Ir ao conteúdo
  • Cadastre-se
djalmao23

Análise de log

Recommended Posts

Por favor, solicito a análise do arquivo de log do meu laptop. A CPU opera com 100%, no limite da capacidade, muito lento. Agradeço antecipadamente. Abraço.

Runscanner logfile http://www.runscanner.net

* = signed file

- = file not found

General info

------------

Computer name : TOSHIBA

Creation time : 10/22/2008 11:35:13 PM

Hosts <> 127.0.0.1 : 21

Hosts file location : %SystemRoot%\System32\drivers\etc

IE version : 7.0.5730.11

OS : Microsoft Windows XP

OS Build : 2600

OS SP : Service Pack 3

RunScanner Version : 1.7.0.0

User Language : Português (Brasil)

User rights : Administrator

Windows folder : C:\WINDOWS

Running processes

-----------------

C:\WINDOWS\system32\shockwave.exe ( )

* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)

* C:\WINDOWS\system32\services.exe (Microsoft Corporation)

* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)

* C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)

* C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)

* C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)

* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)

* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

* C:\Arquivos de programas\Windows Live\Proteção para a Família\fsssvc.exe (Microsoft Corporation)

* C:\FirefoxPortable\App\firefox\firefox.exe (Mozilla Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* c:\windows\System32\smss.exe (Microsoft Corporation)

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe (Nero AG)

* C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)

* C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

c:\matlab6p1\bin\win32\matlab.exe (The MathWorks Inc.)

C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

C:\Arquivos de programas\Eset\nod32kui.exe (Eset )

C:\Arquivos de programas\Eset\nod32krn.exe (Eset )

* C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)

* C:\Documents and Settings\Luísa\Configurações locais\Temp\RunScanner.exe (Runscanner.net)

* C:\Arquivos de programas\Windows Defender\MsMpEng.exe (Microsoft Corporation)

* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe (Crawler.com)

* c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

* c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

* c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

* C:\Arquivos de programas\Windows Defender\MSASCui.exe (Microsoft Corporation)

* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

Unrated items

-------------

002 C:\Arquivos de programas\Eset\nod32kui.exe (Eset )

002 C:\WINDOWS\system32\shockwave.exe ( )

002 C:\ARQUIV~1\SPYWAR~2\SpywareTerminatorShield.exe (Crawler.com)

010 C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe (InCD Helper)

010 C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Java Quick Starter)

010 C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe (MATLAB Server)

010 C:\Arquivos de programas\Eset\nod32krn.exe (NOD32 Kernel Service)

010 C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe (Spyware Terminator Realtime Shield Service)

011 C:\WINDOWS\system32\Drivers\CO_Mon.sys (CO_Mon)

011 C:\WINDOWS\system32\drivers\cvintdrv.sys (cvintdrv)

011 C:\WINDOWS\system32\drivers\firewall.sys (F1rewall)

011 C:\WINDOWS\system32\drivers\incdrm.sys (InCD Reader)

011 C:\WINDOWS\System32\DRIVERS\InCDPass.sys (InCDPass)

011 C:\WINDOWS\system32\drivers\sp_rsdrv2.sys (Spyware Terminator Driver 2)

011 C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS (WAN Miniport (PPP over Ethernet Protocol))

011 C:\WINDOWS\system32\drivers\wsstario.sys (wsstario)

031 C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) {314111c7-a502-11d2-bbca-00c04f8ec294}

031 C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}

041 C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll {31CF9EBE-5755-4A1D-AC25-2834D952D9B4}

045 C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll {31CF9EBE-5755-4A1D-AC25-2834D952D9B4}

050 C:\ARQUIV~1\GbPlugin\gbieh.dll {E37CB5F0-51F5-4395-A808-5FA49E399F83}

052 GUID / CLSID not found {2E3C3651-B19C-4DD9-A979-901EC3E930AF}

052 C:\ARQUIV~1\GbPlugin\gbieh.dll {C41A1C0E-EA6C-11D4-B1B8-444553540000}

052 C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll {C451C08A-EC37-45DF-AAAD-18B51AB5E837}

060 GUID / CLSID not found {A3717295-941D-416F-9384-ED1736729F1C}

061 C:\ARQUIV~1\GbPlugin\gbieh.dll {E37CB5F0-51F5-4395-A808-5FA49E399F83}

061 C:\Arquivos de programas\Eset\nodshex.dll {B089FE88-FB52-11D3-BDF1-0050DA34150D}

061 C:\Arquivos de programas\Ahead\InCD\incdshx.dll (Nero AG) {950FF917-7A57-46BC-8017-59D9BF474000}

061 C:\Arquivos de programas\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}

061 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

061 C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}

061 C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79305-84BE-11CE-9641-444553540000}

061 C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79306-84BE-11CE-9641-444553540000}

061 C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79307-84BE-11CE-9641-444553540000}

062 C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

067 C:\Arquivos de programas\GbPlugin\gbieh.dll

068 C:\WINDOWS\system32\imon.dll (Eset )

068 C:\WINDOWS\system32\imon.dll (Eset )

068 C:\WINDOWS\system32\imon.dll (Eset )

068 C:\WINDOWS\system32\imon.dll (Eset )

068 C:\WINDOWS\system32\imon.dll (Eset )

068 C:\WINDOWS\system32\imon.dll (Eset )

069 C:\WINDOWS\system32\pdfcmnnt.dll (internet-support foehr.com)

073 Updater 1.job : C:\Arquivos de programas\ACD11\UPDATER.EXE (Advanced Chemistry Development Inc.)

073 Updater.job : C:\ACD\UPDATER.EXE (Advanced Chemistry Development Inc.)

100 Default_Page_URL HKLM : http://br.yahoo.com

100 SearchUrl HKCU : http://home.microsoft.com/access/autosearch.asp?p=%s

100 Start Page HKCU : http://www.globo.com/

100 Start Page HKLM : http://br.yahoo.com

104 GUID / CLSID not found {0246ECA8-996F-11D1-BE2F-00A0C9037DFE}

104 C:\WINDOWS\DOWNLO~1\STAUTO~1.OCX (IBM) {1EEDA174-3132-4AFC-9EEC-55BE29C87476}

104 C:\WINDOWS\Downloaded Program Files\inotes6.dll (IBM Corporation) {3BFFE033-BF43-11D5-A271-00A024A51325}

104 C:\WINDOWS\DOWNLO~1\STURLC~1.OCX (IBM) {D4B5D9AB-D565-4DAF-BF5C-4D07F1CAA6EE}

104 C:\ARQUIV~1\GbPlugin\GbpDist.dll {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931}

104 GUID / CLSID not found JavaConnect

105 E&xportar para o Microsoft Excel : res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

121 C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL (Google)

167 C:\Documents and Settings\Luísa\Dados de aplicativos\MicrosoftGenuine.exe (Microsoft Corporation)

173 C:\Arquivos de programas\Eset\nodshex.dll {B089FE88-FB52-11D3-BDF1-0050DA34150D}

173 C:\Arquivos de programas\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}

173 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

173 C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}

221 C:\Arquivos de programas\Eset\nodshex.dll {B089FE88-FB52-11D3-BDF1-0050DA34150D}

221 C:\Arquivos de programas\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}

221 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

221 C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}

223 C:\Arquivos de programas\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}

225 C:\Arquivos de programas\Eset\nodshex.dll {B089FE88-FB52-11D3-BDF1-0050DA34150D}

225 C:\Arquivos de programas\Eset\nodshex.dll {B089FE88-FB52-11D3-BDF1-0050DA34150D}

225 C:\Arquivos de programas\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}

225 C:\Arquivos de programas\Spyware Terminator\sptcontmenu.dll (Crawler.com) {BD88A479-9623-4897-8546-BC62B9628F44}

225 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

225 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

225 C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}

225 C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}

227 GUID / CLSID not found {BED4C38B-F765-45AC-8C56-613F76BBF43E}

227 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

227 C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}

229 C:\Arquivos de programas\Ahead\InCD\incdshx.dll (Nero AG) {950FF917-7A57-46BC-8017-59D9BF474000}

231 C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info

Missing files

-------------

011 C:\WINDOWS\system32\drivers\Abiosdsk.sys

011 C:\WINDOWS\system32\drivers\abp480n5.sys

011 C:\WINDOWS\system32\drivers\adpu160m.sys

011 C:\WINDOWS\system32\drivers\Aha154x.sys

011 C:\WINDOWS\system32\drivers\aic78u2.sys

011 C:\WINDOWS\system32\drivers\aic78xx.sys

011 C:\WINDOWS\system32\drivers\AliIde.sys

011 C:\WINDOWS\system32\drivers\amsint.sys

011 C:\WINDOWS\system32\drivers\asc.sys

011 C:\WINDOWS\system32\drivers\asc3350p.sys

011 C:\WINDOWS\system32\drivers\asc3550.sys

011 C:\WINDOWS\system32\drivers\Atdisk.sys

011 C:\WINDOWS\system32\drivers\cd20xrnt.sys

011 C:\WINDOWS\system32\drivers\Changer.sys

011 C:\WINDOWS\system32\drivers\CmdIde.sys

011 C:\WINDOWS\system32\drivers\Cpqarray.sys

011 C:\WINDOWS\system32\drivers\dac2w2k.sys

011 C:\WINDOWS\system32\drivers\dac960nt.sys

011 C:\WINDOWS\system32\drivers\dpti2o.sys

011 SYSTEM32\drivers\DS1410D.SYS

011 c:\windows\System32\Drivers\gpibclsb.sys

011 c:\windows\System32\Drivers\gpibclsd.sys

011 C:\WINDOWS\system32\drivers\hpn.sys

011 C:\WINDOWS\system32\drivers\i2omgmt.sys

011 C:\WINDOWS\system32\drivers\i2omp.sys

011 C:\WINDOWS\system32\drivers\ini910u.sys

011 C:\WINDOWS\system32\drivers\IntelIde.sys

011 C:\WINDOWS\system32\drivers\lbrtfdc.sys

011 C:\WINDOWS\system32\drivers\mraid35x.sys

011 c:\windows\system32\drivers\npf.sys

011 C:\WINDOWS\system32\drivers\PCIDump.sys

011 C:\WINDOWS\system32\drivers\PDCOMP.sys

011 C:\WINDOWS\system32\drivers\PDFRAME.sys

011 C:\WINDOWS\system32\drivers\PDRELI.sys

011 C:\WINDOWS\system32\drivers\PDRFRAME.sys

011 C:\WINDOWS\system32\drivers\perc2.sys

011 C:\WINDOWS\system32\drivers\perc2hib.sys

011 C:\WINDOWS\system32\drivers\ql1080.sys

011 C:\WINDOWS\system32\drivers\Ql10wnt.sys

011 C:\WINDOWS\system32\drivers\ql12160.sys

011 C:\WINDOWS\system32\drivers\ql1240.sys

011 C:\WINDOWS\system32\drivers\ql1280.sys

011 C:\WINDOWS\system32\drivers\Simbad.sys

011 C:\WINDOWS\system32\drivers\Sparrow.sys

011 C:\WINDOWS\system32\drivers\sym_hi.sys

011 C:\WINDOWS\system32\drivers\sym_u3.sys

011 C:\WINDOWS\system32\drivers\symc810.sys

011 C:\WINDOWS\system32\drivers\symc8xx.sys

011 C:\WINDOWS\system32\drivers\TosIde.sys

011 C:\WINDOWS\system32\drivers\ultra.sys

011 C:\WINDOWS\system32\drivers\ViaIde.sys

011 C:\WINDOWS\system32\drivers\WDICA.sys

061 deskpan.dll

073 C:\Bruker\TOPSPIN\prog\bin\helevtransfer.cmd

214

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia o seguinte tópico:

http://forum.clubedohardware.com.br/criando-novo-topico/429891

Depois poste um novo log do Hijackthis para análise.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sr. Renato,

Posto, como me instruiu o log hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 1:02:27 AM, on 10/24/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\SPYWAR~2\SpywareTerminatorShield.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\system32\shockwave.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\cmd.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

C:\Documents and Settings\Luísa\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer do Windows fornecido por Yahoo! Brasil

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~2\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [shockwavePlugin] C:\WINDOWS\system32\shockwave.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [c__windows_system32_ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: JavaConnect - http://sametime.grude.ufmg.br/sametime/javaconnect/JavaConnect.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://www.mrw.interscience.wiley.com/wfplayer/tdserver.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {1EEDA174-3132-4AFC-9EEC-55BE29C87476} (STAutoAway Control) - http://sametime.grude.ufmg.br/sametime/javaconnect/STAutoAwayLoader.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://manivela.grude.ufmg.br/iNotes6.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179804992812

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201656275187

O16 - DPF: {D4B5D9AB-D565-4DAF-BF5C-4D07F1CAA6EE} (STURLConnection Control) - http://sametime.grude.ufmg.br/sametime/javaconnect/STUrlConLoader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

Atenciosamente,

Djalma Menezes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virusscan.jotti.org/

Em File to upload coloque: C:\WINDOWS\system32\ctfmon.exe

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Scan taken on 25 Oct 2008 19:13:34 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

G DATA

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

Quero comentar, alem do exame acima, que o programa Spyware Terminator em procura de rotina achou o processo Firwall.sys infectado pelo Trojan. Agent.ahgw. Pedi para matar o processo nesse instante que respondo ao topico. Vou reinicializar e ver se obtive exito. Postarei um novo Hijackthis.

obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sr. Renato,

Depois de apagar o arquivo f1rewall.exe a reinicialização mostrou que o arquivo MicrosoftGenuine.exe estava tentando descompactar e instalar o arquivo deletado pelo Spyware Terminator e produzindo uma mensagem de erro. A mensagem recomendava reinicializar o windows e tentar a instalação novamente. Fui no site http://virusscan.jotti.org/ e pedi uma análise do arquivo MicrosoftGenuine.exe. A resposta está postada a seguir

Service load:

0% 100%

File: MicrosoftGenuine.exe

Status:

INFECTED/MALWARE

MD5: 964e75e289e4fa0c9dad291d6beb5949

Packers detected:

-

Scanner results

Scan taken on 25 Oct 2008 21:00:22 (GMT)

A-Squared

Found nothing

AntiVir

Found HEUR/Crypted

ArcaVir

Found Adware.Cinmus.Fvz

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found Trojan.Generic.127328

ClamAV

Found Trojan.Dropper-4991

CPsecure

Found Troj.Dropper.W32.Delf.ara

Dr.Web

Found Trojan.StartPage.20998

F-Prot Antivirus

Found W32/Dropper.IZJ

F-Secure Anti-Virus

Found Trojan:W32/Delf.DOU

G DATA

Found Trojan.Generic.127328

Ikarus

O arquivo MicrosoftGenuine.exe está infectado. Como faço para retirar o Malware da máquina?

grato,

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ele já havia sido identificado pelo antivírus, exclua-o normalmente.

Depois,

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e poste na sua próxima resposta.

    [*]Gere e cole também um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sr. Renato,

A coisa está feia. Veja o relatório do Kaspersky:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Sunday, October 26, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Sunday, October 26, 2008 02:36:02

Records in database: 1346576

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

Scan statistics:

Files scanned: 126306

Threat name: 4

Infected objects: 24

Suspicious objects: 0

Duration of the scan: 01:59:25

File name / Threat name / Threats count

C:\Documents and Settings\LuÃ*sa\1.exe.1 Infected: Trojan-Dropper.Win32.Small.cak 1

C:\Documents and Settings\LuÃ*sa\1.exe.1 Infected: Trojan.Win32.Agent.ajut 1

C:\Documents and Settings\LuÃ*sa\1.exe.10 Infected: Trojan-Dropper.Win32.Small.cak 1

C:\Documents and Settings\LuÃ*sa\1.exe.10 Infected: Trojan.Win32.Agent.ajut 1

C:\Documents and Settings\LuÃ*sa\1.exe.11 Infected: Trojan-Dropper.Win32.Small.cak 1

C:\Documents and Settings\LuÃ*sa\1.exe.11 Infected: Trojan.Win32.Agent.ajut 1

C:\Documents and Settings\LuÃ*sa\1.exe.2 Infected: Trojan-Dropper.Win32.Small.cak 1

C:\Documents and Settings\LuÃ*sa\1.exe.2 Infected: Trojan.Win32.Agent.ajut 1

C:\Documents and Settings\LuÃ*sa\1.exe.3 Infected: Trojan-Dropper.Win32.Small.cak 1

C:\Documents and Settings\LuÃ*sa\1.exe.3 Infected: Trojan.Win32.Agent.ajut 1

C:\Documents and Settings\LuÃ*sa\1.exe.4 Infected: Trojan-Dropper.Win32.Small.cak 1

C:\Documents and Settings\LuÃ*sa\1.exe.4 Infected: Trojan.Win32.Agent.ajut 1

C:\Documents and Settings\LuÃ*sa\1.exe.5 Infected: Trojan-Dropper.Win32.Small.cak 1

C:\Documents and Settings\LuÃ*sa\1.exe.5 Infected: Trojan.Win32.Agent.ajut 1

C:\Documents and Settings\LuÃ*sa\1.exe.6 Infected: Trojan-Dropper.Win32.Small.cak 1

C:\Documents and Settings\LuÃ*sa\1.exe.6 Infected: Trojan.Win32.Agent.ajut 1

C:\Documents and Settings\LuÃ*sa\1.exe.7 Infected: Trojan-Dropper.Win32.Small.cak 1

C:\Documents and Settings\LuÃ*sa\1.exe.7 Infected: Trojan.Win32.Agent.ajut 1

C:\Documents and Settings\LuÃ*sa\1.exe.8 Infected: Trojan-Dropper.Win32.Small.cak 1

C:\Documents and Settings\LuÃ*sa\1.exe.8 Infected: Trojan.Win32.Agent.ajut 1

C:\Documents and Settings\LuÃ*sa\1.exe.9 Infected: Trojan-Dropper.Win32.Small.cak 1

C:\Documents and Settings\LuÃ*sa\1.exe.9 Infected: Trojan.Win32.Agent.ajut 1

C:\Documents and Settings\LuÃ*sa\Dados de aplicativos\firewall.sys Infected: Trojan.Win32.Agent.ahgw 1

C:\VD\VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a 1

The selected area was scanned.

Agora o Hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 10:03:26 AM, on 10/26/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe

C:\FirefoxPortable\App\firefox\firefox.exe

C:\Documents and Settings\Luísa\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer do Windows fornecido por Yahoo! Brasil

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: 84.22.29.59 www.bradesco.com.br

O1 - Hosts: 84.22.29.59 bradesco.com.br

O1 - Hosts: 84.22.29.59 www.itau.com.br

O1 - Hosts: 84.22.29.59 itau.com.br

O1 - Hosts: 84.22.29.59 www.bb.com.br

O1 - Hosts: 84.22.29.59 bb.com.br

O1 - Hosts: 84.22.29.59 www.bancodobrasil.com.br

O1 - Hosts: 84.22.29.59 bancodobrasil.com.br

O1 - Hosts: 84.22.29.59 www.santander.com.br

O1 - Hosts: 84.22.29.59 santander.com.br

O1 - Hosts: 84.22.29.59 www.banespa.com.br

O1 - Hosts: 84.22.29.59 banespa.com.br

O1 - Hosts: 84.22.29.59 www.credicardciti.com.br

O1 - Hosts: 84.22.29.59 credicardciti.com.br

O1 - Hosts: 84.22.29.59 santander.com.br

O1 - Hosts: 84.22.29.59 www.santander.com.br

O1 - Hosts: 84.22.29.59 www.credicardciti.com.br

O1 - Hosts: 84.22.29.59 www.credicarditau.com.br

O1 - Hosts: 84.22.29.59 credicardciti.com.br

O1 - Hosts: 84.22.29.59 credicarditau.com.br

O1 - Hosts: 84.22.29.59 pagseguro.uol.com.br

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~2\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [shockwavePlugin] C:\WINDOWS\system32\shockwave.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [c__windows_system32_ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: JavaConnect - http://sametime.grude.ufmg.br/sametime/javaconnect/JavaConnect.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://www.mrw.interscience.wiley.com/wfplayer/tdserver.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {1EEDA174-3132-4AFC-9EEC-55BE29C87476} (STAutoAway Control) - http://sametime.grude.ufmg.br/sametime/javaconnect/STAutoAwayLoader.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://manivela.grude.ufmg.br/iNotes6.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179804992812

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201656275187

O16 - DPF: {D4B5D9AB-D565-4DAF-BF5C-4D07F1CAA6EE} (STURLConnection Control) - http://sametime.grude.ufmg.br/sametime/javaconnect/STUrlConLoader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Evite acessar sites de bancos temporariamente.

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado a Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-10-25.01 - Djalma 2008-10-27 1:19:02.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1193 [GMT -2:00]

Executando de: C:\Documents and Settings\Luísa\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\ctzz.dll

C:\WINDOWS\system32\skandisk.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GBPSV

-------\Legacy_NPF

-------\Service_GbpSv

-------\Service_NPF

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-27 to 2008-10-27 ))))))))))))))))))))))))))))

.

2008-10-27 01:23 . 2008-10-23 02:56 147,498 --a------ C:\Documents and Settings\Luísa\1.exe

2008-10-27 01:23 . 2008-10-23 02:56 147,498 --a------ C:\Documents and Settings\Luísa\1.exe

2008-10-25 19:21 . 2008-10-23 01:41 74,240 --a------ C:\Documents and Settings\Luísa\Dados de aplicativos\MicrosoftGenuine.exe

2008-10-25 19:21 . 2008-10-23 01:41 74,240 --a------ C:\Documents and Settings\Luísa\Dados de aplicativos\MicrosoftGenuine.exe

2008-10-25 19:21 . 2008-10-23 01:41 74,240 --a------ C:\Documents and Settings\Luísa\Dados de aplicativos\MicrosoftGenuine.exe

2008-10-24 11:41 . 2008-10-24 11:41 <DIR> d-------- C:\Documents and Settings\Doutorado\Congressos

2008-10-24 11:40 . 2008-10-24 11:41 <DIR> d-------- C:\Documents and Settings\Doutorado

2008-10-24 10:02 . 2008-10-24 10:02 <DIR> d-------- C:\Documents and Settings\Luísa\Dados de aplicativos\Hijackthis

2008-10-24 10:02 . 2008-10-24 10:02 <DIR> d-------- C:\Documents and Settings\Luísa\Dados de aplicativos\Hijackthis

2008-10-24 10:02 . 2008-10-24 10:02 <DIR> d-------- C:\Documents and Settings\Luísa\Dados de aplicativos\Hijackthis

2008-10-24 08:22 . 2008-10-15 14:36 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-23 00:41 . 2008-10-23 00:41 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

2008-10-22 21:12 . 2008-10-22 21:12 <DIR> d-------- C:\Arquivos de programas\MestRe-C

2008-10-22 16:40 . 2008-10-22 18:35 <DIR> d-------- C:\wxNUTS

2008-10-22 08:46 . 2008-10-23 01:30 12,544 --a------ C:\Documents and Settings\Luísa\Dados de aplicativos\winmanager.sys

2008-10-22 08:46 . 2008-10-23 01:30 12,544 --a------ C:\Documents and Settings\Luísa\Dados de aplicativos\winmanager.sys

2008-10-22 08:46 . 2008-10-23 01:30 12,544 --a------ C:\Documents and Settings\Luísa\Dados de aplicativos\winmanager.sys

2008-10-20 15:34 . 2008-10-20 15:34 <DIR> d-------- C:\Arquivos de programas\PDFCreator Toolbar

2008-10-20 15:34 . 2008-10-20 15:34 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_2875.exe

2008-10-20 15:34 . 2008-10-20 15:34 14,298 --a------ C:\Arquivos de programas\settings.dat

2008-10-20 15:33 . 2008-10-20 15:34 <DIR> d-------- C:\Arquivos de programas\PDFCreator

2008-10-20 15:33 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll

2008-10-20 15:33 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX

2008-10-20 15:33 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL

2008-10-19 01:21 . 2008-10-22 16:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-10-19 01:21 . 2008-10-19 01:21 1,409 --a------ C:\WINDOWS\QTFont.for

2008-10-19 00:16 . 2008-10-19 00:16 <DIR> d-------- C:\Arquivos de programas\Windows Defender

2008-10-19 00:14 . 2008-10-19 00:14 <DIR> d----c--- C:\Documents and Settings\All Users\Dados de aplicativos\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}

2008-10-18 23:35 . 2008-10-18 23:49 <DIR> d-------- C:\Arquivos de programas\Marcos Velasco Security

2008-10-18 18:12 . 2008-10-23 22:28 <DIR> d-------- C:\Arquivos de programas\ThreatExpert Memory Scanner

2008-10-16 23:55 . 2008-10-16 23:55 <DIR> d--h----- C:\Arquivos de programas\Zenographics

2008-10-16 23:55 . 2006-01-30 07:00 574,100 -ra------ C:\WINDOWS\system32\hp1022n.img

2008-10-16 23:55 . 2006-01-30 07:00 442,368 --a------ C:\WINDOWS\system32\ZSHP1020.EXE

2008-10-16 23:55 . 2006-01-30 07:00 206,768 -ra------ C:\WINDOWS\system32\hp1022.img

2008-10-16 23:55 . 2006-01-30 07:00 143,360 -ra------ C:\WINDOWS\apptune1020.exe

2008-10-16 23:55 . 2006-01-30 07:00 128,820 -ra------ C:\WINDOWS\system32\hp1020.img

2008-10-16 23:55 . 2006-01-30 07:00 106,496 -ra------ C:\WINDOWS\system32\VSHP1020.DLL

2008-10-16 23:55 . 2006-01-30 07:00 102,400 --a------ C:\WINDOWS\system32\ZLhp1020.dll

2008-10-16 23:55 . 2006-01-30 07:00 86,016 --a------ C:\WINDOWS\system32\ZSPOOL.DLL

2008-10-16 23:55 . 2006-01-30 07:00 28,672 --a------ C:\WINDOWS\system32\zlm.dll

2008-10-16 23:55 . 2006-01-30 07:00 28,672 --a------ C:\WINDOWS\system32\IMF32.DLL

2008-10-16 23:55 . 2006-01-30 07:00 24,576 --a------ C:\WINDOWS\system32\ZTAG32.DLL

2008-10-16 23:55 . 2006-01-30 07:00 7,341 -ra------ C:\WINDOWS\system32\ZSHP1020.HLP

2008-10-16 10:03 . 2008-10-14 03:15 74,240 --a------ C:\Documents and Settings\Luísa\Dados de aplicativos\RMicrosoftGenuine.exe

2008-10-16 10:03 . 2008-10-14 03:15 74,240 --a------ C:\Documents and Settings\Luísa\Dados de aplicativos\RMicrosoftGenuine.exe

2008-10-16 10:03 . 2008-10-14 03:15 74,240 --a------ C:\Documents and Settings\Luísa\Dados de aplicativos\RMicrosoftGenuine.exe

2008-10-16 02:37 . 2008-10-16 02:39 1,393 --a------ C:\WINDOWS\imsins.BAK

2008-10-15 23:56 . 2008-09-15 13:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-15 23:35 . 2008-08-14 11:24 2,193,408 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-15 23:35 . 2008-08-14 11:24 2,149,376 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-15 23:35 . 2008-08-14 11:24 2,070,272 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-15 23:35 . 2008-08-14 11:24 2,028,032 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-15 23:21 . 2008-09-08 08:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-14 16:33 . 2008-10-04 00:37 11,904 --a------ C:\Documents and Settings\Luísa\Dados de aplicativos\firewall.sys

2008-10-14 16:33 . 2008-10-04 00:37 11,904 --a------ C:\Documents and Settings\Luísa\Dados de aplicativos\firewall.sys

2008-10-14 16:33 . 2008-10-04 00:37 11,904 --a------ C:\Documents and Settings\Luísa\Dados de aplicativos\firewall.sys

2008-10-14 15:36 . 2007-03-19 03:08 33,280 -ra------ C:\WINDOWS\system32\SNETLLC.DLL

2008-10-14 15:36 . 2007-03-19 03:08 29,184 -ra------ C:\WINDOWS\system32\SNETAPL.DLL

2008-10-14 15:36 . 2007-03-19 03:08 27,648 -ra------ C:\WINDOWS\system32\SNETDRV.EXE

2008-10-14 15:36 . 2007-03-19 03:08 13,312 -ra------ C:\WINDOWS\system32\SNET_EN.DLL

2008-10-14 15:36 . 2007-03-19 03:08 12,800 -ra------ C:\WINDOWS\system32\SNET_JA.DLL

2008-10-14 15:36 . 2007-03-19 03:08 11,776 -ra------ C:\WINDOWS\system32\SNETRUN.EXE

2008-10-14 15:36 . 2007-03-19 03:08 10,834 -ra------ C:\WINDOWS\system32\VsnetD.386

2008-10-14 15:36 . 2007-03-19 03:08 6,944 -ra------ C:\WINDOWS\system32\SNETM16.DLL

2008-10-14 15:36 . 2007-03-19 03:08 6,144 -ra------ C:\WINDOWS\system32\SNETMAC.DLL

2008-10-14 14:34 . 2008-10-14 15:36 365 --a------ C:\WINDOWS\SYSTEM.OLD

2008-10-14 14:34 . 1995-11-02 11:46 106 --a------ C:\WINDOWS\CAMPROT.INI

2008-10-14 14:34 . 1995-11-02 11:45 106 --a------ C:\WINDOWS\ASPIPROT.INI

2008-10-14 14:34 . 1995-01-31 10:22 41 --a------ C:\WINDOWS\PDACMD.INI

2008-10-14 14:34 . 1995-12-21 10:10 22 --a------ C:\WINDOWS\PDA.INI

2008-10-14 14:33 . 2008-10-14 15:45 <DIR> d-------- C:\LC10

2008-10-14 14:33 . 2008-10-14 22:48 1,633 --a------ C:\WINDOWS\CLASSLC.INI

2008-10-14 11:59 . 2008-10-14 11:59 <DIR> d-------- C:\Temp\DTI

2008-10-14 08:42 . 2008-10-14 08:42 <DIR> d-------- C:\Documents and Settings\Luísa\Dados de aplicativos\ChessCubeVideoViewer.22A6FA2509F415BF040C756B4D9CC577BC15C17E.1

2008-10-14 08:42 . 2008-10-14 08:42 <DIR> d-------- C:\Documents and Settings\Luísa\Dados de aplicativos\ChessCubeVideoViewer.22A6FA2509F415BF040C756B4D9CC577BC15C17E.1

2008-10-14 08:42 . 2008-10-14 08:42 <DIR> d-------- C:\Documents and Settings\Luísa\Dados de aplicativos\ChessCubeVideoViewer.22A6FA2509F415BF040C756B4D9CC577BC15C17E.1

2008-10-14 08:42 . 2008-10-14 08:42 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe AIR

2008-10-13 00:49 . 2008-10-13 00:50 94,990 --a------ C:\WINDOWS\system32\USB002

2008-10-12 20:53 . 2008-10-12 20:55 77,154 --a------ C:\WINDOWS\system32\hp 1020

2008-10-12 20:15 . 2007-12-10 08:00 61,440 --a------ C:\WINDOWS\system32\ZIMF.DLL

2008-10-12 20:15 . 2007-12-10 08:00 53,248 --a------ C:\WINDOWS\system32\ZTAG.DLL

2008-10-12 20:15 . 2007-12-10 08:00 10,632 --a------ C:\WINDOWS\system32\ZSHP1020.CHM

2008-10-08 17:47 . 2008-10-16 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-10-06 11:05 . 2008-10-04 14:22 332,800 --a------ C:\WINDOWS\system32\wget.exe

2008-10-06 11:05 . 2008-10-03 10:33 131,646 --------- C:\WINDOWS\system32\shockwave.exe

2008-10-01 17:32 . 2008-10-01 18:01 133,640 --a------ C:\WINDOWS\hpdj3500.hi2

2008-10-01 17:32 . 2008-10-01 18:01 6,584 --a------ C:\WINDOWS\hpdj3500.bu2

2008-10-01 17:14 . 2008-10-01 18:14 8,437 --a------ C:\WINDOWS\hpdj3500.hi1

2008-10-01 17:14 . 2008-10-01 18:14 1,794 --a------ C:\WINDOWS\hpdj3500.bu1

2008-10-01 17:12 . 2008-10-01 18:39 6,190 --a------ C:\WINDOWS\hpdj3500.his

2008-10-01 17:12 . 2008-10-01 18:39 1,434 --a------ C:\WINDOWS\hpdj3500.ini

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-26 13:42 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Spyware Terminator

2008-10-26 13:42 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Spyware Terminator

2008-10-26 13:42 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Spyware Terminator

2008-10-26 13:42 --------- d-----w C:\Arquivos de programas\Spyware Terminator

2008-10-26 13:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-10-26 13:33 --------- d-----w C:\Arquivos de programas\Realtek

2008-10-25 18:51 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-10-24 12:52 --------- d-----w C:\Arquivos de programas\gs

2008-10-24 02:46 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Skype

2008-10-24 02:46 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Skype

2008-10-24 02:46 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Skype

2008-10-23 22:25 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\skypePM

2008-10-23 22:25 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\skypePM

2008-10-23 22:25 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\skypePM

2008-10-23 03:30 12,544 ----a-w C:\WINDOWS\system32\drivers\winmanager.sys

2008-10-22 01:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\NuTC4

2008-10-21 22:41 --------- d-----w C:\Arquivos de programas\Microsoft Silverlight

2008-10-20 02:05 --------- d-----w C:\Arquivos de programas\CCDC

2008-10-20 02:04 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-10-17 01:55 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-10-16 23:10 --------- d-----w C:\Arquivos de programas\Windows Live

2008-10-14 18:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-10-14 18:41 --------- d--h--w C:\Arquivos de programas\Scpad

2008-09-25 12:21 --------- d-----w C:\Arquivos de programas\ACD11

2008-09-24 03:05 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-24 02:53 --------- d-----w C:\Arquivos de programas\POV-Ray for Windows v3.6

2008-09-24 00:37 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Advanced Chemistry Development

2008-09-24 00:37 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Advanced Chemistry Development

2008-09-24 00:37 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Advanced Chemistry Development

2008-09-24 00:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Advanced Chemistry Development

2008-09-20 16:25 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Uniblue

2008-09-20 16:25 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Uniblue

2008-09-20 16:25 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Uniblue

2008-09-20 15:58 --------- d-----w C:\Arquivos de programas\OriginLab

2008-09-20 14:56 --------- d-----w C:\Arquivos de programas\Megacubo

2008-09-19 16:25 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\foobar2000

2008-09-19 16:25 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\foobar2000

2008-09-19 16:25 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\foobar2000

2008-09-19 01:01 --------- d-----w C:\Arquivos de programas\Eset

2008-09-19 00:06 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys

2008-09-19 00:06 298,104 ----a-w C:\WINDOWS\system32\imon.dll

2008-09-19 00:06 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys

2008-09-15 20:36 --------- d-----w C:\Arquivos de programas\Sun

2008-09-15 20:35 410,976 ----a-w C:\WINDOWS\system32\deploytk.dll

2008-09-15 20:35 --------- d-----w C:\Arquivos de programas\Java

2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-07 04:26 --------- d-----w C:\Arquivos de programas\DivX

2008-09-07 04:23 --------- d-----w C:\Arquivos de programas\Xvid

2008-09-01 00:38 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-08-29 15:12 177,664 ----a-w C:\WINDOWS\cbuninstall.exe

2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-25 12:41 1,072,047 ----a-w C:\i0756buf.zip

2008-08-14 13:24 2,193,408 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:24 2,070,272 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-06-23 23:35 43,494 ----a-w C:\Arquivos de programas\megacubo_log.log

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"c__windows_system32_ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminator"="C:\ARQUIV~1\SPYWAR~2\SpywareTerminatorShield.exe" [2008-08-22 1783808]

"Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-08 29744]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre6\bin\jusched.exe" [2008-09-15 144792]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2008-09-18 949376]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"ShockwavePlugin"="C:\WINDOWS\system32\shockwave.exe" [2008-10-03 131646]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"Microsoft Genuine Advantage"="C:\Documents and Settings\Luísa\Dados de aplicativos\MicrosoftGenuine.exe" [2008-10-23 74240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-10-25 16:51 3 C:\Arquivos de programas\GbPlugin\gbieh.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^System Control.lnk]

backup=C:\WINDOWS\pss\System Control.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-08-05 22:05 344064 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

--a------ 2006-05-24 18:39 2655272 C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 00:20 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

--a------ 2007-12-17 12:12 243240 C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2008-09-08 14:29 29744 C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2001-08-03 09:42 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------- 2006-07-12 07:58 1397760 C:\Arquivos de programas\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

--------- 2005-05-19 08:57 188416 C:\Arquivos de programas\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-14 00:21 1695232 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]

-ra------ 2006-01-30 07:00 98304 C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-01-10 15:27 385024 C:\Arquivos de programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2004-11-02 21:24 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

--a------ 2008-08-22 16:52 1783808 C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 05:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2005-10-15 07:29 88203 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2005-11-10 12:14 15473664 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bruker FLEXlm License Server"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Arquivos de programas\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\CambridgeSoft\\ChemOffice2004\\ChemDraw\\ChemDraw.exe"=

"C:\\Arquivos de programas\\CambridgeSoft\\ChemOffice2004\\Chem3D\\Chem3D.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Star\\Chemis32.exe"=

"C:\\Arquivos de programas\\ImageJ\\jre\\bin\\javaw.exe"=

"C:\\MirandaPortable\\App\\miranda\\miranda32.exe"=

"C:\\Arquivos de programas\\JEOL\\Delta\\bin\\delta.exe"=

"C:\\Arquivos de programas\\CambridgeSoft\\ChemOffice2004\\ChemFinder\\CFWord.exe"=

"C:\\WINDOWS\\system32\\fxsclnt.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\JEOL\\Delta\\global\\convert.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8597:TCP"= 8597:TCP:*:Disabled:BitComet 8597 TCP

"8597:UDP"= 8597:UDP:*:Disabled:BitComet 8597 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowOutboundPacketTooBig"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-22 141312]

R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2007-02-21 4096]

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]

R2 fsssvc;Windows Live OneCare Proteção para a Família;C:\Arquivos de programas\Windows Live\Proteção para a Família\fsssvc.exe [2007-12-17 523816]

R2 JavaQuickStarterService;Java Quick Starter;C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-09-15 147456]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-08 29744]

S3 gpibclsb;GPIB Board Class Driver;C:\WINDOWS\system32\Drivers\gpibclsb.sys [ ]

S3 gpibclsd;GPIB Device Class Driver;C:\WINDOWS\system32\Drivers\gpibclsd.sys [ ]

S3 wsstario;wsstario;C:\WINDOWS\system32\drivers\wsstario.sys [1998-01-26 5856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1dabf6c-d93e-11db-9e62-0016e321a5dd}]

\Shell\Home\Command - nmrun http://www.osjaos.com

\Shell\Web\Command - http://www.osjaos.com

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2008-10-27 C:\WINDOWS\Tasks\MP Scheduled Scan.job

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-10-26 C:\WINDOWS\Tasks\Updater 1.job

- C:\Arquivos de programas\ACD11\UPDATER.EXE [2008-03-06 18:13]

2008-06-20 C:\WINDOWS\Tasks\Updater.job

- C:\ACD\UPDATER.EXE [2002-07-04 21:49]

2008-10-27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC77139A-266F-48DB-986D-BE3702AF99CD}.job

- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 13:58]

.

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Luísa\Dados de aplicativos\Mozilla\Firefox\Profiles\s4ujf6o8.default\

FF -: plugin - C:\Arquivos de programas\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - c:\Arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF -: plugin - c:\Arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF -: plugin - C:\Arquivos de programas\Yahoo!\Shared\npYState.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\np32dsw.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npdeploytk.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npnul32.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\NPOFFICE.DLL

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npqtplugin.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npqtplugin2.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npqtplugin3.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npqtplugin4.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npqtplugin5.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npqtplugin6.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npqtplugin7.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\NPSWF32.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-27 01:23:37

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

C:\WINDOWS\system32\skandisk.dll 6 bytes

Varredura completada com sucesso

arquivos/ficheiros ocultos: 1

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\MATLAB6p1\bin\win32\matlab.exe

C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-27 1:28:48 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-10-27 03:28:42

Pré-execução: 41 pasta(s) 19,098,583,040 bytes disponíveis

Pós execução: 41 pasta(s) 19,219,185,664 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

361 --- E O F --- 2008-10-24 13:20:04

Compartilhar este post


Link para o post
Compartilhar em outros sites
* Resident AV is active

Por gentileza, desative seu antivírus antes de executar o ComboFix.

Conhece o seguinte arquivo?

C:\i0756buf.zip

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":


File::

C:\Documents and Settings\Luísa\1.exe
C:\Documents and Settings\Luísa\1.exe
C:\Documents and Settings\Luísa\Dados de aplicativos\MicrosoftGenuine.exe
C:\WINDOWS\system32\drivers\wsstario.sys

Folder::

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c__windows_system32_ctfmon.exe"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Microsoft Genuine Advantage"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1dabf6c-d93e-11db-9e62-0016e321a5dd}]

Driver::

wsstario

FireFox::

FireFox -: Profile - C:\Documents and Settings\Luísa\Dados de aplicativos\Mozilla\Firefox\Profiles\s4ujf6o8.defa ult\
FF -: plugin - C:\Arquivos de programas\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\Arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\Arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Arquivos de programas\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\np32dsw.dll
FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npdeploytk.dll
FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npGoogleGadgetPlug inFirefoxWin.dll
FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npnul32.dll
FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\NPOFFICE.DLL
FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npqtplugin.dll
FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npqtplugin2.dll
FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npqtplugin3.dll
FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npqtplugin4.dll
FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npqtplugin5.dll
FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npqtplugin6.dll
FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npqtplugin7.dll
FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\NPSWF32.dll

Rootkit::

C:\WINDOWS\system32\skandisk.dll

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sr. Mejias,

O relatório Combofix após o ultimo procedimento que me recomendou foi o seguinte:

ComboFix 08-10-27.02 - Djalma 2008-10-28 1:23:30.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1376 [GMT -2:00]

Executando de: C:\Documents and Settings\Luísa\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\Luísa\Desktop\CFScript.txt

* Criado um novo ponto de restauro

FILE ::

C:\Documents and Settings\Luísa\1.exe

C:\Documents and Settings\Luísa\Dados de aplicativos\MicrosoftGenuine.exe

C:\WINDOWS\system32\drivers\Wsstario.sys

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Luísa\1.exe

C:\WINDOWS\system32\ctzz.dll

C:\WINDOWS\system32\drivers\Wsstario.sys

C:\WINDOWS\system32\skandisk.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_WSSTARIO

-------\Service_wsstario

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-28 to 2008-10-28 ))))))))))))))))))))))))))))

.

2008-10-28 01:32 . 2008-10-23 02:56 147,498 --a------ C:\Documents and Settings\Luísa\1.exe

2008-10-28 01:32 . 2008-10-23 02:56 147,498 --a------ C:\Documents and Settings\Luísa\1.exe

2008-10-28 01:32 . 2008-10-23 01:41 74,240 --a------ C:\Documents and Settings\Luísa\Dados de aplicativos\MicrosoftGenuine.exe

2008-10-28 01:32 . 2008-10-23 01:30 12,544 --a------ C:\WINDOWS\system32\drivers\winmanager.sys

2008-10-28 01:32 . 2008-10-23 01:30 12,544 --a------ C:\Documents and Settings\Luísa\Dados de aplicativos\winmanager.sys

2008-10-28 01:32 . 2008-10-28 01:32 6 --a------ C:\WINDOWS\system32\skandisk.dll

2008-10-27 13:24 . 2008-10-27 14:13 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-10-27 13:24 . 2008-10-27 13:24 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-10-27 13:23 . 2008-10-28 00:26 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-10-27 13:23 . 2008-10-27 13:23 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab

2008-10-27 13:23 . 2008-10-28 01:25 2,455,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-10-27 13:23 . 2008-10-28 01:32 417,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-10-27 13:23 . 2008-10-28 01:25 20,260 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-10-27 13:23 . 2008-10-28 01:25 2,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-10-27 08:45 . 2008-10-27 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-10-24 11:41 . 2008-10-24 11:41 <DIR> d-------- C:\Documents and Settings\Doutorado\Congressos

2008-10-24 11:40 . 2008-10-24 11:41 <DIR> d-------- C:\Documents and Settings\Doutorado

2008-10-24 10:02 . 2008-10-24 10:02 <DIR> d-------- C:\Documents and Settings\Luísa\Dados de aplicativos\Hijackthis

2008-10-24 08:22 . 2008-10-15 14:36 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-23 00:41 . 2008-10-23 00:41 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

2008-10-22 21:12 . 2008-10-22 21:12 <DIR> d-------- C:\Arquivos de programas\MestRe-C

2008-10-22 16:40 . 2008-10-22 18:35 <DIR> d-------- C:\wxNUTS

2008-10-20 15:34 . 2008-10-20 15:34 <DIR> d-------- C:\Arquivos de programas\PDFCreator Toolbar

2008-10-20 15:34 . 2008-10-20 15:34 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_2875.exe

2008-10-20 15:34 . 2008-10-20 15:34 14,298 --a------ C:\Arquivos de programas\settings.dat

2008-10-20 15:33 . 2008-10-20 15:34 <DIR> d-------- C:\Arquivos de programas\PDFCreator

2008-10-20 15:33 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll

2008-10-20 15:33 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX

2008-10-20 15:33 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL

2008-10-19 00:14 . 2008-10-19 00:14 <DIR> d----c--- C:\Documents and Settings\All Users\Dados de aplicativos\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}

2008-10-18 23:35 . 2008-10-18 23:49 <DIR> d-------- C:\Arquivos de programas\Marcos Velasco Security

2008-10-18 18:12 . 2008-10-27 11:11 <DIR> d-------- C:\Arquivos de programas\ThreatExpert Memory Scanner

2008-10-16 23:55 . 2008-10-16 23:55 <DIR> d--h----- C:\Arquivos de programas\Zenographics

2008-10-16 23:55 . 2006-01-30 07:00 574,100 -ra------ C:\WINDOWS\system32\hp1022n.img

2008-10-16 23:55 . 2006-01-30 07:00 442,368 --a------ C:\WINDOWS\system32\ZSHP1020.EXE

2008-10-16 23:55 . 2006-01-30 07:00 206,768 -ra------ C:\WINDOWS\system32\hp1022.img

2008-10-16 23:55 . 2006-01-30 07:00 143,360 -ra------ C:\WINDOWS\apptune1020.exe

2008-10-16 23:55 . 2006-01-30 07:00 128,820 -ra------ C:\WINDOWS\system32\hp1020.img

2008-10-16 23:55 . 2006-01-30 07:00 106,496 -ra------ C:\WINDOWS\system32\VSHP1020.DLL

2008-10-16 23:55 . 2006-01-30 07:00 102,400 --a------ C:\WINDOWS\system32\ZLhp1020.dll

2008-10-16 23:55 . 2006-01-30 07:00 86,016 --a------ C:\WINDOWS\system32\ZSPOOL.DLL

2008-10-16 23:55 . 2006-01-30 07:00 28,672 --a------ C:\WINDOWS\system32\zlm.dll

2008-10-16 23:55 . 2006-01-30 07:00 28,672 --a------ C:\WINDOWS\system32\IMF32.DLL

2008-10-16 23:55 . 2006-01-30 07:00 24,576 --a------ C:\WINDOWS\system32\ZTAG32.DLL

2008-10-16 23:55 . 2006-01-30 07:00 7,341 -ra------ C:\WINDOWS\system32\ZSHP1020.HLP

2008-10-16 02:37 . 2008-10-16 02:39 1,393 --a------ C:\WINDOWS\imsins.BAK

2008-10-15 23:56 . 2008-09-15 13:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-15 23:35 . 2008-08-14 11:24 2,193,408 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-15 23:35 . 2008-08-14 11:24 2,149,376 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-15 23:35 . 2008-08-14 11:24 2,070,272 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-15 23:35 . 2008-08-14 11:24 2,028,032 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-15 23:21 . 2008-09-08 08:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-14 15:36 . 2007-03-19 03:08 33,280 -ra------ C:\WINDOWS\system32\SNETLLC.DLL

2008-10-14 15:36 . 2007-03-19 03:08 29,184 -ra------ C:\WINDOWS\system32\SNETAPL.DLL

2008-10-14 15:36 . 2007-03-19 03:08 27,648 -ra------ C:\WINDOWS\system32\SNETDRV.EXE

2008-10-14 15:36 . 2007-03-19 03:08 13,312 -ra------ C:\WINDOWS\system32\SNET_EN.DLL

2008-10-14 15:36 . 2007-03-19 03:08 12,800 -ra------ C:\WINDOWS\system32\SNET_JA.DLL

2008-10-14 15:36 . 2007-03-19 03:08 11,776 -ra------ C:\WINDOWS\system32\SNETRUN.EXE

2008-10-14 15:36 . 2007-03-19 03:08 10,834 -ra------ C:\WINDOWS\system32\VsnetD.386

2008-10-14 15:36 . 2007-03-19 03:08 6,944 -ra------ C:\WINDOWS\system32\SNETM16.DLL

2008-10-14 15:36 . 2007-03-19 03:08 6,144 -ra------ C:\WINDOWS\system32\SNETMAC.DLL

2008-10-14 14:34 . 2008-10-14 15:36 365 --a------ C:\WINDOWS\SYSTEM.OLD

2008-10-14 14:34 . 1995-11-02 11:46 106 --a------ C:\WINDOWS\CAMPROT.INI

2008-10-14 14:34 . 1995-11-02 11:45 106 --a------ C:\WINDOWS\ASPIPROT.INI

2008-10-14 14:34 . 1995-01-31 10:22 41 --a------ C:\WINDOWS\PDACMD.INI

2008-10-14 14:34 . 1995-12-21 10:10 22 --a------ C:\WINDOWS\PDA.INI

2008-10-14 14:33 . 2008-10-14 15:45 <DIR> d-------- C:\LC10

2008-10-14 14:33 . 2008-10-14 22:48 1,633 --a------ C:\WINDOWS\CLASSLC.INI

2008-10-14 11:59 . 2008-10-14 11:59 <DIR> d-------- C:\Temp\DTI

2008-10-14 08:42 . 2008-10-14 08:42 <DIR> d-------- C:\Documents and Settings\Luísa\Dados de aplicativos\ChessCubeVideoViewer.22A6FA2509F415BF040C756B4D9CC577BC15C17E.1

2008-10-14 08:42 . 2008-10-14 08:42 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe AIR

2008-10-13 00:49 . 2008-10-13 00:50 94,990 --a------ C:\WINDOWS\system32\USB002

2008-10-12 20:53 . 2008-10-12 20:55 77,154 --a------ C:\WINDOWS\system32\hp 1020

2008-10-12 20:15 . 2007-12-10 08:00 61,440 --a------ C:\WINDOWS\system32\ZIMF.DLL

2008-10-12 20:15 . 2007-12-10 08:00 53,248 --a------ C:\WINDOWS\system32\ZTAG.DLL

2008-10-12 20:15 . 2007-12-10 08:00 10,632 --a------ C:\WINDOWS\system32\ZSHP1020.CHM

2008-10-08 17:47 . 2008-10-16 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-10-06 11:05 . 2008-10-04 14:22 332,800 --a------ C:\WINDOWS\system32\wget.exe

2008-10-06 11:05 . 2008-10-03 10:33 131,646 --------- C:\WINDOWS\system32\shockwave.exe

2008-10-01 17:32 . 2008-10-01 18:01 133,640 --a------ C:\WINDOWS\hpdj3500.hi2

2008-10-01 17:32 . 2008-10-01 18:01 6,584 --a------ C:\WINDOWS\hpdj3500.bu2

2008-10-01 17:14 . 2008-10-01 18:14 8,437 --a------ C:\WINDOWS\hpdj3500.hi1

2008-10-01 17:14 . 2008-10-01 18:14 1,794 --a------ C:\WINDOWS\hpdj3500.bu1

2008-10-01 17:12 . 2008-10-01 18:39 6,190 --a------ C:\WINDOWS\hpdj3500.his

2008-10-01 17:12 . 2008-10-01 18:39 1,434 --a------ C:\WINDOWS\hpdj3500.ini

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-27 17:17 --------- d-----w C:\Arquivos de programas\ImageJ

2008-10-27 16:24 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-10-27 11:55 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Spyware Terminator

2008-10-27 11:14 --------- d-----w C:\Arquivos de programas\Spyware Terminator

2008-10-26 13:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-10-26 13:33 --------- d-----w C:\Arquivos de programas\Realtek

2008-10-24 12:52 --------- d-----w C:\Arquivos de programas\gs

2008-10-24 02:46 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Skype

2008-10-23 22:25 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\skypePM

2008-10-22 01:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\NuTC4

2008-10-21 22:41 --------- d-----w C:\Arquivos de programas\Microsoft Silverlight

2008-10-20 02:05 --------- d-----w C:\Arquivos de programas\CCDC

2008-10-20 02:04 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-10-17 01:55 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-10-16 23:10 --------- d-----w C:\Arquivos de programas\Windows Live

2008-10-14 18:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-10-14 18:41 --------- d--h--w C:\Arquivos de programas\Scpad

2008-09-25 12:21 --------- d-----w C:\Arquivos de programas\ACD11

2008-09-24 03:05 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-24 02:53 --------- d-----w C:\Arquivos de programas\POV-Ray for Windows v3.6

2008-09-24 00:37 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Advanced Chemistry Development

2008-09-24 00:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Advanced Chemistry Development

2008-09-20 16:25 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Uniblue

2008-09-20 15:58 --------- d-----w C:\Arquivos de programas\OriginLab

2008-09-20 14:56 --------- d-----w C:\Arquivos de programas\Megacubo

2008-09-19 16:25 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\foobar2000

2008-09-15 20:36 --------- d-----w C:\Arquivos de programas\Sun

2008-09-15 20:35 --------- d-----w C:\Arquivos de programas\Java

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-07 04:26 --------- d-----w C:\Arquivos de programas\DivX

2008-09-07 04:23 --------- d-----w C:\Arquivos de programas\Xvid

2008-09-01 00:38 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-08-29 15:12 177,664 ----a-w C:\WINDOWS\cbuninstall.exe

2008-08-25 12:41 1,072,047 ----a-w C:\i0756buf.zip

2008-06-23 23:35 43,494 ----a-w C:\Arquivos de programas\megacubo_log.log

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminator"="C:\ARQUIV~1\SPYWAR~2\SpywareTerminatorShield.exe" [2008-08-22 1783808]

"Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-08 29744]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre6\bin\jusched.exe" [2008-09-15 144792]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"ShockwavePlugin"="C:\WINDOWS\system32\shockwave.exe" [2008-10-03 131646]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"Microsoft Genuine Advantage"="C:\Documents and Settings\Luísa\Dados de aplicativos\MicrosoftGenuine.exe" [2008-10-23 74240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-10-27 14:24 3 C:\Arquivos de programas\GbPlugin\gbieh.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^System Control.lnk]

backup=C:\WINDOWS\pss\System Control.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-08-05 22:05 344064 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

--a------ 2006-05-24 18:39 2655272 C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 00:20 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

--a------ 2007-12-17 12:12 243240 C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2008-09-08 14:29 29744 C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2001-08-03 09:42 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------- 2006-07-12 07:58 1397760 C:\Arquivos de programas\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

--------- 2005-05-19 08:57 188416 C:\Arquivos de programas\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-14 00:21 1695232 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]

-ra------ 2006-01-30 07:00 98304 C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2004-11-02 21:24 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

--a------ 2008-08-22 16:52 1783808 C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 05:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2005-10-15 07:29 88203 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2005-11-10 12:14 15473664 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bruker FLEXlm License Server"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Arquivos de programas\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\CambridgeSoft\\ChemOffice2004\\ChemDraw\\ChemDraw.exe"=

"C:\\Arquivos de programas\\CambridgeSoft\\ChemOffice2004\\Chem3D\\Chem3D.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Star\\Chemis32.exe"=

"C:\\MirandaPortable\\App\\miranda\\miranda32.exe"=

"C:\\Arquivos de programas\\JEOL\\Delta\\bin\\delta.exe"=

"C:\\Arquivos de programas\\CambridgeSoft\\ChemOffice2004\\ChemFinder\\CFWord.exe"=

"C:\\WINDOWS\\system32\\fxsclnt.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\JEOL\\Delta\\global\\convert.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8597:TCP"= 8597:TCP:*:Disabled:BitComet 8597 TCP

"8597:UDP"= 8597:UDP:*:Disabled:BitComet 8597 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowOutboundPacketTooBig"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-22 141312]

R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2007-02-21 4096]

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]

R2 fsssvc;Windows Live OneCare Proteção para a Família;C:\Arquivos de programas\Windows Live\Proteção para a Família\fsssvc.exe [2007-12-17 523816]

R2 JavaQuickStarterService;Java Quick Starter;C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-09-15 147456]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-08 29744]

S3 gpibclsb;GPIB Board Class Driver;C:\WINDOWS\system32\Drivers\gpibclsb.sys [ ]

S3 gpibclsd;GPIB Device Class Driver;C:\WINDOWS\system32\Drivers\gpibclsd.sys [ ]

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2008-10-27 C:\WINDOWS\Tasks\Updater 1.job

- C:\Arquivos de programas\ACD11\UPDATER.EXE [2008-03-06 18:13]

2008-06-20 C:\WINDOWS\Tasks\Updater.job

- C:\ACD\UPDATER.EXE [2002-07-04 21:49]

2008-10-28 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC77139A-266F-48DB-986D-BE3702AF99CD}.job

- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 13:58]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-28 01:32:31

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

C:\WINDOWS\system32\drivers\winmanager.sys 12544 bytes executable

C:\WINDOWS\system32\skandisk.dll 6 bytes

Varredura completada com sucesso

arquivos/ficheiros ocultos: 2

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\MATLAB6p1\bin\win32\matlab.exe

C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-28 1:36:48 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-10-28 03:36:42

ComboFix2.txt 2008-10-27 03:28:49

Pré-execução: 42 pasta(s) 18,767,032,320 bytes disponíveis

Pós execução: 42 pasta(s) 18,868,490,240 bytes disponíveis

308 --- E O F --- 2008-10-24 13:20:04

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Entretanto, a noite para mim não terminou aqui. Percebi, pelo relatório de WEB TRAFFIC do antivirus Kaspersky que o trojan se realimentava pelo endereço "http://namorando.no-ip.biz/imagem/1.exe//MicrosoftGenuine.exe" WGET.EXE Detected: Trojan-Dropper.Win32.Small.cak. Percebi que quando reiniciava a máquina o arquivo "shockwave.exe", contido na lista de inicializar do windows e não apontado como ameaça, colova outra cópia do virus na máquina. Deletei o arquivo e desmarquei a inicialização. Fiz várias reinicializações com execução do combofix e Hijackthis. Posto os últimos respectivos logs e solicito que me dê um novo diagnóstico, por favor.

Log do Combofix:

ComboFix 08-10-27.03 - Djalma 2008-10-28 3:47:26.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1461 [GMT -2:00]

Executando de: C:\Documents and Settings\Luísa\Desktop\ComboFix.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-28 to 2008-10-28 ))))))))))))))))))))))))))))

.

2008-10-27 13:24 . 2008-10-27 14:13 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-10-27 13:24 . 2008-10-27 13:24 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-10-27 13:23 . 2008-10-28 03:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-10-27 13:23 . 2008-10-27 13:23 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab

2008-10-27 13:23 . 2008-10-28 03:32 2,494,496 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-10-27 13:23 . 2008-10-28 03:32 434,208 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-10-27 13:23 . 2008-10-28 03:32 20,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-10-27 13:23 . 2008-10-28 03:32 2,564 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-10-27 08:45 . 2008-10-27 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-10-24 11:41 . 2008-10-24 11:41 <DIR> d-------- C:\Documents and Settings\Doutorado\Congressos

2008-10-24 11:40 . 2008-10-24 11:41 <DIR> d-------- C:\Documents and Settings\Doutorado

2008-10-24 10:02 . 2008-10-24 10:02 <DIR> d-------- C:\Documents and Settings\Luísa\Dados de aplicativos\Hijackthis

2008-10-24 08:22 . 2008-10-15 14:36 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-23 00:41 . 2008-10-23 00:41 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

2008-10-22 21:12 . 2008-10-22 21:12 <DIR> d-------- C:\Arquivos de programas\MestRe-C

2008-10-22 16:40 . 2008-10-22 18:35 <DIR> d-------- C:\wxNUTS

2008-10-20 15:34 . 2008-10-20 15:34 <DIR> d-------- C:\Arquivos de programas\PDFCreator Toolbar

2008-10-20 15:34 . 2008-10-20 15:34 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_2875.exe

2008-10-20 15:34 . 2008-10-20 15:34 14,298 --a------ C:\Arquivos de programas\settings.dat

2008-10-20 15:33 . 2008-10-20 15:34 <DIR> d-------- C:\Arquivos de programas\PDFCreator

2008-10-20 15:33 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll

2008-10-20 15:33 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX

2008-10-20 15:33 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL

2008-10-19 00:14 . 2008-10-19 00:14 <DIR> d----c--- C:\Documents and Settings\All Users\Dados de aplicativos\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}

2008-10-18 23:35 . 2008-10-18 23:49 <DIR> d-------- C:\Arquivos de programas\Marcos Velasco Security

2008-10-18 18:12 . 2008-10-27 11:11 <DIR> d-------- C:\Arquivos de programas\ThreatExpert Memory Scanner

2008-10-16 23:55 . 2008-10-16 23:55 <DIR> d--h----- C:\Arquivos de programas\Zenographics

2008-10-16 23:55 . 2006-01-30 07:00 574,100 -ra------ C:\WINDOWS\system32\hp1022n.img

2008-10-16 23:55 . 2006-01-30 07:00 442,368 --a------ C:\WINDOWS\system32\ZSHP1020.EXE

2008-10-16 23:55 . 2006-01-30 07:00 206,768 -ra------ C:\WINDOWS\system32\hp1022.img

2008-10-16 23:55 . 2006-01-30 07:00 143,360 -ra------ C:\WINDOWS\apptune1020.exe

2008-10-16 23:55 . 2006-01-30 07:00 128,820 -ra------ C:\WINDOWS\system32\hp1020.img

2008-10-16 23:55 . 2006-01-30 07:00 106,496 -ra------ C:\WINDOWS\system32\VSHP1020.DLL

2008-10-16 23:55 . 2006-01-30 07:00 102,400 --a------ C:\WINDOWS\system32\ZLhp1020.dll

2008-10-16 23:55 . 2006-01-30 07:00 86,016 --a------ C:\WINDOWS\system32\ZSPOOL.DLL

2008-10-16 23:55 . 2006-01-30 07:00 28,672 --a------ C:\WINDOWS\system32\zlm.dll

2008-10-16 23:55 . 2006-01-30 07:00 28,672 --a------ C:\WINDOWS\system32\IMF32.DLL

2008-10-16 23:55 . 2006-01-30 07:00 24,576 --a------ C:\WINDOWS\system32\ZTAG32.DLL

2008-10-16 23:55 . 2006-01-30 07:00 7,341 -ra------ C:\WINDOWS\system32\ZSHP1020.HLP

2008-10-16 02:37 . 2008-10-16 02:39 1,393 --a------ C:\WINDOWS\imsins.BAK

2008-10-15 23:56 . 2008-09-15 13:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-15 23:35 . 2008-08-14 11:24 2,193,408 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-15 23:35 . 2008-08-14 11:24 2,149,376 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-15 23:35 . 2008-08-14 11:24 2,070,272 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-15 23:35 . 2008-08-14 11:24 2,028,032 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-15 23:21 . 2008-09-08 08:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-14 15:36 . 2007-03-19 03:08 33,280 -ra------ C:\WINDOWS\system32\SNETLLC.DLL

2008-10-14 15:36 . 2007-03-19 03:08 29,184 -ra------ C:\WINDOWS\system32\SNETAPL.DLL

2008-10-14 15:36 . 2007-03-19 03:08 27,648 -ra------ C:\WINDOWS\system32\SNETDRV.EXE

2008-10-14 15:36 . 2007-03-19 03:08 13,312 -ra------ C:\WINDOWS\system32\SNET_EN.DLL

2008-10-14 15:36 . 2007-03-19 03:08 12,800 -ra------ C:\WINDOWS\system32\SNET_JA.DLL

2008-10-14 15:36 . 2007-03-19 03:08 11,776 -ra------ C:\WINDOWS\system32\SNETRUN.EXE

2008-10-14 15:36 . 2007-03-19 03:08 10,834 -ra------ C:\WINDOWS\system32\VsnetD.386

2008-10-14 15:36 . 2007-03-19 03:08 6,944 -ra------ C:\WINDOWS\system32\SNETM16.DLL

2008-10-14 15:36 . 2007-03-19 03:08 6,144 -ra------ C:\WINDOWS\system32\SNETMAC.DLL

2008-10-14 14:34 . 2008-10-14 15:36 365 --a------ C:\WINDOWS\SYSTEM.OLD

2008-10-14 14:34 . 1995-11-02 11:46 106 --a------ C:\WINDOWS\CAMPROT.INI

2008-10-14 14:34 . 1995-11-02 11:45 106 --a------ C:\WINDOWS\ASPIPROT.INI

2008-10-14 14:34 . 1995-01-31 10:22 41 --a------ C:\WINDOWS\PDACMD.INI

2008-10-14 14:34 . 1995-12-21 10:10 22 --a------ C:\WINDOWS\PDA.INI

2008-10-14 14:33 . 2008-10-14 15:45 <DIR> d-------- C:\LC10

2008-10-14 14:33 . 2008-10-14 22:48 1,633 --a------ C:\WINDOWS\CLASSLC.INI

2008-10-14 11:59 . 2008-10-14 11:59 <DIR> d-------- C:\Temp\DTI

2008-10-14 08:42 . 2008-10-14 08:42 <DIR> d-------- C:\Documents and Settings\Luísa\Dados de aplicativos\ChessCubeVideoViewer.22A6FA2509F415BF040C756B4D9CC577BC15C17E.1

2008-10-14 08:42 . 2008-10-14 08:42 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe AIR

2008-10-13 00:49 . 2008-10-13 00:50 94,990 --a------ C:\WINDOWS\system32\USB002

2008-10-12 20:53 . 2008-10-12 20:55 77,154 --a------ C:\WINDOWS\system32\hp 1020

2008-10-12 20:15 . 2007-12-10 08:00 61,440 --a------ C:\WINDOWS\system32\ZIMF.DLL

2008-10-12 20:15 . 2007-12-10 08:00 53,248 --a------ C:\WINDOWS\system32\ZTAG.DLL

2008-10-12 20:15 . 2007-12-10 08:00 10,632 --a------ C:\WINDOWS\system32\ZSHP1020.CHM

2008-10-08 17:47 . 2008-10-16 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-10-06 11:05 . 2008-10-04 14:22 332,800 --a------ C:\WINDOWS\system32\wget.exe

2008-10-01 17:32 . 2008-10-01 18:01 133,640 --a------ C:\WINDOWS\hpdj3500.hi2

2008-10-01 17:32 . 2008-10-01 18:01 6,584 --a------ C:\WINDOWS\hpdj3500.bu2

2008-10-01 17:14 . 2008-10-01 18:14 8,437 --a------ C:\WINDOWS\hpdj3500.hi1

2008-10-01 17:14 . 2008-10-01 18:14 1,794 --a------ C:\WINDOWS\hpdj3500.bu1

2008-10-01 17:12 . 2008-10-01 18:39 6,190 --a------ C:\WINDOWS\hpdj3500.his

2008-10-01 17:12 . 2008-10-01 18:39 1,434 --a------ C:\WINDOWS\hpdj3500.ini

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-28 04:02 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-10-27 17:17 --------- d-----w C:\Arquivos de programas\ImageJ

2008-10-27 11:55 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Spyware Terminator

2008-10-27 11:14 --------- d-----w C:\Arquivos de programas\Spyware Terminator

2008-10-26 13:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-10-26 13:33 --------- d-----w C:\Arquivos de programas\Realtek

2008-10-24 12:52 --------- d-----w C:\Arquivos de programas\gs

2008-10-24 02:46 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Skype

2008-10-23 22:25 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\skypePM

2008-10-22 01:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\NuTC4

2008-10-21 22:41 --------- d-----w C:\Arquivos de programas\Microsoft Silverlight

2008-10-20 02:05 --------- d-----w C:\Arquivos de programas\CCDC

2008-10-20 02:04 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-10-17 01:55 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-10-16 23:10 --------- d-----w C:\Arquivos de programas\Windows Live

2008-10-14 18:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-10-14 18:41 --------- d--h--w C:\Arquivos de programas\Scpad

2008-09-25 12:21 --------- d-----w C:\Arquivos de programas\ACD11

2008-09-24 03:05 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-24 02:53 --------- d-----w C:\Arquivos de programas\POV-Ray for Windows v3.6

2008-09-24 00:37 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Advanced Chemistry Development

2008-09-24 00:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Advanced Chemistry Development

2008-09-20 16:25 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\Uniblue

2008-09-20 15:58 --------- d-----w C:\Arquivos de programas\OriginLab

2008-09-20 14:56 --------- d-----w C:\Arquivos de programas\Megacubo

2008-09-19 16:25 --------- d-----w C:\Documents and Settings\Luísa\Dados de aplicativos\foobar2000

2008-09-19 00:06 298,104 ----a-w C:\WINDOWS\system32\imon.dll

2008-09-15 20:36 --------- d-----w C:\Arquivos de programas\Sun

2008-09-15 20:35 410,976 ----a-w C:\WINDOWS\system32\deploytk.dll

2008-09-15 20:35 --------- d-----w C:\Arquivos de programas\Java

2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-07 04:26 --------- d-----w C:\Arquivos de programas\DivX

2008-09-07 04:23 --------- d-----w C:\Arquivos de programas\Xvid

2008-09-01 00:38 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-08-29 15:12 177,664 ----a-w C:\WINDOWS\cbuninstall.exe

2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-25 12:41 1,072,047 ----a-w C:\i0756buf.zip

2008-08-14 13:24 2,193,408 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:24 2,070,272 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-07-29 22:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll

2008-06-23 23:35 43,494 ----a-w C:\Arquivos de programas\megacubo_log.log

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((( snapshot@2008-10-28_ 1.36.16.25 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-10-28 03:27:36 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2008-10-28 04:16:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

- 2008-10-28 03:27:36 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-10-28 04:16:23 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-10-28 05:34:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_244.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminator"="C:\ARQUIV~1\SPYWAR~2\SpywareTerminatorShield.exe" [2008-08-22 1783808]

"Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-08 29744]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre6\bin\jusched.exe" [2008-09-15 144792]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-10-28 02:02 3 C:\Arquivos de programas\GbPlugin\gbieh.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^System Control.lnk]

backup=C:\WINDOWS\pss\System Control.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-08-05 22:05 344064 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

--a------ 2006-05-24 18:39 2655272 C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 00:20 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

--a------ 2007-12-17 12:12 243240 C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2008-09-08 14:29 29744 C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2001-08-03 09:42 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------- 2006-07-12 07:58 1397760 C:\Arquivos de programas\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

--------- 2005-05-19 08:57 188416 C:\Arquivos de programas\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-14 00:21 1695232 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]

-ra------ 2006-01-30 07:00 98304 C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2004-11-02 21:24 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

--a------ 2008-08-22 16:52 1783808 C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 05:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2005-10-15 07:29 88203 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2005-11-10 12:14 15473664 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bruker FLEXlm License Server"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Arquivos de programas\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\CambridgeSoft\\ChemOffice2004\\ChemDraw\\ChemDraw.exe"=

"C:\\Arquivos de programas\\CambridgeSoft\\ChemOffice2004\\Chem3D\\Chem3D.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Star\\Chemis32.exe"=

"C:\\MirandaPortable\\App\\miranda\\miranda32.exe"=

"C:\\Arquivos de programas\\JEOL\\Delta\\bin\\delta.exe"=

"C:\\Arquivos de programas\\CambridgeSoft\\ChemOffice2004\\ChemFinder\\CFWord.exe"=

"C:\\WINDOWS\\system32\\fxsclnt.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\JEOL\\Delta\\global\\convert.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8597:TCP"= 8597:TCP:*:Disabled:BitComet 8597 TCP

"8597:UDP"= 8597:UDP:*:Disabled:BitComet 8597 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowOutboundPacketTooBig"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-22 141312]

R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2007-02-21 4096]

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]

R2 fsssvc;Windows Live OneCare Proteção para a Família;C:\Arquivos de programas\Windows Live\Proteção para a Família\fsssvc.exe [2007-12-17 523816]

R2 JavaQuickStarterService;Java Quick Starter;C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-09-15 147456]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-08 29744]

S3 gpibclsb;GPIB Board Class Driver;C:\WINDOWS\system32\Drivers\gpibclsb.sys [ ]

S3 gpibclsd;GPIB Device Class Driver;C:\WINDOWS\system32\Drivers\gpibclsd.sys [ ]

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2008-10-27 C:\WINDOWS\Tasks\Updater 1.job

- C:\Arquivos de programas\ACD11\UPDATER.EXE [2008-03-06 18:13]

2008-06-20 C:\WINDOWS\Tasks\Updater.job

- C:\ACD\UPDATER.EXE [2002-07-04 21:49]

2008-10-28 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC77139A-266F-48DB-986D-BE3702AF99CD}.job

- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 13:58]

.

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Luísa\Dados de aplicativos\Mozilla\Firefox\Profiles\s4ujf6o8.default\

FF -: plugin - C:\Arquivos de programas\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - c:\Arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF -: plugin - c:\Arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF -: plugin - C:\Arquivos de programas\Yahoo!\Shared\npYState.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\np32dsw.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npdeploytk.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\npnul32.dll

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\NPOFFICE.DLL

FF -: plugin - C:\FIREFO~1\APP\FIREFOX\plugins\NPSWF32.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-28 03:49:33

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-10-28 3:51:33

ComboFix-quarantined-files.txt 2008-10-28 05:51:25

ComboFix2.txt 2008-10-28 05:25:56

ComboFix3.txt 2008-10-28 04:56:32

ComboFix4.txt 2008-10-28 04:11:21

ComboFix5.txt 2008-10-28 05:47:05

Pré-execução: 42 pasta(s) 18,784,489,472 bytes disponíveis

Pós execução: 42 pasta(s) 18,767,519,744 bytes disponíveis

295 --- E O F --- 2008-10-24 13:20:04

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Log do Hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 3:44:44 AM, on 10/28/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\FirefoxPortable\App\firefox\firefox.exe

C:\Documents and Settings\Luísa\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~2\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: JavaConnect - http://sametime.grude.ufmg.br/sametime/javaconnect/JavaConnect.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://www.mrw.interscience.wiley.com/wfplayer/tdserver.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {1EEDA174-3132-4AFC-9EEC-55BE29C87476} (STAutoAway Control) - http://sametime.grude.ufmg.br/sametime/javaconnect/STAutoAwayLoader.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://manivela.grude.ufmg.br/iNotes6.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179804992812

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201656275187

O16 - DPF: {D4B5D9AB-D565-4DAF-BF5C-4D07F1CAA6EE} (STURLConnection Control) - http://sametime.grude.ufmg.br/sametime/javaconnect/STUrlConLoader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

Atenciosamente,

Djalma Oliveira

P.S.= O arquivo i0756buf.zip é um arquivo resultante da aquisiçao de dados de ressonância magnética nuclear (RMN), ferramenta de análise quimica para elucidação estrutural de moléculas orgânicas. Assunto de minha área de pesquisa em química.

abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sr Mejias

Quero saber como faço para tirar o nome/path do arquivo malicioso da lista de iniciar do Windows.

obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites
P.S.= O arquivo i0756buf.zip é um arquivo resultante da aquisiçao de dados de ressonância magnética nuclear (RMN), ferramenta de análise quimica para elucidação estrutural de moléculas orgânicas. Assunto de minha área de pesquisa em química.

Um simples SIM já teria bastado :) . Área fascinante a química, parabéns pela escolha.

Quero saber como faço para tirar o nome/path do arquivo malicioso da lista de iniciar do Windows.

Ele já não consta mais na lista de startup.

Faça download do Kaspersky Removal Tool (Certifique-se de sempre usar o último link que aparece na lista para baixar a versão mais atual do software). Salve no seu desktop (área de trabalho).

  • Instale o programa normalmente seguindo todos os seus passos.
  • Na tela principal do programa clique na opção "Meu computador" e depois clique no botão "Scan".
  • Seja paciente, o scan pode demorar
  • Se ele encontrar alguma infecção clique em "skip".
  • Após completar tudo clique na aba Events, desmarque a caixa de seleção "Show all events" e depois em "Save to file".
  • Dê um nome para o arquivo e salve numa pasta de sua preferência
  • Poste o conteúdo desse arquivo em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Scan

----

Scanned: 371214

Detected: 0

Untreated: 0

Start time: 10/29/2008 1:05:13 AM

Duration: 01:45:28

Finish time: 10/29/2008 2:50:41 AM

Detected

--------

Status Object

------ ------

Events

------

Time Name Status Reason

---- ---- ------ ------

10/29/2008 1:07:57 AM Logical disk sector: D processing error

10/29/2008 1:48:24 AM File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass.zip/sbRecovery.reg password protected

10/29/2008 1:48:24 AM File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass.zip/sbRecovery.ini password protected

10/29/2008 1:48:24 AM File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass1.zip/sbRecovery.reg password protected

10/29/2008 1:48:24 AM File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass1.zip/sbRecovery.ini password protected

10/29/2008 1:48:24 AM File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerfn.zip/lnk_dados_1.dll password protected

10/29/2008 1:48:24 AM File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerfn.zip/sbRecovery.ini password protected

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

All objects 38872 0 0 0 0 161 91 0 0

System memory 0 0 0 0 0 0 0 0 0

Startup objects 790 0 0 0 0 3 43 0 0

Disk boot sectors 5 0 0 0 0 0 0 0 0

Meu computador 38077 0 0 0 0 158 48 0 0

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

Backup

------

Status Object Size

------ ------ ----

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Sr. Mejias,

Acho que agora está limpo o PC. Aprendi muito com essa peleja :). I am so happy. O senhor é muito competente. Thanks for you. Muchas Gracias. Muito Obrigado.

Djalma Menezes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Parabéns, seu log está limpo.

De agora em diante fique ALERTA!

Para finalizar faça o seguinte:

Vá em Iniciar > Executar e digite combofix /u. Isso desinstalará o ComboFix de sua máquina.

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Sugiro também que consulte este artigo: Proteja seu PC

Mais algum problema com o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites
Parabéns, seu log está limpo.

Mais algum problema com o computador?

Fantástico. O cuidado do consultor Sr. Mejias chega a soar paternal :wub:. Muito bom. Muito obrigado, um abraço a todos da eqipe do Forum do Clube do Hardware!!

Sinceramente,

Djalma Menezes Oliveira

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×