivos de programas\Scpad\scpLIB.dll" [2008-06-05 15:53 201984]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2008-06-05 15:53 201984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk]

backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^P4_intel^Menu Iniciar^Programas^Inicializar^Atalho para GRPIni.lnk]

backup=C:\WINDOWS\pss\Atalho para GRPIni.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^P4_intel^Menu Iniciar^Programas^Inicializar^LimeWire Turbo Accelerator.lnk]

backup=C:\WINDOWS\pss\LimeWire Turbo Accelerator.lnkStartup

=

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MbarInstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

C:\WINDOWS\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

--a------ 2008-04-23 02:08 483328 C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-27 00:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2008-02-18 16:29 2221352 C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2 (0x2)

"SpyEmrgSrv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Autodesk\\3ds Max 9\\3dsmax.exe"=

"C:\\Arquivos de programas\\Autodesk\\Backburner\\monitor.exe"=

"C:\\Arquivos de programas\\Autodesk\\Backburner\\manager.exe"=

"C:\\Arquivos de programas\\Autodesk\\Backburner\\server.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"C:\\Arquivos de programas\\Megacubo\\bin\\minifly.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"24654:UDP"= 24654:UDP:Enfocus Port

"20486:UDP"= 20486:UDP:Enfocus Port

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe [2006-06-29 12:17]

R2 PSI_SVC_2;Protexis Licensing V2;c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe [2006-06-29 12:17]

S3 FXDRV;FXDRV;D:\Fxdrv.sys []

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-07-25 09:38]

S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-07-25 09:39]

S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-07-25 09:39]

S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-07-25 09:40]

S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-07-25 09:38]

S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-07-25 09:41]

S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-07-25 09:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{140d23fa-22ad-11dd-89cf-001558a64dae}]

\Shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{140d23fd-22ad-11dd-89cf-001558a64dae}]

\Shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27088fba-efa9-11dc-897c-001558a64dae}]

\Shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27088fbd-efa9-11dc-897c-001558a64dae}]

\Shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48d00066-eea7-11dc-8978-001558a64dae}]

\Shell\AutoRun\command - D:\ox.cmd

\Shell\explore\Command - D:\ox.cmd

\Shell\open\Command - D:\ox.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f039a46-f410-11dc-8984-001558a64dae}]

\Shell\AutoRun\command - D:\6.exe

\Shell\explore\Command - D:\6.exe

\Shell\open\Command - D:\6.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-07-07 13:05:16 C:\WINDOWS\Tasks\SpyHunter Scanner.job"

- C:\Arquivos de programas\Enigma Software Group\SpyHunter\SpyHunter3.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-07 10:19:50

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\ARQUIV~1\KASPER~1\KASPER~1.0\adialhk.dll

-> C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

-> C:\WINDOWS\system32\klogon.dll

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\ARQUIV~1\KASPER~1\KASPER~1.0\adialhk.dll

-> C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll

-> C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

-> C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Arquivos de programas\RocketDock\RocketDock.dll

.

Tempo para conclusão: 2008-07-07 10:21:31

ComboFix-quarantined-files.txt 2008-07-07 13:21:17

ComboFix2.txt 2008-07-07 12:14:49

Pre-Run: 20,133,027,840 bytes disponíveis

Post-Run: 20,121,612,288 bytes disponíveis

242

:angry:

Editado por RafaZ7

Compartilhar este post


Link para o post
Compartilhar em outros sites

Se você tivesse lido as regras antes de postar não teria tido problemas.

http://forum.clubedohardware.com.br/caso-nao-tenha/539136

http://forum.clubedohardware.com.br/nao-responda-seu/386252

Tópico fechado.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×