Ir ao conteúdo
  • Cadastre-se
Hangman

Ajuda Remover Virus

Recommended Posts

Não consigo atualizar o meu antivirus avg 7.5

e percebi tb que qualquer outro programa que tenet acessar a internet para fazer alguma atualização não consegui

vi que tinha o arquivo kamsoft.exe na inicialização mas removi com o ccleaner..mais ainda não consigo atualizar o antivirus...

segue abaixo os logs

hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:11:34, on 30/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C76B1D3F-88A4-433E-84A1-76242A2FCD9D}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 5126 bytes

DDS

DDS (Version 1.0) - NTFSx86

Run by user at 18:57:53,28 on dom 30/11/2008

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.503.172 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\user\Meus documentos\Downloads\ricardo\Nova pasta\dds.scr

============== Pseudo HJT Report ===============

BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\arquivos de programas\real\realplayer\rpbrowserrecordplugin.dll

BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar.dll

BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\arquivos de programas\google\googletoolbarnotifier\5.0.926.3450\swg.dll

BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\arquivos de programas\google\google toolbar\component\fastsearch_219B3E1547538286.dll

TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\google toolbar\GoogleToolbar.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\arquivos de programas\google\google toolbar\GoogleToolbar.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AVG7_CC] c:\arquiv~1\grisoft\avg7\avgcc.exe /STARTUP

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [AVG7_Run] c:\arquiv~1\grisoft\avg7\avgw.exe /RUNONCE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

TCP: {C76B1D3F-88A4-433E-84A1-76242A2FCD9D} = 200.204.0.10 200.204.0.138

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2008-11-30 18:52 <DIR> --d----- c:\arquivos de programas\Trend Micro

2008-11-30 18:30 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2008-11-30 18:21 180,224 a----r-- c:\windows\system32\igfxres.dll

2008-11-30 18:15 161,792 a------- c:\windows\SWREG.exe

2008-11-30 18:15 98,816 a------- c:\windows\sed.exe

2008-11-30 17:54 52,074 a------- C:\bk.reg

2008-11-30 17:42 <DIR> --d----- c:\docume~1\user\dadosd~1\AVG7

2008-11-30 17:41 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Grisoft

2008-11-30 17:35 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Avg7

2008-11-30 17:29 <DIR> --d----- c:\windows\pss

2008-11-23 17:18 <DIR> --d----- c:\arquivos de programas\Nero

2008-11-23 17:18 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Ahead

2008-11-21 01:15 <DIR> --d-h--- C:\$AVG8.VAULT$

2008-11-21 00:44 <DIR> --d----- c:\arquivos de programas\AVG

2008-11-21 00:21 <DIR> --d----- c:\arquivos de programas\arquivos comuns\xing shared

2008-11-21 00:21 499,712 a------- c:\windows\system32\msvcp71.dll

2008-11-21 00:21 348,160 a------- c:\windows\system32\msvcr71.dll

2008-11-20 20:14 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\avg8

2008-11-20 19:56 <DIR> --d----- c:\arquivos de programas\Real

2008-11-19 00:18 150 a------- c:\windows\cdplayer.ini

2008-11-18 19:19 708 a------- c:\windows\ST6UNST.001

2008-11-18 19:18 0 ac------ c:\windows\SETUP.LST

2008-11-18 19:18 708 a------- c:\windows\ST6UNST.000

2008-11-18 19:10 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS

2008-11-18 19:10 60,800 a------- c:\windows\system32\S32EVNT1.DLL

2008-11-18 19:10 10,671 a------- c:\windows\system32\drivers\SYMEVENT.CAT

2008-11-18 19:10 805 a------- c:\windows\system32\drivers\SYMEVENT.INF

2008-11-18 17:52 45,056 a------- c:\windows\system32\WNASPI32.DLL

2008-11-18 17:52 5,600 a------- c:\windows\system\WINASPI.DLL

2008-11-18 17:52 4,672 a------- c:\windows\system\WOWPOST.EXE

2008-11-18 17:52 <DIR> --d----- c:\docume~1\user\dadosd~1\Symantec

2008-11-18 17:52 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Symantec Shared

2008-11-18 17:52 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Symantec

2008-11-18 17:00 <DIR> --d-h--- C:\ckis

2008-11-18 16:47 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

2008-11-18 15:41 646 a------- C:\setup.reg

2008-11-18 14:58 <DIR> --d----- c:\windows\system32\CatRoot_3

2008-11-18 14:58 813,568 ---sh--- c:\windows\system32\cefplug.exe

2008-11-18 14:57 370,416 ---sh--- c:\windows\systemq.exe

2008-11-18 14:57 427,008 ---sh--- c:\windows\system32\ashservec.exe

2008-11-18 14:57 <DIR> --d----- c:\windows\system32\Prefetchxs

2008-11-18 11:36 <DIR> --d----- c:\docume~1\user\dadosd~1\vlc

2008-11-18 11:34 <DIR> --d----- c:\arquivos de programas\VideoLAN

2008-11-18 11:24 <DIR> --d----- c:\arquivos de programas\Alcohol Soft

2008-11-18 11:22 685,816 a------- c:\windows\system32\drivers\sptd.sys

2008-11-17 11:31 <DIR> --d----- c:\windows\system32\appmgmt

2008-11-17 00:57 <DIR> --d----- C:\Program Files

2008-11-17 00:57 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Real

2008-11-17 00:35 272,384 -c------ c:\windows\system32\dllcache\bthport.sys

2008-11-17 00:35 272,384 -------- c:\windows\system32\drivers\bthport.sys

2008-11-17 00:33 2,149,376 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe

2008-11-17 00:33 2,070,272 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe

2008-11-17 00:33 2,028,032 -c------ c:\windows\system32\dllcache\ntkrpamp.exe

2008-11-17 00:32 2,193,408 -c------ c:\windows\system32\dllcache\ntoskrnl.exe

2008-11-17 00:30 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2008-11-17 00:26 <DIR> --d----- c:\windows\system32\PreInstall

2008-11-16 23:25 940,794 a------- c:\windows\system32\LoopyMusic.wav

2008-11-16 23:25 146,650 a------- c:\windows\system32\BuzzingBee.wav

2008-11-16 21:53 <DIR> --d----- c:\windows\system32\SoftwareDistribution

2008-11-16 18:03 <DIR> --d----- c:\documents and settings\user\Contacts

2008-11-16 18:03 268 a---h--- C:\sqmdata01.sqm

2008-11-16 18:03 244 a---h--- C:\sqmnoopt01.sqm

2008-11-16 17:42 <DIR> --d----- c:\windows\SHELLNEW

2008-11-16 17:28 <DIR> --d----- c:\arquivos de programas\Windows Media Connect 2

2008-11-16 17:27 <DIR> --d----- c:\windows\system32\LogFiles

2008-11-16 17:21 <DIR> --dsh--- c:\documents and settings\user\UserData

2008-11-16 17:20 23,856 a------- c:\windows\system32\spupdsvc.exe

2008-11-16 17:20 <DIR> --d-h--- c:\windows\$hf_mig$

2008-11-16 17:15 268 a---h--- C:\sqmdata00.sqm

2008-11-16 17:15 244 a---h--- C:\sqmnoopt00.sqm

2008-11-16 17:11 <DIR> --d----- c:\arquivos de programas\MSN Messenger

2008-11-16 16:48 7,552 ac------ c:\windows\system32\dllcache\mskssrv.sys

2008-11-16 16:48 7,552 a------- c:\windows\system32\drivers\MSKSSRV.sys

2008-11-16 16:48 4,992 ac------ c:\windows\system32\dllcache\mspqm.sys

2008-11-16 16:48 4,992 a------- c:\windows\system32\drivers\MSPQM.sys

2008-11-16 16:48 5,376 ac------ c:\windows\system32\dllcache\mspclock.sys

2008-11-16 16:48 5,376 a------- c:\windows\system32\drivers\MSPCLOCK.sys

2008-11-16 16:48 16,128 ac------ c:\windows\system32\dllcache\modemcsa.sys

2008-11-16 16:48 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys

2008-11-16 16:48 129,536 ac------ c:\windows\system32\dllcache\ksproxy.ax

2008-11-16 16:48 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll

2008-11-16 16:48 129,536 a------- c:\windows\system32\ksproxy.ax

2008-11-16 16:48 4,096 a------- c:\windows\system32\ksuser.dll

2008-11-16 16:48 <DIR> --d----- c:\arquivos de programas\CONEXANT

2008-11-16 16:47 102,656 a----r-- c:\windows\system32\drivers\Rtenicxp.sys

2008-11-16 16:43 1,036,928 a------- c:\windows\system32\drivers\HSF_DP.sys

2008-11-16 16:43 702,592 a------- c:\windows\system32\drivers\HSF_CNXT.sys

2008-11-16 16:43 219,136 a------- c:\windows\system32\drivers\HSFHWBS2.sys

2008-11-16 16:43 129,045 a------- c:\windows\system32\drivers\HSFProf.cty

2008-11-16 16:43 86,016 a------- c:\windows\system32\mdmxsdk.dll

2008-11-16 16:43 39,018 a------- c:\windows\system32\hsfci011.dll

2008-11-16 16:43 13,059 a------- c:\windows\system32\drivers\mdmxsdk.sys

2008-11-16 16:41 <DIR> --d----- c:\windows\system32\ReinstallBackups

2008-11-16 16:41 <DIR> --d----- C:\Intel

2008-11-16 16:40 <DIR> --d----- C:\drivers

2008-11-16 16:40 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys

2008-11-16 16:32 <DIR> --d-h--- c:\documents and settings\user\Ambiente de rede

2008-11-16 16:32 <DIR> --d-h--- c:\documents and settings\user\Ambiente de impressão

2008-11-16 16:32 <DIR> --d-hr-- c:\documents and settings\user\Dados de aplicativos

2008-11-16 16:32 <DIR> --d-h--- c:\documents and settings\user\Modelos

2008-11-16 16:32 <DIR> --d-h--- c:\documents and settings\user\Configurações locais

2008-11-16 16:32 <DIR> --d--r-- c:\documents and settings\user\Meus documentos

2008-11-16 16:32 <DIR> --d--r-- c:\documents and settings\user\Menu Iniciar

2008-11-16 16:32 <DIR> --d--r-- c:\documents and settings\user\Favoritos

2008-11-16 16:32 <DIR> --d----- c:\documents and settings\user

2008-11-16 16:31 <DIR> --ds---- c:\windows\system32\Microsoft

2008-11-16 16:31 8,192 a------- c:\windows\REGLOCS.OLD

2008-11-16 16:29 40,960 ac------ c:\windows\system32\dllcache\msiregmv.exe

2008-11-16 16:28 82,172 ac------ c:\windows\system32\dllcache\bopomofo.nls

2008-11-16 16:27 <DIR> --dsh--- c:\documents and settings\all users\DRM

2008-11-16 16:27 488 a---hr-- c:\windows\system32\WindowsLogon.manifest

2008-11-16 16:27 488 a---hr-- c:\windows\system32\logonui.exe.manifest

2008-11-16 16:27 <DIR> --ds---- c:\windows\Downloaded Program Files

2008-11-16 16:27 <DIR> --d--r-- c:\windows\Offline Web Pages

2008-11-16 16:27 749 a---hr-- c:\windows\WindowsShell.Manifest

2008-11-16 16:27 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest

2008-11-16 16:27 749 a---hr-- c:\windows\system32\sapi.cpl.manifest

2008-11-16 16:27 749 a---hr-- c:\windows\system32\nwc.cpl.manifest

2008-11-16 16:27 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest

2008-11-16 16:27 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest

2008-11-16 16:27 <DIR> --d-h--- c:\arquivos de programas\WindowsUpdate

2008-11-16 16:26 <DIR> --d----- c:\arquivos de programas\Serviços on-line

2008-11-16 16:26 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Serviços

2008-11-16 16:26 <DIR> --d----- c:\arquivos de programas\arquivos comuns\MSSoap

2008-11-16 16:24 <DIR> --d----- c:\arquivos de programas\Messenger

2008-11-16 16:24 <DIR> --d----- c:\arquivos de programas\MSN Gaming Zone

2008-11-16 16:24 <DIR> --d----- c:\arquivos de programas\Windows NT

2008-11-16 14:19 <DIR> --d----- c:\arquivos de programas\arquivos comuns\ODBC

2008-11-16 14:19 <DIR> --d----- c:\arquivos de programas\arquivos comuns\SpeechEngines

2008-11-16 14:18 <DIR> --d-h--- c:\documents and settings\all users\Modelos

2008-11-16 14:18 <DIR> --d--r-- c:\documents and settings\all users\Menu Iniciar

2008-11-16 14:18 <DIR> --d--r-- c:\documents and settings\all users\Documentos

2008-11-16 14:18 <DIR> --d----- c:\documents and settings\all users\Favoritos

2008-11-16 14:18 <DIR> --d-hr-- c:\documents and settings\all users\Dados de aplicativos

==================== Find3M ====================

2009-11-30 11:42 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Messenger Plus!

2008-11-17 18:54 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2008-11-16 16:49 344,380 a------- c:\windows\system32\perfh016.dat

2008-11-16 16:49 48,628 a------- c:\windows\system32\perfc016.dat

2008-11-16 16:25 21,844 a------- c:\windows\system32\emptyregdb.dat

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-09-15 13:26 1,846,528 a------- c:\windows\system32\win32k.sys

2008-09-09 23:15 1,307,648 a------- c:\windows\system32\msxml6.dll

2008-09-04 15:16 1,106,944 a------- c:\windows\system32\msxml3.dll

============= FINISH: 18:58:05,23 ===============

Gamer

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-30 19:11:16

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT 816801F0 ZwConnectPort

SSDT sptd.sys ZwCreateKey [0xF82890D0]

SSDT sptd.sys ZwEnumerateKey [0xF828EFB2]

SSDT sptd.sys ZwEnumerateValueKey [0xF828F340]

SSDT sptd.sys ZwOpenKey [0xF82890B0]

SSDT sptd.sys ZwQueryKey [0xF828F418]

SSDT sptd.sys ZwQueryValueKey [0xF828F298]

SSDT sptd.sys ZwSetValueKey [0xF828F4AA]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys O arquivo já está sendo usado por outro processo.

.text USBPORT.SYS!DllUnload F7A628AC 5 Bytes JMP 8202D1C8

? System32\Drivers\axfdhts7.SYS O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.14 ----

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2508] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 4367F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2508] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4381179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2508] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 43811720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2508] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 43811764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2508] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 438116AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2508] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 438116E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2508] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 438117DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2508] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 436A16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8289AD4] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8289C1A] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8289B9C] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F828A748] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F828A61E] sptd.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F829F29A] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 821DA1E8

AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{B6EE12A0-8C2E-49E1-8554-21768C326829} 816203F8

Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 8202C1E8

Device \Driver\usbuhci \Device\USBPDO-1 8202C1E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 8216D1E8

Device \Driver\dmio \Device\DmControl\DmConfig 8216D1E8

Device \Driver\dmio \Device\DmControl\DmPnP 8216D1E8

Device \Driver\dmio \Device\DmControl\DmInfo 8216D1E8

Device \Driver\usbuhci \Device\USBPDO-2 8202C1E8

Device \Driver\PCI_NTPNP5026 \Device\00000047 sptd.sys

Device \Driver\usbuhci \Device\USBPDO-3 8202C1E8

Device \Driver\usbehci \Device\USBPDO-4 820111E8

Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 821DC1E8

Device \Driver\Cdrom \Device\CdRom0 8202B1E8

Device \Driver\Cdrom \Device\CdRom1 8202B1E8

Device \Driver\NetBT \Device\NetBt_Wins_Export 816203F8

Device \Driver\NetBT \Device\NetbiosSmb 816203F8

Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8202C1E8

Device \Driver\usbuhci \Device\USBFDO-1 8202C1E8

Device \Driver\usbuhci \Device\USBFDO-2 8202C1E8

Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81619790

Device \FileSystem\MRxSmb \Device\LanmanRedirector 81619790

Device \Driver\usbuhci \Device\USBFDO-3 8202C1E8

Device \Driver\Ftdisk \Device\FtControl 821DC1E8

Device \Driver\usbehci \Device\USBFDO-4 820111E8

Device \Driver\axfdhts7 \Device\Scsi\axfdhts71Port4Path0Target0Lun0 81F771E8

Device \Driver\axfdhts7 \Device\Scsi\axfdhts71 81F771E8

Device \FileSystem\Cdfs \Cdfs 816B8340

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -351152026

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -656996527

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x12 0xF6 0x48 0xA8 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA2 0xFA 0x99 0xED ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x12 0xCA 0xF9 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x12 0xF6 0x48 0xA8 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA2 0xFA 0x99 0xED ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x12 0xCA 0xF9 ...

---- EOF - GMER 1.0.14 ----

DESDE JÁ AGRADEÇO ATENÇÃO

OBRIGADO

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste um novo log do DDS, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×