Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
eduardosilvabm

Analizem meu log por favor!

Recommended Posts

por favor ajudem aqui!

eu estava com alguns virus e malwares... apos ei passar o combofix deu uma grande melhorada, porém acho q ainda estou sujo...

e tambem não consigo mais acessar meu itau bankline.

grato pela ajuda.

Logfile of HijackThis v1.99.1

Scan saved at 15:35:13, on 30/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

C:\ARQUIVOS DE PROGRAMAS\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe

C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\ApvxdWin.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\arquivos de programas\Realtek\pRM.exe

C:\arquivos de programas\Realtek\pRO.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [krn] C:\arquivos de programas\Realtek\Realtek.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

e o log do combofix:

ComboFix 08-09-28.05 - usuario 2008-09-30 14:47:02.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1533 [GMT -3:00]

Executando de: C:\Documents and Settings\usuario\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\usuario\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Documents and Settings\usuario\Cookies\usuario@baixecomrapidez[1].txt

C:\Documents and Settings\usuario\Cookies\usuario@youtube[1].txt

C:\otyh.cmd

C:\WINDOWS\msn.exe

C:\WINDOWS\system32\ckvo.exe

C:\WINDOWS\system32\ckvo0.dll

C:\wjlfhtfm.cmd

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-28 to 2008-09-30 ))))))))))))))))))))))))))))))))

.

2008-09-30 13:44 . 2008-09-01 19:32 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-09-30 13:44 . 2008-09-01 16:07 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-09-30 13:44 . 2008-09-01 16:07 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-09-30 13:44 . 2008-09-01 16:07 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-09-30 13:44 . 2008-09-01 16:07 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-09-30 13:44 . 2008-09-30 14:47 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-09-30 13:44 . 2008-09-01 16:07 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-09-30 13:44 . 2008-09-01 16:07 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-09-30 13:44 . 2008-09-30 13:44 <DIR> d-------- C:\Documents and Settings\Administrador

2008-09-30 09:59 . 2008-09-30 09:59 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-09-30 04:41 . 2008-09-30 13:11 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC

2008-09-30 04:13 . 2008-09-30 04:13 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Panda Security

2008-09-30 04:13 . 2008-09-30 04:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Panda Security

2008-09-30 04:10 . 2008-09-30 04:13 <DIR> d-------- C:\Arquivos de programas\Panda Security

2008-09-30 04:10 . 2008-09-30 04:10 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Panda Security

2008-09-30 04:10 . 2008-02-07 12:03 179,640 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2008-09-30 04:10 . 2008-03-04 15:59 41,144 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2008-09-30 04:10 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-09-29 21:24 . 2008-09-30 13:39 <DIR> d-------- C:\Arquivos de programas\Panda

2008-09-29 09:49 . 2008-09-30 11:30 <DIR> d-------- C:\Arquivos de programas\Worms Armageddon

2008-09-29 09:49 . 2008-09-29 09:51 <DIR> d-------- C:\Arquivos de programas\Worms Ar

2008-09-27 20:00 . 2008-09-27 20:00 122 --a------ C:\WINDOWS\wa.INI

2008-09-27 17:03 . 1997-08-26 12:06 315,904 --a------ C:\WINDOWS\IsUninst.exe

2008-09-27 17:02 . 2008-09-27 17:02 <DIR> d-------- C:\Documents and Settings\usuario\WINDOWS

2008-09-27 16:03 . 2008-09-27 16:03 <DIR> d-------- C:\Arquivos de programas\TryMedia

2008-09-27 11:27 . 2008-09-27 11:33 <DIR> d-------- C:\Arquivos de programas\SopCast

2008-09-27 11:27 . 2008-09-30 12:39 <DIR> d-------- C:\Arquivos de programas\Megacubo

2008-09-25 14:51 . 2008-09-25 17:22 <DIR> d--h----- C:\Arquivos de programas\Realtek

2008-09-24 07:34 . 2008-09-25 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NFS Underground

2008-09-24 07:30 . 2008-09-24 07:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DirectX

2008-09-24 07:00 . 2008-09-24 07:00 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-09-24 06:54 . 2008-09-24 06:54 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\DAEMON Tools

2008-09-24 06:54 . 2008-09-24 06:54 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-09-24 06:43 . 2008-09-24 06:43 <DIR> d-------- C:\Arquivos de programas\EA GAMES

2008-09-21 06:22 . 2008-09-21 06:22 <DIR> d-------- C:\DVDVideoSoft

2008-09-21 06:22 . 2008-09-21 06:22 <DIR> d-------- C:\Arquivos de programas\DVDVideoSoft

2008-09-21 06:22 . 2008-09-21 06:22 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

2008-09-21 06:22 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-09-20 11:09 . 2008-04-13 11:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-09-20 11:09 . 2008-04-13 11:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-09-18 20:55 . 2001-09-05 23:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-09-18 20:55 . 2001-09-05 23:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-09-18 20:55 . 2008-04-13 11:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-09-18 20:55 . 2008-04-13 11:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-09-17 18:33 . 2008-09-17 19:39 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\TowerTorneosPoker

2008-09-17 18:32 . 2008-09-17 18:33 <DIR> d-------- C:\Arquivos de programas\TowerTorneosPoker

2008-09-16 12:28 . 2008-09-16 12:30 226,056 --a------ C:\WINDOWS\pegaid.exe

2008-09-16 12:27 . 2008-09-16 12:27 0 ---hs---- C:\WINDOWS\system32\win32spx.ini

2008-09-16 12:25 . 2008-09-16 12:27 1,126,152 --a------ C:\WINDOWS\system32\winlogonn.exe

2008-09-12 21:10 . 2008-09-29 01:04 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-09-12 21:10 . 2008-09-29 01:04 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-09-12 21:10 . 2008-09-12 21:55 22,328 --a------ C:\Documents and Settings\usuario\Dados de aplicativos\PnkBstrK.sys

2008-09-12 21:09 . 2008-09-12 21:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-09-12 21:09 . 2008-09-12 22:00 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-09-12 21:09 . 2008-09-12 21:55 335 --a------ C:\WINDOWS\game.ini

2008-09-12 21:05 . 2008-09-12 21:05 <DIR> d-------- C:\Arquivos de programas\Activision

2008-09-12 07:10 . 2008-09-12 07:10 <DIR> d-------- C:\Arquivos de programas\Sweet Home 3D

2008-09-11 12:05 . 2008-09-17 08:52 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\BrOffice.org2

2008-09-11 11:33 . 2008-09-17 08:55 <DIR> d-------- C:\Arquivos de programas\BrOffice.org 2.4

2008-09-09 23:02 . 2008-09-09 23:02 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\InstallShield

2008-09-09 23:02 . 2008-09-28 02:05 <DIR> d-------- C:\Arquivos de programas\Garena

2008-09-09 00:14 . 2008-09-09 00:14 <DIR> d-------- C:\Arquivos de programas\ACDSee32

2008-09-09 00:14 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\system32\Pcdlib32.dll

2008-09-09 00:09 . 2008-09-23 14:17 <DIR> d-------- C:\WINDOWS\system\KID

2008-09-07 08:30 . 2008-09-11 22:31 90 --a------ C:\WINDOWS\Worms Armageddon.INI

2008-09-06 02:13 . 2008-09-06 02:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NOS

2008-09-06 02:13 . 2008-09-06 02:13 <DIR> d-------- C:\Arquivos de programas\NOS

2008-09-05 15:52 . 2008-09-05 17:05 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Desktopicon

2008-09-05 15:52 . 2008-09-14 23:11 <DIR> d-------- C:\Arquivos de programas\VDOWNLOADER

2008-09-05 14:26 . 2008-09-30 12:34 <DIR> d-------- C:\Arquivos de programas\Emule

2008-09-05 11:07 . 2008-09-05 11:07 <DIR> d-------- C:\Arquivos de programas\CoolSMS

2008-09-05 10:13 . 2008-09-27 22:52 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-09-05 10:12 . 2008-09-05 11:23 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Media Player Classic

2008-09-04 16:36 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll

2008-09-04 16:36 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll

2008-09-04 16:36 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-09-04 00:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-09-04 00:51 . 2008-09-04 00:51 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-09-04 00:37 . 2008-09-08 19:02 <DIR> d-------- C:\Arquivos de programas\Windows Live Toolbar

2008-09-03 23:44 . 2008-09-16 12:03 <DIR> d-------- C:\Documents and Settings\usuario\Contacts

2008-09-03 23:43 . 2008-09-08 18:32 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-09-03 23:04 . 2008-09-03 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-09-03 23:04 . 2008-09-08 19:02 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-09-03 23:04 . 2008-09-03 23:16 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-09-03 09:18 . 2008-09-03 09:18 <DIR> d-------- C:\Games

2008-09-03 06:50 . 2008-09-03 07:19 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Winamp

2008-09-03 06:50 . 2008-09-27 17:59 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-09-03 01:17 . 2008-09-03 01:17 <DIR> d-------- C:\Worms 3D

2008-09-03 00:22 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-09-03 00:19 . 2008-09-03 00:19 <DIR> d-------- C:\Arquivos de programas\Ubisoft

2008-09-02 23:52 . 2008-09-28 16:32 <DIR> d-------- C:\Call of Duty 2

2008-09-02 22:53 . 2008-09-30 13:28 <DIR> d-------- C:\Downloads

2008-09-02 22:43 . 2008-09-02 22:43 <DIR> d-------- C:\Arquivos de programas\Google

2008-09-02 22:23 . 2008-09-02 22:23 <DIR> d---s---- C:\Documents and Settings\usuario\UserData

2008-09-02 22:09 . 2008-09-02 22:10 <DIR> d-------- C:\Arquivos de programas\18 WoS Pedal to the Metal

2008-09-02 22:06 . 2008-09-02 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2008-09-02 22:05 . 2008-09-02 22:05 <DIR> d-------- C:\Arquivos de programas\Valusoft

2008-09-02 07:04 . 2008-09-02 07:04 <DIR> d-------- C:\Arquivos de programas\Positivo

2008-09-02 06:44 . 2008-09-02 06:44 <DIR> d-------- C:\Arquivos de programas\Foxit Software

2008-09-02 06:36 . 2008-09-02 06:43 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Ahead

2008-09-02 06:35 . 2008-09-02 06:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-09-02 06:35 . 2008-09-02 06:43 <DIR> d-------- C:\Arquivos de programas\VS Revo Group

2008-09-02 06:35 . 2008-09-02 06:35 <DIR> d-------- C:\Arquivos de programas\Nero

2008-09-02 06:35 . 2008-09-02 06:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-09-02 06:28 . 2008-09-02 06:28 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-09-02 06:18 . 2008-09-02 06:18 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-09-02 06:18 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll

2008-09-02 06:18 . 2008-09-02 06:18 421 --a------ C:\WINDOWS\ODBC.INI

2008-09-02 06:17 . 2008-09-02 06:18 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-09-02 06:16 . 2008-09-02 06:16 <DIR> dr-h----- C:\MSOCache

2008-09-01 21:25 . 2008-06-14 14:34 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-09-01 21:25 . 2008-06-14 14:34 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-09-01 21:16 . 2008-09-01 23:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-09-01 21:16 . 2005-02-25 00:34 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-09-01 21:12 . 2008-09-01 21:12 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-09-01 21:12 . 2003-03-18 18:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-09-01 21:12 . 2003-03-19 05:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL

2008-09-01 21:12 . 2003-02-21 13:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL

2008-09-01 21:12 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-09-01 21:02 . 2008-09-01 21:02 <DIR> d-------- C:\WINDOWS\system32\Atheros_L2

2008-09-01 21:02 . 2008-09-30 04:13 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2008-09-01 21:02 . 2008-09-02 07:04 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-09-01 21:01 . 2008-09-01 21:01 <DIR> d-------- C:\WINDOWS\ASUSInstAll

2008-09-01 21:00 . 2008-09-01 21:00 <DIR> d-------- C:\Arquivos de programas\Intel

2008-09-01 20:59 . 2008-09-01 20:59 <DIR> d-------- C:\Intel

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-24 20:55 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-09-01 22:35 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-09-01 22:34 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-09-01 22:34 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 18:38 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 17:48 193,280 ----a-w C:\WINDOWS\system32\TpUtil.dll

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:11 668,160 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:48 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-18 21:03 87,296 ----a-w C:\WINDOWS\system32\PavLspHook.dll

2008-06-18 21:03 55,552 ----a-w C:\WINDOWS\system32\pavipc.dll

2008-06-18 21:03 520,448 ----a-w C:\WINDOWS\system32\PavSHook.dll

2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432]

"krn"="C:\arquivos de programas\Realtek\Realtek.exe" [2008-09-25 4197888]

"APVXDWIN"="C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-07-16 857344]

"SCANINICIO"="C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2008-04-13 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 16:58 58672 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-11-16 19:04 139264 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS]

--a------ 2007-08-28 16:01 1067520 C:\Arquivos de programas\CoolSMS\CoolSMS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-06-28 13:43 8466432 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-06-28 13:43 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win32spx]

--a------ 2008-09-16 12:27 1126152 C:\WINDOWS\system32\winlogonn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2008-08-12 12:22 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-06-28 13:43 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2008-08-12 12:23 16855552 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

--a------ 2008-08-12 12:23 1826816 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Games\\Counter-Strike Source\\hl2.exe"=

"C:\\Worms 3D\\WORMS3D\\bin\\Worms3D.exe"=

"C:\\Arquivos de programas\\Emule\\emule.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Garena\\Garena.exe"=

"C:\\Arquivos de programas\\Ubisoft\\Techland\\Call of Juarez\\CoJ.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Arquivos de programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\EA GAMES\\Need For Speed Underground\\Speed.exe"=

"C:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\Arquivos de programas\\Worms Armageddon\\Worms Armageddon.exe"=

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9150:TCP"= 9150:TCP:BitComet 9150 TCP

"9150:UDP"= 9150:UDP:BitComet 9150 UDP

R0 pavboot;Panda boot driver;C:\WINDOWS\system32\Drivers\pavboot.sys [2008-06-19 28544]

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]

R2 Gwmsrv;Panda Goodware Cache Manager;C:\WINDOWS\system32\svchost -k Panda [ ]

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-07 179640]

R2 PskSvcRetail;Panda PSK service;C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe [2008-06-25 28928]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 29696]

R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [ ]

R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [ ]

R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [ ]

S3 AVPsys;AVPsys;C:\WINDOWS\system32\drivers\tdi.sys [2008-09-24 19072]

S3 getPlus® Helper;getPlus® Helper;C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

panda REG_MULTI_SZ Gwmsrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02593289-7b2a-11dd-be2d-001e8cd9a745}]

\Shell\AutoRun\command - F:\wjlfhtfm.cmd

\Shell\explore\Command - F:\wjlfhtfm.cmd

\Shell\open\Command - F:\wjlfhtfm.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3eedbca5-78cf-11dd-be20-001e8cd9a745}]

\Shell\AutoRun\command - E:\kk3.bat

\Shell\explore\Command - E:\kk3.bat

\Shell\open\Command - E:\kk3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b760158-7953-11dd-be27-001e8cd9a745}]

\Shell\AutoRun\command - vxl.exe

\Shell\explore\Command - vxl.exe

\Shell\open\Command - vxl.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73d29453-7ac2-11dd-be2b-001e8cd9a745}]

\Shell\AutoRun\command - E:\ov.cmd

\Shell\explore\Command - E:\ov.cmd

\Shell\open\Command - E:\ov.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb98d5eb-86a4-11dd-be47-001e8cd9a745}]

\Shell\AutoRun\command - E:\xk2n.bat

\Shell\explore\Command - E:\xk2n.bat

\Shell\open\Command - E:\xk2n.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb98d5ee-86a4-11dd-be47-001e8cd9a745}]

\Shell\AutoRun\command - F:\xk2n.bat

\Shell\explore\Command - F:\xk2n.bat

\Shell\open\Command - F:\xk2n.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd98f6fa-8ede-11dd-be5d-001e8cd9a745}]

\Shell\AutoRun\command - F:\otyh.cmd

\Shell\explore\Command - F:\otyh.cmd

\Shell\open\Command - F:\otyh.cmd

*Newly Created Service* - PROCEXP90

.

- - - - ORFAOS REMOVIDOS - - - -

HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe

MSConfigStartUp-kamsoft - C:\WINDOWS\system32\ckvo.exe

MSConfigStartUp-orkut - C:\WINDOWS\orkut.exe

MSConfigStartUp-win32process - C:\WINDOWS\process.exe

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.br/

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-30 14:47:57

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-09-30 14:48:22

ComboFix-quarantined-files.txt 2008-09-30 17:48:19

Pre-Run: 11 pasta(s) 199.032.786.944 bytes disponíveis

Post-Run: 15 pasta(s) 200,548,847,616 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

314 --- E O F --- 2008-09-10 06:03:01

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste um log do Hijackthis por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×