Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
marcioasan

Log Hijackthis - Há infecção??

Recommended Posts

Olá pessoal, estou postando o log do hijackthis para que, por gentileza, o analisem.

Eu usava o norton antivirus, mas a subscription expirou e instalei o AVG 8, mas não sei se durante a instalação do novo antivírus o computador ficou vulnerável fazendo surgir várias mensagens de trojans.

Já há algum tempo, o notebook apresenta uma certa lentidão e algumas funções como a reprodução automática, quando se insere um pendrive ou cd/dvd, deixaram de funcionar. Não sei se por bugs do Win Vista Premium ou algum vírus/malware.

Segue o log, obrigado.

Logfile of HijackThis v1.99.1

Scan saved at 14:36:06, on 14/12/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe

C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe

C:\Program Files\MicroPower Software\Delta Translator 2.0\DWinTrsl.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Webshots\webshots.scr

C:\Windows\system32\agrsmsvc.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\FreezeScreenSaver.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Windows\system32\lxbkcoms.exe

C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\eclipse\eclipse.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe

c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE

C:\Toshiba\IVP\ISM\pinger.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

C:\Windows\system32\vmnat.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\vmnetdhcp.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Owner\Desktop\HijackThis\HijackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\CONFLICT.1\gbiehabn.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"

O4 - HKLM\..\Run: [servicioSpeedy] "C:\Program Files\Telefonica\Speedy\SATCfgApp.exe"

O4 - HKLM\..\Run: [ApacheTomcatMonitor] "C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe" //MS//Tomcat6

O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [WindowsTranslator] C:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\efcddbxV.dll,#1

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sidebar] "C:\Program Files\windows sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{92C1FD52-4646-4CD0-BDDD-241EE116CA96}

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O8 - Extra context menu item: Baixar com o FDM - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: WRNotifier - C:\Windows\SYSTEM32\WRLogonNTF.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: FreezeScreenSaver - Unknown owner - C:\Windows\system32\FreezeScreenSaver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe

O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)

O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)

O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)

O23 - Service: MySQL501 - Unknown owner - C:\Program.exe (file missing)

O23 - Service: OracleDBConsoleDBA1 - Oracle Corporation - C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe

O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe

O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - C:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe

O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe

O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe

O23 - Service: OracleServiceDBA1 - Oracle Corporation - c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE

O23 - Service: OracleServiceORCL - Oracle Corporation - c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE

O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)

O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: Apache Tomcat (Tomcat6) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe" //RS//Tomcat6 (file missing)

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download de DDS e salve no desktop.

  • Temporariamente desative os seus programas de proteção.
  • Duplo clique em dds.scr.
  • Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
  • Quando terminar, o DDS.txt irá abrir.
  • Surgirá também uma nova caixa "D.D.S - Optional_Scan", clique em Sim.
  • Uma nova janela do Bloco de Notas irá abrir com o log "Attach.txt".
  • Uma caixa final irá surgir, clique em OK.
  • Salve ambos os resultados (DDS.txt e Attach.txt) e cole-os na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Olá, obrigado pela resposta. Segui as instruções, mas não apareceu a caixa "D.D.S - Optional_Scan",

    Seguem os logs:

    DDS.txt

    DDS (Version 1.1.0) - NTFSx86

    Run by Owner at 21:44:26,91 on 06/01/2009

    Internet Explorer: 7.0.6001.18000

    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1917.753 [GMT -2:00]

    AV: AVG Internet Security 3-pack *On-access scanning enabled* (Updated)

    FW: AVG Firewall *enabled*

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\system32\Ati2evxx.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\Ati2evxx.exe

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\PROGRA~1\GbPlugin\GbpSv.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Windows\RtHDVCpl.exe

    C:\Program Files\Synaptics\SynTP\SynTPStart.exe

    C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe

    C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\MicroPower Software\Delta Translator 2.0\DWinTrsl.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

    C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

    C:\Program Files\Synaptics\SynTP\SynToshiba.exe

    C:\Program Files\LogMeIn\x86\LMIGuardian.exe

    C:\Program Files\AVG\AVG8\avgtray.exe

    C:\Program Files\SweetIM\Messenger\SweetIM.exe

    C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\Webshots\webshots.scr

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Windows\system32\agrsmsvc.exe

    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    C:\PROGRA~1\AVG\AVG8\avgfws8.exe

    C:\Program Files\CA\SCM\bkrd.exe

    C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe

    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

    C:\Windows\system32\FreezeScreenSaver.exe

    C:\Program Files\LogMeIn\x86\RaMaint.exe

    C:\Program Files\LogMeIn\x86\LogMeIn.exe

    C:\PROGRA~1\AVG\AVG8\avgam.exe

    C:\PROGRA~1\AVG\AVG8\avgrsx.exe

    C:\Program Files\LogMeIn\x86\LMIGuardian.exe

    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

    C:\Windows\system32\lxbkcoms.exe

    C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe

    C:\PROGRA~1\AVG\AVG8\avgnsx.exe

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

    C:\Program Files\CA\SharedComponents\PEC\bin\rtserver.exe

    C:\Program Files\CA\SCM\hserver.exe

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

    C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe

    C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

    C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe

    C:\Program Files\CA\SCM\hserver.exe

    C:\Program Files\CA\SCM\hserver.exe

    c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE

    C:\Toshiba\IVP\ISM\pinger.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files\CA\SCM\hserver.exe

    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    c:\Toshiba\IVP\swupdate\swupdtmr.exe

    C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

    C:\Windows\system32\TODDSrv.exe

    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

    C:\Program Files\CA\SCM\hserver.exe

    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

    C:\Windows\system32\vmnat.exe

    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\vmnetdhcp.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\system32\UI0Detect.exe

    C:\Program Files\Windows Live\Messenger\usnsvc.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\servicing\TrustedInstaller.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\ehome\mcupdate.EXE

    C:\Windows\System32\svchost.exe -k swprv

    C:\Toshiba\IVP\ISM\ivpsvmgr.exe

    C:\Program Files\AVG\AVG8\avgui.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\RacAgent.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Users\Owner\Desktop\dds.scr

    C:\Windows\system32\conime.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.toshibadirect.com/dpdstart

    mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

    uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll

    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

    BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540007} - c:\windows\downloaded program files\conflict.1\gbiehabn.dll

    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll

    BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

    TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

    uRun: [TOSCDSPD] TOSCDSPD.EXE

    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

    uRun: [sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun

    uRun: [RunSpySweeperScheduleAtStartup] "c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{92C1FD52-4646-4CD0-BDDD-241EE116CA96}

    uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"

    uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background

    uRun: [ares] "c:\program files\ares\Ares.exe" -h

    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

    mRun: [RtHDVCpl] RtHDVCpl.exe

    mRun: [synTPStart] "c:\program files\synaptics\syntp\SynTPStart.exe"

    mRun: [servicioSpeedy] "c:\program files\telefonica\speedy\SATCfgApp.exe"

    mRun: [ApacheTomcatMonitor] "c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6w.exe" //MS//Tomcat6

    mRun: [lxbkbmgr.exe] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"

    mRun: [WindowsTranslator] c:\progra~1\microp~1\deltat~1.0\DWinTrsl.exe

    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

    mRun: [vmware-tray] c:\program files\vmware\vmware workstation\vmware-tray.exe

    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

    mRun: [spySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray

    mRun: [MSServer] rundll32.exe c:\windows\system32\efcddbxV.dll,#1

    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

    mRun: [sweetIM] c:\program files\sweetim\messenger\SweetIM.exe

    StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe

    mPolicies-system: EnableLUA = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: Baixar com o FDM - file://c:\program files\free download manager\dllink.htm

    IE: Baixar tudo com o FDM - file://c:\program files\free download manager\dlall.htm

    IE: Download selecionado pelo FDM - file://c:\program files\free download manager\dlselected.htm

    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

    Trusted Zone: realsecureweb.com.br\www

    Trusted Zone: realsecureweb.com.br\www2

    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

    Notify: WRNotifier - WRLogonNTF.dll

    AppInit_DLLs: avgrsstx.dll

    SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399007} - c:\windows\downloaded program files\conflict.1\gbiehabn.dll

    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    SEH: {bd3c6f7c-6c8d-48f6-ac52-5e4071aeb257} - c:\windows\system32\efcddbxV.dll

    ================= FIREFOX ===================

    FF - ProfilePath -

    ATTENTION: FIREFOX POLICES IS IN FORCE

    c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    ============= SERVICES / DRIVERS ===============

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-14 12936]

    R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;c:\windows\system32\drivers\SSFS0BB8.sys [2008-12-10 20280]

    R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2008-12-14 23832]

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-14 98440]

    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-14 90632]

    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-8-22 7168]

    R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-14 231704]

    R4 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2008-12-14 1212184]

    R4 CA SCM Broker Service;CA SCM Broker Service;c:\program files\ca\scm\bkrd.exe [2008-7-4 168448]

    R4 CA_LIC_CLNT;CA License Client;c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe [2005-1-14 126976]

    R4 FreezeScreenSaver;FreezeScreenSaver;c:\windows\system32\FreezeScreenSaver.exe [2008-9-7 69632]

    R4 GbpSv;GbpSv; [x]

    R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]

    R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-24 47640]

    R4 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2004-7-23 53248]

    R4 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]

    R4 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2008-2-26 205840]

    R4 MySQL501;MySQL501;"c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql501 --> c:\program files\mysql\mysql server 5.0\bin\mysqld-nt [?]

    R4 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\product\10.2.0\db_1\bin\tnslsnr --> c:\oracle\product\10.2.0\db_1\bin\TNSLSNR [?]

    R4 OracleServiceDBA1;OracleServiceDBA1;c:\oracle\product\10.2.0\db_1\bin\oracle.exe dba1 --> c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE DBA1 [?]

    S3 OracleDBConsoleDBA1;OracleDBConsoleDBA1;c:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe [2008-2-27 24064]

    S3 OracleServiceORCL;OracleServiceORCL;c:\oracle\product\10.2.0\db_1\bin\oracle.exe orcl --> c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE ORCL [?]

    S3 Tomcat6;Apache Tomcat;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2008-1-28 57344]

    S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]

    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2007-2-22 2808664]

    S4 OracleJobSchedulerDBA1;OracleJobSchedulerDBA1;c:\oracle\product\10.2.0\db_1\bin\extjob.exe dba1 --> c:\oracle\product\10.2.0\db_1\bin\extjob.exe DBA1 [?]

    S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\product\10.2.0\db_1\bin\extjob.exe orcl --> c:\oracle\product\10.2.0\db_1\bin\extjob.exe ORCL [?]

    ============== File Associations ===============

    vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

    vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

    jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

    =============== Created Last 30 ================

    2008-12-29 11:01 71 a------- c:\windows\HarvestDoc.INI

    2008-12-29 10:59 170 a------- c:\windows\HarvestWorkspace.INI

    2008-12-27 18:08 <DIR> --d----- c:\users\owner\.cascm

    2008-12-27 18:05 <DIR> --d----- c:\programdata\CA

    2008-12-27 18:05 <DIR> --d----- c:\progra~2\CA

    2008-12-27 16:58 141 a------- c:\windows\ODBC.INI

    2008-12-27 16:16 339 a------- C:\__Argon__.tmp

    2008-12-27 16:14 <DIR> --d----- c:\program files\CA

    2008-12-14 19:09 <DIR> --d----- c:\program files\SweetIM

    2008-12-14 19:09 <DIR> --d----- c:\programdata\SweetIM

    2008-12-14 19:09 <DIR> --d----- c:\progra~2\SweetIM

    2008-12-14 19:03 <DIR> --d----- c:\users\owner\BBC

    2008-12-14 12:54 2,048 a------- c:\windows\system32\tzres.dll

    2008-12-14 12:29 90,632 a------- c:\windows\system32\drivers\avgtdix.sys

    2008-12-14 12:29 23,832 a------- c:\windows\system32\drivers\avgfwd6x.sys

    2008-12-14 11:44 <DIR> --d-h--- C:\$AVG8.VAULT$

    2008-12-14 11:28 371 a--sh--- c:\windows\system32\dKRAKnmp.ini2

    2008-12-14 11:28 371 a--sh--- c:\windows\system32\dKRAKnmp.ini

    2008-12-14 11:27 10,520 a------- c:\windows\system32\avgrsstx.dll

    2008-12-14 11:27 12,936 a------- c:\windows\system32\drivers\avgrkx86.sys

    2008-12-14 11:26 98,440 a------- c:\windows\system32\drivers\avgldx86.sys

    2008-12-14 11:26 <DIR> --d----- c:\windows\system32\drivers\Avg

    2008-12-14 11:26 <DIR> --d----- c:\programdata\avg8

    2008-12-14 11:26 <DIR> --d----- c:\program files\AVG

    2008-12-14 11:26 <DIR> --d----- c:\progra~2\avg8

    2008-12-14 10:12 <DIR> --d----- c:\users\owner\appdata\roaming\Kingston

    2008-12-14 09:33 296,960 a------- c:\windows\system32\gdi32.dll

    2008-12-14 09:33 28,672 a------- c:\windows\system32\Apphlpdm.dll

    2008-12-14 09:33 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

    2008-12-14 09:33 2,927,104 a------- c:\windows\explorer.exe

    2008-12-14 09:32 827,392 a------- c:\windows\system32\wininet.dll

    2008-12-14 09:32 2,868,736 a------- c:\windows\system32\mf.dll

    2008-12-14 09:32 996,352 a------- c:\windows\system32\WMNetMgr.dll

    2008-12-14 09:32 94,720 a------- c:\windows\system32\logagent.exe

    2008-12-10 20:35 160,056 a------- c:\windows\system32\drivers\ssidrv.sys

    2008-12-10 20:35 23,864 a------- c:\windows\system32\drivers\sskbfd.sys

    2008-12-10 20:35 21,816 a------- c:\windows\system32\drivers\sshrmd.sys

    2008-12-10 20:35 20,280 a------- c:\windows\system32\drivers\SSFS0BB8.sys

    2008-12-10 20:35 1,520,952 a------- c:\windows\WRSetup.dll

    2008-12-10 20:35 <DIR> --d----- c:\users\owner\appdata\roaming\Webroot

    2008-12-10 20:35 <DIR> --d----- c:\programdata\Webroot

    2008-12-10 20:35 <DIR> --d----- c:\program files\Webroot

    2008-12-10 20:35 <DIR> --d----- c:\progra~2\Webroot

    2008-12-10 20:28 0 a---h--- C:\ProgramData.LOG2

    2008-12-10 20:28 0 a---h--- C:\ProgramData.LOG1

    ==================== Find3M ====================

    2008-12-29 20:41 51,200 a------- c:\windows\inf\infpub.dat

    2008-12-29 20:41 143,360 a------- c:\windows\inf\infstrng.dat

    2008-12-14 12:33 86,016 a------- c:\windows\inf\infstor.dat

    2008-11-01 01:44 52,736 a------- c:\windows\apppatch\iebrshim.dll

    2008-11-01 01:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll

    2008-11-01 01:44 541,696 a------- c:\windows\apppatch\AcLayers.dll

    2008-11-01 01:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll

    2008-11-01 01:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll

    2008-10-22 01:57 241,152 a------- c:\windows\system32\PortableDeviceApi.dll

    2008-10-21 03:25 1,645,568 a------- c:\windows\system32\connect.dll

    2008-10-16 20:35 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll

    2008-10-16 20:35 28,984 a------- c:\windows\system32\LMIport.dll

    2008-10-16 20:35 10,040 a------- c:\windows\system32\lmimirr2.dll

    2008-10-16 20:35 23,736 a------- c:\windows\system32\lmimirr.dll

    2008-10-16 20:35 87,352 a------- c:\windows\system32\LMIinit.dll

    2008-10-16 18:56 1,524,736 a------- c:\windows\system32\wucltux.dll

    2008-10-16 18:55 83,456 a------- c:\windows\system32\wudriver.dll

    2008-10-16 14:08 162,064 a------- c:\windows\system32\wuwebv.dll

    2008-10-16 13:56 31,232 a------- c:\windows\system32\wuapp.exe

    2008-09-07 14:58 774,144 a------- c:\program files\RngInterstitial.dll

    2008-07-29 19:38 174 a--sh--- c:\program files\desktop.ini

    2008-07-29 19:18 665,600 a------- c:\windows\inf\drvindex.dat

    2008-07-13 20:03 0 a------- c:\users\owner\appdata\roaming\wklnhst.dat

    2007-05-07 19:09 786 a------- c:\program files\installmanifest.properties

    2006-11-02 10:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat

    2006-11-02 10:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat

    2006-11-02 10:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat

    2006-11-02 10:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat

    2006-11-02 07:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

    2006-11-02 07:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

    2006-11-02 07:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

    2006-11-02 07:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

    2008-04-24 21:14 32,768 a--sh--- c:\windows\temp\cookies\index.dat

    2008-04-24 21:14 131,072 a--sh--- c:\windows\temp\history\history.ie5\index.dat

    2008-04-24 21:14 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

    ============= FINISH: 21:47:02,10 ===============

    Attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Version 1.0)

    Microsoft® Windows Vista™ Home Premium

    Boot Device: \Device\HarddiskVolume2

    Install Date: 18/09/2007 22:09:28

    System Uptime: 01/06/2009 21:28:14 (-3504 hours ago)

    Motherboard: ATI | | SB600

    Processor: AMD Turion 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 1600/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 147 GiB total, 28,186 GiB free.

    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

    Description: Microsoft 6to4 Adapter

    Device ID: ROOT\*6TO4MP\0004

    Manufacturer: Microsoft

    Name: 6TO4 Adapter

    PNP Device ID: ROOT\*6TO4MP\0004

    Service: tunnel

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

    Description: Microsoft 6to4 Adapter

    Device ID: ROOT\*6TO4MP\0006

    Manufacturer: Microsoft

    Name: 6TO4 Adapter

    PNP Device ID: ROOT\*6TO4MP\0006

    Service: tunnel

    ==== System Restore Points ===================

    ==== Installed Programs ======================

    2007 Microsoft Office Suite Service Pack 1 (SP1)

    ABBYY FineReader 5.0 Sprint

    Activation Assistant for the 2007 Microsoft Office suites

    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Reader 8.1.2

    Adobe Reader 8.1.2 Security Update 1 (KB403742)

    Apache Tomcat 6.0 (remove only)

    Arquivo do WinRAR

    Assistente de Conexão do Windows Live

    Atheros Driver Installation Program

    ATI Catalyst Install Manager

    AVG 8.0

    Bluetooth Stack for Windows by Toshiba

    ButtonDemo

    CA Enterprise Communicator

    CA Licensing

    CA Software Change Manager Client

    CA Software Change Manager Server

    Camera Assistant Software for Toshiba

    Catalyst Control Center - Branding

    Catalyst Control Center Core Implementation

    Catalyst Control Center Graphics Full Existing

    Catalyst Control Center Graphics Full New

    Catalyst Control Center Graphics Light

    Catalyst Control Center Graphics Previews Vista

    Catalyst Control Center Localization Chinese Standard

    Catalyst Control Center Localization Chinese Traditional

    Catalyst Control Center Localization Czech

    Catalyst Control Center Localization Danish

    Catalyst Control Center Localization Dutch

    Catalyst Control Center Localization Finnish

    Catalyst Control Center Localization French

    Catalyst Control Center Localization German

    Catalyst Control Center Localization Greek

    Catalyst Control Center Localization Hungarian

    Catalyst Control Center Localization Italian

    Catalyst Control Center Localization Japanese

    Catalyst Control Center Localization Korean

    Catalyst Control Center Localization Norwegian

    Catalyst Control Center Localization Polish

    Catalyst Control Center Localization Portuguese

    Catalyst Control Center Localization Russian

    Catalyst Control Center Localization Spanish

    Catalyst Control Center Localization Swedish

    Catalyst Control Center Localization Thai

    Catalyst Control Center Localization Turkish

    ccc-core-static

    ccc-utility

    CCC Help Chinese Standard

    CCC Help Chinese Traditional

    CCC Help Czech

    CCC Help Danish

    CCC Help Dutch

    CCC Help English

    CCC Help Finnish

    CCC Help French

    CCC Help German

    CCC Help Greek

    CCC Help Hungarian

    CCC Help Italian

    CCC Help Japanese

    CCC Help Korean

    CCC Help Norwegian

    CCC Help Polish

    CCC Help Portuguese

    CCC Help Russian

    CCC Help Spanish

    CCC Help Swedish

    CCC Help Thai

    CCC Help Turkish

    CD/DVD Drive Acoustic Silencer

    Compatibility Pack for the 2007 Office system

    DVD MovieFactory for TOSHIBA

    EasyBCD 1.7.1

    eMule

    Free Download Manager 2.5

    GDR 3068 for SQL Server Analysis Services 2005 ENU (KB948109)

    GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)

    GDR 3068 for SQL Server Integration Services 2005 ENU (KB948109)

    GDR 3068 for SQL Server Notification Services 2005 ENU (KB948109)

    GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)

    GlassFish V2 UR2

    HijackThis 1.99.1

    Java 6 Update 2

    Lexmark X1100 Series

    Living Marine Aquarium 2 Screen Saver

    LogMeIn

    MicroPower Delta Translator 2.0

    Microsoft Office 2003 Web Components

    Microsoft Office Access MUI (Portuguese (Brazil)) 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

    Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

    Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

    Microsoft Office PowerPoint Viewer 2007 (English)

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (Portuguese (Brazil)) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (Portuguese (Brazil)) 2007

    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

    Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

    Microsoft Office Word MUI (Portuguese (Brazil)) 2007

    Microsoft SQL Server 2005

    Microsoft SQL Server 2005 Analysis Services

    Microsoft SQL Server 2005 Backward compatibility

    Microsoft SQL Server 2005 Books Online (English)

    Microsoft SQL Server 2005 Integration Services

    Microsoft SQL Server 2005 Notification Services

    Microsoft SQL Server 2005 Tools

    Microsoft SQL Server Native Client

    Microsoft SQL Server Setup Support Files (English)

    Microsoft SQL Server VSS Writer

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual Studio 2005 Premier Partner Edition - ENU

    Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)

    Microsoft Works

    Microsoft XML Parser

    Mozilla Firefox (3.0.4)

    MSXML 4.0 SP2 (KB927978)

    MSXML 4.0 SP2 (KB936181)

    MSXML 4.0 SP2 (KB941833)

    MSXML 4.0 SP2 (KB954430)

    MySQL Server 5.0

    MySQL Tools for 5.0

    NetBeans IDE 6.1

    Novo Dicionário Aurélio

    Oracle Data Provider for .NET Help

    QuickBooks Financial Center

    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

    Realtek High Definition Audio Driver

    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

    Security Update for 2007 Microsoft Office System (KB951550)

    Security Update for 2007 Microsoft Office System (KB951944)

    Security Update for 2007 Microsoft Office System (KB958439)

    Security Update for Microsoft Office Excel 2007 (KB958437)

    Security Update for Microsoft Office OneNote 2007 (KB950130)

    Security Update for Microsoft Office PowerPoint 2007 (KB951338)

    Security Update for Microsoft Office Publisher 2007 (KB950114)

    Security Update for Microsoft Office system 2007 (KB954326)

    Security Update for Microsoft Office system 2007 (KB956828)

    Security Update for Microsoft Office Word 2007 (KB956358)

    Security Update for Visio 2007 (KB947590)

    Security Update for Windows Media Encoder (KB954156)

    Service Pack 2 for SQL Server Analysis Services 2005 ENU (KB921896)

    Service Pack 2 for SQL Server Database Services 2005 ENU (KB921896)

    Service Pack 2 for SQL Server Integration Services 2005 ENU (KB921896)

    Service Pack 2 for SQL Server Notification Services 2005 ENU (KB921896)

    Service Pack 2 for SQL Server Tools and Workstation Components 2005 ENU (KB921896)

    Skins

    SopCast 3.0.3

    Speedy

    Spy Sweeper

    SQLXML4

    SweetIM for Messenger 2.6

    SweetIM Toolbar for Internet Explorer 3.3

    Synaptics Pointing Device Driver

    TOSHIBA Assist

    TOSHIBA Disc Creator

    TOSHIBA DVD PLAYER

    TOSHIBA Extended Tiles for Windows Mobility Center

    TOSHIBA Hardware Setup

    Toshiba Registration

    TOSHIBA SD Memory Utilities

    TOSHIBA Software Modem

    TOSHIBA Software Upgrades

    TOSHIBA Speech System Applications

    TOSHIBA Speech System SR Engine(U.S.) Version1.0

    TOSHIBA Speech System TTS Engine(U.S.) Version1.0

    TOSHIBA Supervisor Password

    Update for Microsoft Office Excel 2007 Help (KB957242)

    Update for Microsoft Office Outlook 2007 (KB952142)

    Update for Microsoft Office Outlook 2007 Help (KB957246)

    Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB932232)

    Update for Office 2007 (KB946691)

    Update for Outlook 2007 Junk Email Filter (kb958619)

    VMware Workstation

    Webshots Desktop

    Whales and Dolphins Screen Saver

    Winbond CIR Device Drivers

    Windows Live installer

    Windows Live Mail

    Windows Live Messenger

    Windows Media Encoder 9 Series

    ==== End Of File ===========================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    [*]Duplo clique no icone desktopicon.png que está no desktop.

    [*]Leia e aceite as condições, digitando 1 e enter.

    [*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado a Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde.

    [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

    [*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

    [*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×