Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Pokah

Ajuda - Logs =P

Recommended Posts

Amigos reclamaram de mensagens indo no msn com propagandas...

tenho o notebook a alguns meses e não deu problema, até agora ..

DDS (Ver_09-03-16.01) - NTFSx86

Run by Bruno at 18:22:16,49 on 08/04/2009

Internet Explorer: 7.0.6001.18000

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.55.1046.18.3061.1608 [GMT -3:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\aestsrv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\rundll32.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Real\RealPlayer\realplay.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\Bruno\Documents\Downloads\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com.br/ig/dell?hl=pt-BR&client=dell-row&channel=br&ibd=4090115

uWindow Title = Internet Explorer fornecido por Dell

uDefault_Page_URL = hxxp://www.google.com.br/ig/dell?hl=pt-BR&client=dell-row&channel=br&ibd=4090115

uSearch Bar = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [Google Update] "c:\users\bruno\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-19 114768]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-1-14 73728]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-19 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-2-19 51792]

R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-4-6 33256]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-15 111616]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2009-1-15 235520]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2009-1-15 7424]

S2 gupdate1c9afd07204be77;Google Update Service (gupdate1c9afd07204be77);c:\program files\google\update\GoogleUpdate.exe [2009-3-28 133104]

S3 GoogleDesktopManager-092308-165331;Gerenciador do Google Desktop 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-14 30192]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-4-5 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-4-5 79104]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2009-1-23 61504]

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2009-1-23 9328]

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2009-1-23 97056]

S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2009-1-23 88560]

S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2009-1-23 86368]

=============== Created Last 30 ================

2009-04-06 15:41 33,256 a------- c:\windows\system32\drivers\hssdrv.sys

2009-04-06 15:41 <DIR> --d----- c:\program files\Hotspot Shield

2009-04-05 17:21 131,072 a------- c:\windows\system32\drivers\Mkd2kfNT.sys

2009-04-05 17:21 79,104 a------- c:\windows\system32\drivers\Mkd2Nadr.sys

2009-04-05 17:18 <DIR> --d----- c:\program files\AhnLab

2009-04-05 17:16 <DIR> a-d----- c:\programdata\TEMP

2009-03-28 16:47 <DIR> --d----- c:\program files\K-Lite Codec Pack

2009-03-28 15:55 <DIR> --d----- c:\program files\WinAVI Video Converter

2009-03-28 15:09 <DIR> --d----- c:\programdata\Google Updater

2009-03-28 14:59 <DIR> --d----- c:\program files\common files\xing shared

2009-03-21 00:01 107,888 a------- c:\windows\system32\CmdLineExt.dll

2009-03-20 23:37 <DIR> --d----- c:\users\bruno\appdata\roaming\DAEMON Tools Pro

2009-03-20 23:36 <DIR> --d----- c:\programdata\DAEMON Tools Lite

2009-03-20 23:36 <DIR> --d----- c:\progra~2\DAEMON Tools Lite

2009-03-20 23:36 <DIR> --d----- c:\program files\DAEMON Tools Lite

2009-03-20 23:15 717,296 a------- c:\windows\system32\drivers\sptd.sys

2009-03-20 23:14 <DIR> --d----- c:\users\bruno\appdata\roaming\DAEMON Tools Lite

2009-03-10 18:14 7,680 a------- c:\windows\system32\spwmp.dll

2009-03-10 18:14 8,147,456 a------- c:\windows\system32\wmploc.DLL

2009-03-10 18:14 4,096 a------- c:\windows\system32\msdxm.ocx

2009-03-10 18:14 4,096 a------- c:\windows\system32\dxmasf.dll

2009-03-10 18:14 268,288 a------- c:\windows\system32\schannel.dll

2009-03-10 18:14 2,033,152 a------- c:\windows\system32\win32k.sys

==================== Find3M ====================

2009-04-08 15:34 634,222 a------- c:\windows\system32\prfh0416.dat

2009-04-08 15:34 121,888 a------- c:\windows\system32\prfc0416.dat

2009-04-06 15:42 143,360 a------- c:\windows\inf\infstrng.dat

2009-04-06 15:42 51,200 a------- c:\windows\inf\infpub.dat

2009-04-06 15:42 86,016 a------- c:\windows\inf\infstor.dat

2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll

2009-02-09 15:56 67,584 a------- c:\windows\system32\ff_vfw.dll

2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll

2009-01-20 02:23 65,536 a------- c:\windows\IFinst27.exe

2009-01-15 03:31 665,600 a------- c:\windows\inf\drvindex.dat

2009-01-15 03:31 15,872 a------- c:\windows\system32\hcrstco.dll

2009-01-15 03:31 8,704 a------- c:\windows\system32\hccoin.dll

2009-01-15 03:31 26,112 a------- c:\windows\system32\hidserv.dll

2009-01-15 03:31 22,016 a------- c:\windows\system32\hid.dll

2009-01-15 03:30 468,992 a------- c:\windows\system32\newdev.dll

2009-01-15 03:30 74,752 a------- c:\windows\system32\newdev.exe

2009-01-15 03:30 172,032 a------- c:\windows\system32\scrrun.dll

2009-01-15 03:30 430,080 a------- c:\windows\system32\vbscript.dll

2009-01-15 03:30 180,224 a------- c:\windows\system32\scrobj.dll

2009-01-15 03:30 155,648 a------- c:\windows\system32\wscript.exe

2009-01-15 03:30 135,168 a------- c:\windows\system32\cscript.exe

2009-01-15 03:30 90,112 a------- c:\windows\system32\wshext.dll

2009-01-15 03:28 738,304 a------- c:\windows\system32\inetcomm.dll

2009-01-15 03:28 269,312 a------- c:\windows\system32\es.dll

2009-01-15 03:25 361,984 a------- c:\windows\system32\IPSECSVC.DLL

2009-01-15 03:24 303,616 a------- c:\windows\system32\wmpeffects.dll

2009-01-15 03:22 885,248 a------- c:\windows\system32\RacEngn.dll

2009-01-15 03:22 1,314,816 a------- c:\windows\system32\quartz.dll

2009-01-15 03:21 1,695,744 a------- c:\windows\system32\gameux.dll

2009-01-15 03:21 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll

2009-01-15 03:21 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll

2009-01-15 03:21 801,280 a------- c:\windows\system32\NaturalLanguage6.dll

2009-01-15 03:17 408,064 a------- c:\windows\system32\msinfo32.exe

2009-01-15 03:17 2,560 a------- c:\windows\apppatch\AcRes.dll

2009-01-15 03:17 246,840 a------- c:\windows\system32\clfs.sys

2009-01-15 03:11 827,392 a------- c:\windows\system32\wininet.dll

2008-01-21 03:29 318,818 a------- c:\windows\inf\perflib\0416\perfi.dat

2008-01-21 03:29 318,818 a------- c:\windows\inf\perflib\0416\perfh.dat

2008-01-21 03:29 37,412 a------- c:\windows\inf\perflib\0416\perfd.dat

2008-01-21 03:29 37,412 a------- c:\windows\inf\perflib\0416\perfc.dat

2008-01-20 23:57 174 a--sh--- c:\program files\desktop.ini

2006-11-02 06:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 06:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 06:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 06:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:22:37,08 ===============

GMER 1.0.15.14966 - http://www.gmer.net

Rootkit scan 2009-04-08 18:49:31

Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

INT 0x62 ? 85156F00

INT 0x72 ? 85156F00

INT 0x72 ? 85156F00

INT 0x72 ? 85156F00

INT 0x82 ? 85156F00

INT 0x82 ? 85156F00

INT 0x82 ? 85156F00

INT 0x82 ? 85156F00

INT 0xA2 ? 84780ED8

INT 0xB2 ? 85112BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spbq.sys O sistema não pode encontrar o caminho especificado. !

.text USBPORT.SYS!DllUnload 8E1434CB 5 Bytes JMP 851564E0

.text aboez8am.SYS 8D90F000 22 Bytes [26, D2, C1, 81, 10, D1, C1, ...]

.text aboez8am.SYS 8D90F017 145 Bytes [00, 32, 07, 7A, 80, 3D, 05, ...]

.text aboez8am.SYS 8D90F0A9 35 Bytes [C0, C9, 81, A0, B7, C9, 81, ...]

.text aboez8am.SYS 8D90F0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]

.text aboez8am.SYS 8D90F0DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]

.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806976D2] \SystemRoot\System32\Drivers\spbq.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80697040] \SystemRoot\System32\Drivers\spbq.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806977FC] \SystemRoot\System32\Drivers\spbq.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806970BE] \SystemRoot\System32\Drivers\spbq.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069713C] \SystemRoot\System32\Drivers\spbq.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A7048] \SystemRoot\System32\Drivers\spbq.sys

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortNotification] CC000CC2

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortMoveMemory] 00012284

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0

IAT \SystemRoot\System32\Drivers\aboez8am.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[692] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000E0002

IAT C:\Windows\system32\services.exe[692] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000E0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 851141F8

Device \FileSystem\fastfat \FatCdrom 8986C1F8

Device \Driver\volmgr \Device\VolMgrControl 847821F8

Device \Driver\usbuhci \Device\USBPDO-0 86971500

Device \Driver\usbuhci \Device\USBPDO-1 86971500

Device \Driver\usbehci \Device\USBPDO-2 869821F8

Device \Driver\usbuhci \Device\USBPDO-3 86971500

Device \Driver\usbuhci \Device\USBPDO-4 86971500

Device \Driver\PCI_PNP9393 \Device\00000055 spbq.sys

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-5 86971500

Device \Driver\usbehci \Device\USBPDO-6 869821F8

Device \Driver\sptd \Device\3250215409 spbq.sys

Device \Driver\volmgr \Device\HarddiskVolume1 847821F8

Device \Driver\volmgr \Device\HarddiskVolume2 847821F8

Device \Driver\cdrom \Device\CdRom0 869C2500

Device \Driver\volmgr \Device\HarddiskVolume3 847821F8

Device \Driver\cdrom \Device\CdRom1 869C2500

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 851131F8

Device \Driver\atapi \Device\Ide\IdePort0 851131F8

Device \Driver\volmgr \Device\HarddiskVolume4 847821F8

Device \Driver\netbt \Device\NetBt_Wins_Export 87013500

Device \Driver\Smb \Device\NetbiosSmb 870514D8

Device \Driver\iScsiPrt \Device\RaidPort0 869E71F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 86971500

Device \Driver\usbuhci \Device\USBFDO-1 86971500

Device \Driver\netbt \Device\NetBT_Tcpip_{8D2C703A-2423-4007-957F-E1ABB5D9794B} 87013500

Device \Driver\usbehci \Device\USBFDO-2 869821F8

Device \Driver\usbuhci \Device\USBFDO-3 86971500

Device \Driver\usbuhci \Device\USBFDO-4 86971500

Device \Driver\usbuhci \Device\USBFDO-5 86971500

Device \Driver\usbehci \Device\USBFDO-6 869821F8

Device \Driver\netbt \Device\NetBT_Tcpip_{161A2AE7-2E27-4879-A447-38C20F6BFC17} 87013500

Device \Driver\aboez8am \Device\Scsi\aboez8am1Port3Path0Target0Lun0 869C91F8

Device \Driver\aboez8am \Device\Scsi\aboez8am1 869C91F8

Device \FileSystem\fastfat \Fat 8986C1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gerenciador de Filtro do Filesystem Microsoft/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 84A471F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1F 0xBC 0xA9 0x58 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x24 0xC9 0x08 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBD 0x6C 0xE9 0xDA ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1F 0xBC 0xA9 0x58 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x24 0xC9 0x08 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBD 0x6C 0xE9 0xDA ...

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\LogFiles\HTTPERR\httperr1.log (size mismatch) 16763/16625 bytes

File C:\Windows\System32\LogFiles\Scm\SCM.EVM (size mismatch) 425984/360448 bytes

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Pokah

Bem vindo à Remoção de Malware

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-la novamente.

Atente para o seguinte, por favor:

1) Estarei acompanhado os procedimentos de análise de seu log, retornarei tão logo que seja possível!;

2) Não tome nenhum procedimento até começarmos;

3) O que será passado aqui somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;

4) Caso tenha outro computador abra um novo tópico com seu respectivo log;

5) Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;

6) Sempre coloque suas respostas neste tópico... Não abra outro!

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Pokah

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 09-04-13.07 - Bruno 2009-04-12 22:35.1 - NTFSx86

    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1046.18.3061.1761 [GMT -3:00]

    Executando de: c:\users\Bruno\Desktop\ComboFix.exe

    * Criado um novo ponto de restauro

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\users\Bruno\AppData\Local\Temp\install_flash_player.exe

    c:\windows\system32\msconfig.exe

    c:\windows\system32\pthreadGC2.dll

    c:\windows\system32\x64

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-03-13 to 2009-04-13 ))))))))))))))))))))))))))))

    .

    2009-04-11 01:07 . 2008-07-08 17:29 1654869 ----a-w c:\users\All Users\DynuEncrypt.dll

    2009-04-11 01:07 . 2008-07-08 17:29 1654869 ----a-w c:\programdata\DynuEncrypt.dll

    2009-04-09 21:24 . 2009-04-10 18:07 69 ----a-w c:\windows\NeroDigital.ini

    2009-04-09 21:22 . 2009-04-09 22:36 -------- d-----w c:\users\Bruno\AppData\Roaming\Nero

    2009-04-09 21:07 . 2009-04-09 21:07 4767 ----a-w c:\windows\Irremote.ini

    2009-04-09 20:50 . 2009-04-09 20:59 -------- d-----w c:\users\All Users\Nero

    2009-04-09 20:50 . 2009-04-09 20:59 -------- d-----w c:\programdata\Nero

    2009-04-09 00:52 . 2009-04-09 00:52 -------- d-----w c:\users\Bruno\AppData\Roaming\Codemonster

    2009-04-09 00:50 . 2009-04-09 00:50 -------- d-----w c:\users\Bruno\AppData\Local\DesktopSearch

    2009-04-06 18:41 . 2009-03-23 21:30 33256 ----a-w c:\windows\system32\drivers\hssdrv.sys

    2009-04-05 20:21 . 2008-10-17 08:50 79104 ----a-w c:\windows\system32\drivers\Mkd2Nadr.sys

    2009-04-05 20:21 . 2008-10-17 08:50 131072 ----a-w c:\windows\system32\drivers\Mkd2kfNT.sys

    2009-04-05 20:16 . 2009-04-10 17:30 -------- d---a-w c:\users\All Users\TEMP

    2009-04-05 20:16 . 2009-04-10 17:30 -------- d---a-w c:\programdata\TEMP

    2009-03-28 19:47 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll

    2009-03-28 19:47 . 2008-10-03 12:30 414 ----a-w c:\windows\system32\lame_acm.xml

    2009-03-28 19:47 . 2008-09-24 18:41 839680 ----a-w c:\windows\system32\lameACM.acm

    2009-03-28 19:47 . 2007-09-21 00:52 118784 ----a-w c:\windows\system32\ac3acm.acm

    2009-03-28 19:47 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll

    2009-03-28 19:47 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll

    2009-03-28 19:47 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll

    2009-03-28 19:47 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll

    2009-03-28 19:47 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll

    2009-03-28 19:47 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll

    2009-03-28 19:47 . 2009-02-09 18:56 67584 ----a-w c:\windows\system32\ff_vfw.dll

    2009-03-28 19:47 . 2007-07-10 16:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest

    2009-03-28 18:09 . 2009-04-12 05:13 -------- d-----w c:\users\All Users\Google Updater

    2009-03-28 18:09 . 2009-04-12 05:13 -------- d-----w c:\programdata\Google Updater

    2009-03-21 03:01 . 2009-03-21 03:01 107888 ----a-w c:\windows\system32\CmdLineExt.dll

    2009-03-21 02:37 . 2009-03-21 02:37 -------- d-----w c:\users\Bruno\AppData\Roaming\DAEMON Tools Pro

    2009-03-21 02:37 . 2009-03-21 02:37 -------- d-----w c:\users\Bruno\AppData\Roaming\DAEMON Tools

    2009-03-21 02:36 . 2009-03-21 02:36 -------- d-----w c:\users\All Users\DAEMON Tools Lite

    2009-03-21 02:36 . 2009-03-21 02:36 -------- d-----w c:\programdata\DAEMON Tools Lite

    2009-03-21 02:15 . 2009-03-21 02:15 717296 ----a-w c:\windows\system32\drivers\sptd.sys

    2009-03-21 02:14 . 2009-03-21 02:38 -------- d-----w c:\users\Bruno\AppData\Roaming\DAEMON Tools Lite

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-04-13 00:28 . 2008-01-21 06:32 634222 ----a-w c:\windows\System32\prfh0416.dat

    2009-04-13 00:28 . 2008-01-21 06:32 121888 ----a-w c:\windows\System32\prfc0416.dat

    2009-04-11 01:07 . 2009-04-11 01:07 10190 ----a-w C:\PatchLog.txt

    2009-04-10 13:10 . 2009-01-20 02:55 -------- d-----w c:\users\Bruno\AppData\Roaming\uTorrent

    2009-04-09 21:22 . 2009-04-09 20:50 -------- d-----w c:\program files\Common Files\Nero

    2009-04-09 21:06 . 2009-04-09 20:50 -------- d-----w c:\program files\Nero

    2009-04-09 00:49 . 2009-04-09 00:49 -------- d-----w c:\program files\Codemonster

    2009-04-08 20:45 . 2009-01-19 17:03 -------- d-----w c:\programdata\Roxio

    2009-04-08 20:12 . 2009-01-15 00:53 -------- d--h--w c:\program files\InstallShield Installation Information

    2009-04-08 19:40 . 2009-01-31 04:41 -------- d-----w c:\program files\Windows Live Safety Center

    2009-04-06 18:46 . 2009-04-06 18:41 -------- d-----w c:\program files\Hotspot Shield

    2009-04-06 18:42 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat

    2009-04-06 18:42 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat

    2009-04-06 18:42 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat

    2009-04-05 21:39 . 2009-01-15 00:51 -------- d-----w c:\program files\Java

    2009-04-05 20:18 . 2009-04-05 20:18 -------- d-----w c:\program files\AhnLab

    2009-03-28 19:48 . 2009-03-28 19:47 -------- d-----w c:\program files\K-Lite Codec Pack

    2009-03-28 18:55 . 2009-03-28 18:55 -------- d-----w c:\program files\WinAVI Video Converter

    2009-03-28 18:10 . 2009-01-15 01:04 -------- d-----w c:\program files\Google

    2009-03-28 17:59 . 2009-03-28 17:59 -------- d-----w c:\program files\Common Files\xing shared

    2009-03-28 17:58 . 2009-01-20 04:53 -------- d-----w c:\program files\Common Files\Real

    2009-03-21 02:36 . 2009-03-21 02:36 -------- d-----w c:\program files\DAEMON Tools Lite

    2009-03-16 03:44 . 2009-01-15 01:03 -------- d-----w c:\program files\Common Files\Adobe

    2009-03-09 08:19 . 2009-02-18 23:12 410984 ----a-w c:\windows\System32\deploytk.dll

    2009-03-08 23:22 . 2009-03-08 23:21 -------- d-----w c:\users\Bruno\AppData\Roaming\CyberLink

    2009-03-08 23:21 . 2009-01-15 01:07 -------- d-----w c:\programdata\CyberLink

    2009-03-08 17:09 . 2009-03-08 17:08 -------- d-----w c:\users\Bruno\AppData\Roaming\Ventrilo

    2009-03-08 17:00 . 2009-03-08 17:00 -------- d-----w c:\program files\Ventrilo

    2009-03-08 16:59 . 2009-03-08 16:59 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

    2009-03-02 20:12 . 2009-03-02 20:12 -------- d-----w c:\program files\Aspyr

    2009-02-24 18:22 . 2009-01-15 01:09 -------- d-----w c:\programdata\Dell

    2009-02-20 19:58 . 2009-02-20 19:58 -------- d-----w c:\program files\TeXnicCenter

    2009-02-20 19:52 . 2009-02-20 19:52 -------- d-----w c:\programdata\MiKTeX

    2009-02-20 19:50 . 2009-02-20 19:46 -------- d-----w c:\program files\MiKTeX 2.7

    2009-02-19 14:38 . 2009-01-15 01:12 -------- d-----w c:\programdata\McAfee

    2009-02-19 14:35 . 2009-02-19 14:35 -------- d-----w c:\program files\Alwil Software

    2009-02-17 23:04 . 2009-01-30 21:16 680 ----a-w c:\users\Bruno\AppData\Local\d3d9caps.dat

    2009-02-09 03:10 . 2009-03-10 21:14 2033152 ----a-w c:\windows\System32\win32k.sys

    2009-02-06 21:52 . 2009-02-06 21:52 49504 ----a-w c:\windows\System32\sirenacm.dll

    2009-01-29 19:13 . 2009-01-19 14:10 67760 ----a-w c:\users\Bruno\AppData\Local\GDIPFONTCACHEV1.DAT

    2009-01-20 05:23 . 2009-01-20 05:23 65536 ----a-w c:\windows\IFinst27.exe

    2009-01-15 06:32 . 2009-01-15 06:32 4747 ---ha-r C:\dell.sdr

    2009-01-15 06:31 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat

    2009-01-15 06:31 . 2009-01-15 06:31 8704 ----a-w c:\windows\System32\hccoin.dll

    2009-01-15 06:31 . 2009-01-15 06:31 15872 ----a-w c:\windows\System32\hcrstco.dll

    2009-01-15 06:31 . 2009-01-15 06:31 26112 ----a-w c:\windows\System32\hidserv.dll

    2009-01-15 06:31 . 2009-01-15 06:31 22016 ----a-w c:\windows\System32\hid.dll

    2009-01-15 06:30 . 2009-01-15 06:30 74752 ----a-w c:\windows\System32\newdev.exe

    2009-01-15 06:30 . 2009-01-15 06:30 468992 ----a-w c:\windows\System32\newdev.dll

    2009-01-15 06:30 . 2009-01-15 06:30 172032 ----a-w c:\windows\System32\scrrun.dll

    2009-01-15 06:30 . 2009-01-15 06:30 90112 ----a-w c:\windows\System32\wshext.dll

    2009-01-15 06:30 . 2009-01-15 06:30 430080 ----a-w c:\windows\System32\vbscript.dll

    2009-01-15 06:30 . 2009-01-15 06:30 180224 ----a-w c:\windows\System32\scrobj.dll

    2009-01-15 06:30 . 2009-01-15 06:30 155648 ----a-w c:\windows\System32\wscript.exe

    2009-01-15 06:30 . 2009-01-15 06:30 135168 ----a-w c:\windows\System32\cscript.exe

    2009-01-15 06:28 . 2009-01-15 06:28 738304 ----a-w c:\windows\System32\inetcomm.dll

    2009-01-15 06:28 . 2009-01-15 06:28 269312 ----a-w c:\windows\System32\es.dll

    2009-01-15 06:25 . 2009-01-15 06:25 361984 ----a-w c:\windows\System32\IPSECSVC.DLL

    2009-01-15 06:24 . 2009-01-15 06:24 303616 ----a-w c:\windows\System32\wmpeffects.dll

    2009-01-15 06:22 . 2009-01-15 06:22 885248 ----a-w c:\windows\System32\RacEngn.dll

    2009-01-15 06:22 . 2009-01-15 06:22 1314816 ----a-w c:\windows\System32\quartz.dll

    2009-01-15 06:21 . 2009-01-15 06:21 1695744 ----a-w c:\windows\System32\gameux.dll

    2009-01-15 06:21 . 2009-01-15 06:21 801280 ----a-w c:\windows\System32\NaturalLanguage6.dll

    2009-01-15 06:21 . 2009-01-15 06:21 2644480 ----a-w c:\windows\System32\NlsLexicons0009.dll

    2009-01-15 06:21 . 2009-01-15 06:21 12240896 ----a-w c:\windows\System32\NlsLexicons0007.dll

    2009-01-15 06:17 . 2009-01-15 06:17 408064 ----a-w c:\windows\System32\msinfo32.exe

    2009-01-15 06:17 . 2009-01-15 06:17 2560 ----a-w c:\windows\AppPatch\AcRes.dll

    2009-01-15 06:17 . 2009-01-15 06:17 246840 ----a-w c:\windows\System32\clfs.sys

    2009-01-15 06:11 . 2009-02-11 18:46 827392 ----a-w c:\windows\System32\wininet.dll

    2008-01-21 02:57 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini

    2009-01-15 00:55 . 2009-01-15 00:55 75 --sh--r c:\windows\CT4CET.bin

    2009-04-12 22:50 . 2006-11-02 12:45 262144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

    2009-04-12 22:48 . 2009-04-12 22:48 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    2009-04-12 22:48 . 2009-04-12 22:48 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    2009-04-02 23:46 . 2009-04-02 23:46 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    2009-04-02 23:46 . 2009-04-02 23:46 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    2009-04-02 23:46 . 2009-04-02 23:46 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    2009-04-13 01:40 . 2006-11-02 12:45 262144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

    2009-04-13 01:34 . 2009-01-19 14:05 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    2009-04-13 01:34 . 2009-01-19 14:05 49152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    2009-04-13 01:34 . 2009-01-19 14:05 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    2009-01-15 06:18 . 2009-01-15 06:17 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]

    "Google Update"="c:\users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-19 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]

    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]

    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]

    "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 3563520]

    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-14 30192]

    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-06 184320]

    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]

    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]

    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-28 198160]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-01-14 50688]

    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-02-22 1193240]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

    2009-01-14 22:14 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1493594016-1342899587-1099061355-1000]

    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

    "{3C344979-20EC-48A7-BB53-42A1F5029353}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

    "{29BF34D0-DE53-458A-877E-4679D154E422}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

    "{CCC24745-E796-49D7-B53C-479DB29FAB59}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

    "{B0D70AFB-F094-481E-9C70-87CA0F34B370}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

    "{BE9D03A2-9E94-4325-B522-A91A05DD6528}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

    "{6EFB87A7-240A-43E6-BFF3-335050BC6C7B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

    "TCP Query User{DD983155-CE5B-4629-9E22-1B215DA67AE9}c:\\program files\\ongame\\gunboundwc\\gunbound.gme"= UDP:c:\program files\ongame\gunboundwc\gunbound.gme:GunBound

    "UDP Query User{1B179F89-32BB-4514-9C2F-9B1B6623EF0C}c:\\program files\\ongame\\gunboundwc\\gunbound.gme"= TCP:c:\program files\ongame\gunboundwc\gunbound.gme:GunBound

    "TCP Query User{BA2A5549-0862-4DF9-8790-7193A8779974}c:\\users\\bruno\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\bruno\appdata\local\google\chrome\application\chrome.exe:chrome.exe

    "UDP Query User{24E7D57E-1110-4CCE-B798-93550898207C}c:\\users\\bruno\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\bruno\appdata\local\google\chrome\application\chrome.exe:chrome.exe

    "TCP Query User{B5F7C25F-E8A3-4615-BCA8-D2E88A3EA9DA}c:\\program files\\aspyr\\guitar hero aerosmith\\guitar hero aerosmith.exe"= UDP:c:\program files\aspyr\guitar hero aerosmith\guitar hero aerosmith.exe:Guitar Hero: Aerosmith

    "UDP Query User{8A37C6EC-0B4D-45CB-A042-D9F1E190EB79}c:\\program files\\aspyr\\guitar hero aerosmith\\guitar hero aerosmith.exe"= TCP:c:\program files\aspyr\guitar hero aerosmith\guitar hero aerosmith.exe:Guitar Hero: Aerosmith

    "TCP Query User{63ED54B7-728F-45C5-AC01-D4CA674958EE}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

    "UDP Query User{BA24C98B-B439-4707-B6B0-8C0DC77C942A}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

    "TCP Query User{77F97184-A6AA-49A4-9DD4-FDE1B676ECDC}c:\\program files\\aspyr\\guitar hero aerosmith\\guitar hero aerosmith.exe"= UDP:c:\program files\aspyr\guitar hero aerosmith\guitar hero aerosmith.exe:Guitar Hero: Aerosmith

    "UDP Query User{4AB9CFE9-68DB-42BF-A4FD-FAE6B2107BA6}c:\\program files\\aspyr\\guitar hero aerosmith\\guitar hero aerosmith.exe"= TCP:c:\program files\aspyr\guitar hero aerosmith\guitar hero aerosmith.exe:Guitar Hero: Aerosmith

    "{5CBCEE38-1A0C-4192-98E2-A474342652A5}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

    "{923DAE71-3B69-4116-994D-78A95129B13A}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

    "TCP Query User{2B8BB3C5-FF93-4EFE-BBDE-E5EB979DF008}c:\\users\\bruno\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\bruno\appdata\local\google\chrome\application\chrome.exe:chrome.exe

    "UDP Query User{68AEEE18-25BC-4846-B849-5E9AD5EB1632}c:\\users\\bruno\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\bruno\appdata\local\google\chrome\application\chrome.exe:chrome.exe

    "TCP Query User{73418A52-03BA-440A-A0C6-1DE55E631215}c:\\program files\\ongame\\gunboundwc\\gunbound.gme"= UDP:c:\program files\ongame\gunboundwc\gunbound.gme:GunBound

    "UDP Query User{43E75005-6516-4C93-A756-4061D7E6158B}c:\\program files\\ongame\\gunboundwc\\gunbound.gme"= TCP:c:\program files\ongame\gunboundwc\gunbound.gme:GunBound

    R2 gupdate1c9afd07204be77;Google Update Service (gupdate1c9afd07204be77);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 133104]

    R3 GoogleDesktopManager-092308-165331;Gerenciador do Google Desktop 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-14 30192]

    R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]

    R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]

    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-17 2794234]

    R3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2006-11-07 61504]

    R3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]

    R3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]

    R3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]

    R3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w200obex.sys [2006-11-07 86368]

    S1 aswSP;avast! Self Protection; [x]

    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]

    S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]

    S3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\DRIVERS\HssDrv.sys [2009-03-23 33256]

    S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]

    S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 235520]

    S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3fc4331-febc-11dd-b3bf-00242b341396}]

    \shell\AutoRun\command - wscript.exe .vbs

    \shell\open\command - wscript.exe .vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f876ef9e-ff9c-11dd-b42c-001ec9fb5fa8}]

    \shell\AutoRun\command - wscript.exe .\.vbs

    \shell\open\command - wscript.exe .\.vbs

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2009-04-12 c:\windows\Tasks\Google Software Updater.job

    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-28 15:09]

    2009-04-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 15:10]

    2009-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1493594016-1342899587-1099061355-1000.job

    - c:\users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-19 14:59]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.com.br/ig/dell?hl=pt-BR&client=dell-row&channel=br&ibd=4090115

    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-04-12 22:39

    Windows 6.0.6001 Service Pack 1 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2009-04-12 22:41

    ComboFix-quarantined-files.txt 2009-04-13 01:41

    Pré-execução: 40.371.240.960 bytes disponíveis

    Pós execução: 42,739,597,312 bytes disponíveis

    258 --- E O F --- 2009-04-06 18:22

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Pokah

    Etapa nº 1 #

    0) Copiar (ctrl + c) e colar (ctrl + v) o conteúdo abaixo num bloco de notas... Depois ir em salvar como, em salvar como tipo escolher Todos os arquivos e salve no Desktop com o nome FixMP.reg e reserve o arquivo. Note, seu arquivo deve apresentar este aspecto regfile.gif

    REGEDIT4

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3fc4331-febc-11dd-b3bf-00242b341396}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f876ef9e-ff9c-11dd-b42c-001ec9fb5fa8}]

    >>> Salve o arquivo na pasta

    Desktop da conta Administrador

    C:\Documents and Settings\Administrador\Desktop <- a PASTA

    Etapa nº 2 #

    Por questão de segurança sugiro que faça um backup do Registro:

    iniciar > executar > digite regedit, selecionar meu computador no alto vá arquivo > exportar. Abrirá uma janela cujo título é Exportar arquivo do Registro; no fim dela verá um subtitulo Intervalo de Exportação, deixe a opção Tudo selecionada. Escolha um lugar e salve com um nome que você identifique caso precise!

    >>> Reinicie em Modo de Seguro (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

    Etapa nº 3 #

    Clique duas vezes no arquivo criado FixMP.reg e responda sim a pergunta.Reinicie o computador.

    Etapa nº 4 #

    Em Modo Normal

    Temporariamente desative o seu anti-virus!

    Faça um Online Scan em kaspersky Virusscanner

    • Clique em Clipboard01-1.jpg
    • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
    • Aguarde a instalação e a atualização e depois clique em Clipboard013.jpg
    • Clique agora em Clipboard016.jpg
    • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
      • Scan using the following Anti-Virus database:

      • Extended (if available otherwise Standard)
    • Scan Options:

    • Scan Archives Scan Mail Bases
    Clique Clipboard014.jpgClique em My Computer para que seja feito um Scan completo no seu sistema.Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.No final do Scan, clique no botão Save as TextSalve o log com os resultados e cole o conteúdo na sua próxima mensagem.Gere e cole também um novo log do HijackThis.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Friday, April 17, 2009

    Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)

    Kaspersky Online Scanner version: 7.0.26.13

    Program database last update: Friday, April 17, 2009 01:48:46

    Records in database: 2052043

    Scan settings

    Scan using the following database extended

    Scan archives yes

    Scan mail databases yes

    Scan area My Computer

    C:\

    D:\

    E:\

    F:\

    Scan statistics

    Files scanned 140920

    Threat name 0

    Infected objects 0

    Suspicious objects 0

    Duration of the scan 01:22:23

    No malware has been detected. The scan area is clean.

    The selected area was scanned.

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 00:17:51, on 17/04/2009

    Platform: Windows Vista SP1 (WinNT 6.00.1905)

    MSIE: Internet Explorer v7.00 (7.00.6001.18226)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\DellTPad\Apoint.exe

    C:\Windows\OEM02Mon.exe

    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

    C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    C:\Windows\System32\WLTRAY.EXE

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\Dell\MediaDirect\PCMService.exe

    C:\Program Files\Dell Support Center\bin\sprtcmd.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Program Files\DellTPad\ApMsgFwd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Alwil Software\Avast4\ashDisp.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe

    C:\Program Files\Digital Line Detect\DLG.exe

    C:\Program Files\Dell\QuickSet\quickset.exe

    C:\Program Files\DellTPad\HidFind.exe

    C:\Program Files\DellTPad\Apntex.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\Windows Live\Contacts\wlcomm.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe

    C:\Program Files\Java\jre6\bin\java.exe

    C:\Windows\system32\rundll32.exe

    C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Bruno\AppData\Local\Temp\Temp3_HiJackThis.zip\HijackThis.exe

    C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

    O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

    O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

    O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: [Google Update] "C:\Users\Bruno\AppData\Local\Google\Update\GoogleUpdate.exe" /c

    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O13 - Gopher Prefix:

    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: Gerenciador do Google Desktop 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

    O23 - Service: Google Update Service (gupdate1c9afd07204be77) (gupdate1c9afd07204be77) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --

    End of file - 8892 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Pokah

    Log limpo :)

    Etapa nº 1 #

    Vamos desinstalar o ComboFix:

    Vá em,

    iniciar > executar e digite Combofix /u e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido!

    Etapa nº 2 #

    Faça download do OTCleanIt by OldTimer

    • Salve no seu desktop (área/ambiente de trabalho).
    • Duplo-clique no icone otcleanitdesktopicon.png
    • Clique no botão "Cleanup" 8gehxg0.gif
    • Permita que o seu computador seja reiniciado.

    <<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×