Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
beto_sp

Trojan detectado - analisar log

Recommended Posts

Olá pessoal,

O Antivirus Kaspersky detectou um trojan (Trojan-Downloader.Win32.Agent.asrr) e excluiu ele, porém não sei se ele ainda está ativo no micro por isso posto abaixo os logs conforme orientação do fórum para análise.

Obrigado e até mais.

P.S.: Tenho outro micro na rede ele pode ter sido contaminado?

O HD do micro está particionado tenho que fazer o procedimento nele também?

======================================================

DDS (Version 1.0) - NTFSx86

Run by Pardal at 15:57:54,12 on sex 05/12/2008

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.447.190 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Pardal\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar =

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AVP] "c:\arquivos de programas\kaspersky lab\kaspersky internet security 7.0\avp.exe"

mRun: [VTTrayp] VTtrayp.exe

mRun: [VTTimer] VTTimer.exe

mRun: [spywareTerminator] "c:\arquivos de programas\spyware terminator\SpywareTerminatorShield.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: klogon - c:\windows\system32\klogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-10-31 112144]

R1 klif;Klif;\??\c:\windows\system32\drivers\klif.sys [2007-12-28 195344]

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-27 141312]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]

S1 F1rewall;F1rewall;c:\windows\system32\drivers\firewall.sys []

S2 AVP;Kaspersky Internet Security 7.0;"c:\arquivos de programas\kaspersky lab\kaspersky internet security 7.0\avp.exe" -r [2008-2-8 227856]

S3 clm50;Ambient CLM Data Fax Voice;c:\windows\system32\drivers\clm50.sys [2000-8-10 427867]

S3 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice [2002-1-25 20480]

S3 scsiprnt;Microsoft SCSI/1394 Generic Printer Class;c:\windows\system32\drivers\scsiprnt.sys [2008-5-2 11648]

S3 siusbmod;siusbmod;c:\windows\system32\drivers\siusbmod.sys []

=============== Created Last 30 ================

2008-11-30 11:42 <DIR> --d----- C:\CI_C79

2008-11-27 22:12 <DIR> --d----- c:\docume~1\pardal\dadosd~1\Malwarebytes

2008-11-27 22:12 15,504 a------- c:\windows\system32\drivers\mbam.sys

2008-11-27 22:12 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-27 22:12 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2008-11-27 22:12 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-27 21:55 141,312 a------- c:\windows\system32\drivers\sp_rsdrv2.sys

2008-11-27 21:55 <DIR> --d----- c:\docume~1\pardal\dadosd~1\Spyware Terminator

2008-11-27 21:55 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spyware Terminator

2008-11-27 21:55 <DIR> --d----- c:\arquivos de programas\Spyware Terminator

2008-11-23 12:32 <DIR> --dsh--- C:\found.000

2008-11-20 15:28 1,024,000 -c------ c:\windows\system32\dllcache\ieframe.dll.mui

2008-11-20 15:28 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll

2008-11-20 15:28 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll

2008-11-20 15:28 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll

2008-11-20 15:28 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe

2008-11-20 15:28 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll

2008-11-20 15:28 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat

2008-11-20 15:28 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll

2008-11-20 15:28 63,488 -c------ c:\windows\system32\dllcache\icardie.dll

2008-11-20 13:44 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2008-11-20 13:37 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

2008-11-20 13:24 27,672 a------- c:\windows\system32\wuapi.dll.mui

2008-11-20 12:51 <DIR> --d----- c:\arquivos de programas\CCleaner

2008-11-18 21:13 <DIR> a-dshr-- C:\cmdcons

2008-11-09 23:42 <DIR> --d----- c:\arquivos de programas\trend micro

2008-11-09 23:35 250 a------- c:\windows\gmer.ini

2008-11-09 23:29 <DIR> --d----- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2008-11-09 23:29 <DIR> --d----- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2008-11-08 22:55 96,976 a------- c:\windows\system32\drivers\klin.dat

2008-11-08 22:55 87,855 a------- c:\windows\system32\drivers\klick.dat

2008-11-08 22:54 10,540,576 a--sh--- c:\windows\system32\drivers\fidbox.dat

2008-11-08 22:54 224,800 a--sh--- c:\windows\system32\drivers\fidbox2.dat

2008-11-08 22:54 144,992 a--sh--- c:\windows\system32\drivers\fidbox.idx

2008-11-08 22:54 24,068 a--sh--- c:\windows\system32\drivers\fidbox2.idx

2008-11-08 22:54 <DIR> --d----- c:\arquivos de programas\Kaspersky Lab

2008-11-08 22:54 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab

2008-11-08 22:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

==================== Find3M ====================

2008-12-03 22:34 <DIR> --d----- c:\arquivos de programas\eMule

2008-11-27 21:22 <DIR> --d----- c:\arquivos de programas\Sony

2008-11-22 14:15 513,966 a------- c:\windows\system32\perfh016.dat

2008-11-22 14:15 101,190 a------- c:\windows\system32\perfc016.dat

2008-11-20 20:50 <DIR> --d----- c:\arquivos de programas\PowerQuest

2008-11-20 20:38 <DIR> --d----- c:\arquivos de programas\Spybot - Search & Destroy

2008-11-20 20:36 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2008-11-09 00:38 <DIR> --d----- c:\arquivos de programas\GoSing_WhenUSave_Installer

2008-11-08 22:47 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\avg8

2008-11-08 11:18 <DIR> --d----- c:\arquivos de programas\GbPlugin

2008-11-02 12:28 <DIR> --d----- c:\arquivos de programas\Marcos Velasco Security

2008-10-26 20:21 <DIR> --d----- c:\arquivos de programas\Messenger

2008-10-26 20:13 <DIR> --d----- c:\arquivos de programas\Windows NT

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-06 20:12 <DIR> --d----- c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2008-10-06 20:12 <DIR> --d----- c:\arquivos de programas\SDHelper (Spybot - Search & Destroy)

2008-10-03 20:57 <DIR> --d----- c:\docume~1\pardal\dadosd~1\XCPCSync.OEM

2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

2008-09-15 12:26 1,846,528 a------- c:\windows\system32\win32k.sys

2008-09-09 22:15 1,307,648 a------- c:\windows\system32\msxml6.dll

2007-09-01 16:51 <DIR> --d----- c:\docume~1\pardal\dadosd~1\JCreator

2007-09-01 16:51 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\JCreator

2007-04-19 11:35 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\MSScanAppDataDir

2007-04-09 11:08 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\UDL

2006-12-21 13:46 <DIR> --d----- c:\docume~1\pardal\dadosd~1\IsolatedStorage

2006-12-21 13:37 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PowerQuest

============= FINISH: 15:58:22,71 ===============

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-05 16:02:43

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xF5B4F9B0]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xF5B4FA60]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xF5B5F460]

Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess

Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 84F731D8

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Threads - GMER 1.0.14 ----

Thread 4:472 84C2F6F0

Thread 4:476 84C2F6F0

Thread 4:480 84C00EB0

Thread 4:484 84C00EB0

Thread 4:488 84C00EB0

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste um novo log do DDS, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato, segue novo log e obrigado pela ajuda.

DDS (Version 1.0) - NTFSx86

Run by Pardal at 15:45:29,06 on qui 11/12/2008

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.447.45 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Pardal\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar =

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AVP] "c:\arquivos de programas\kaspersky lab\kaspersky internet security 7.0\avp.exe"

mRun: [VTTrayp] VTtrayp.exe

mRun: [VTTimer] VTTimer.exe

mRun: [spywareTerminator] "c:\arquivos de programas\spyware terminator\SpywareTerminatorShield.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: klogon - c:\windows\system32\klogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-10-31 112144]

R1 klif;Klif;\??\c:\windows\system32\drivers\klif.sys [2007-12-28 195344]

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-27 141312]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]

S1 F1rewall;F1rewall;c:\windows\system32\drivers\firewall.sys []

S2 AVP;Kaspersky Internet Security 7.0;"c:\arquivos de programas\kaspersky lab\kaspersky internet security 7.0\avp.exe" -r [2008-2-8 227856]

S3 clm50;Ambient CLM Data Fax Voice;c:\windows\system32\drivers\clm50.sys [2000-8-10 427867]

S3 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice [2002-1-25 20480]

S3 scsiprnt;Microsoft SCSI/1394 Generic Printer Class;c:\windows\system32\drivers\scsiprnt.sys [2008-5-2 11648]

S3 siusbmod;siusbmod;c:\windows\system32\drivers\siusbmod.sys []

=============== Created Last 30 ================

2008-11-30 11:42 <DIR> --d----- C:\CI_C79

2008-11-27 22:12 <DIR> --d----- c:\docume~1\pardal\dadosd~1\Malwarebytes

2008-11-27 22:12 15,504 a------- c:\windows\system32\drivers\mbam.sys

2008-11-27 22:12 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-27 22:12 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2008-11-27 22:12 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-27 21:55 141,312 a------- c:\windows\system32\drivers\sp_rsdrv2.sys

2008-11-27 21:55 <DIR> --d----- c:\docume~1\pardal\dadosd~1\Spyware Terminator

2008-11-27 21:55 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spyware Terminator

2008-11-27 21:55 <DIR> --d----- c:\arquivos de programas\Spyware Terminator

2008-11-23 12:32 <DIR> --dsh--- C:\found.000

2008-11-20 15:28 1,024,000 -c------ c:\windows\system32\dllcache\ieframe.dll.mui

2008-11-20 15:28 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll

2008-11-20 15:28 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll

2008-11-20 15:28 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll

2008-11-20 15:28 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe

2008-11-20 15:28 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll

2008-11-20 15:28 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat

2008-11-20 15:28 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll

2008-11-20 15:28 63,488 -c------ c:\windows\system32\dllcache\icardie.dll

2008-11-20 13:44 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2008-11-20 13:37 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

2008-11-20 13:24 27,672 a------- c:\windows\system32\wuapi.dll.mui

2008-11-20 12:51 <DIR> --d----- c:\arquivos de programas\CCleaner

2008-11-18 21:13 <DIR> a-dshr-- C:\cmdcons

==================== Find3M ====================

2008-12-11 15:42 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab

2008-12-03 22:34 <DIR> --d----- c:\arquivos de programas\eMule

2008-11-27 21:22 <DIR> --d----- c:\arquivos de programas\Sony

2008-11-22 14:15 513,966 a------- c:\windows\system32\perfh016.dat

2008-11-22 14:15 101,190 a------- c:\windows\system32\perfc016.dat

2008-11-20 20:50 <DIR> --d----- c:\arquivos de programas\PowerQuest

2008-11-20 20:38 <DIR> --d----- c:\arquivos de programas\Spybot - Search & Destroy

2008-11-20 20:36 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2008-11-09 23:42 <DIR> --d----- c:\arquivos de programas\trend micro

2008-11-09 23:29 <DIR> --d----- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2008-11-09 23:29 <DIR> --d----- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2008-11-09 00:38 <DIR> --d----- c:\arquivos de programas\GoSing_WhenUSave_Installer

2008-11-08 22:54 <DIR> --d----- c:\arquivos de programas\Kaspersky Lab

2008-11-08 22:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

2008-11-08 22:47 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\avg8

2008-11-08 11:18 <DIR> --d----- c:\arquivos de programas\GbPlugin

2008-11-02 12:28 <DIR> --d----- c:\arquivos de programas\Marcos Velasco Security

2008-10-26 20:21 <DIR> --d----- c:\arquivos de programas\Messenger

2008-10-26 20:13 <DIR> --d----- c:\arquivos de programas\Windows NT

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-03 20:57 <DIR> --d----- c:\docume~1\pardal\dadosd~1\XCPCSync.OEM

2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

2008-09-15 12:26 1,846,528 a------- c:\windows\system32\win32k.sys

2007-09-01 16:51 <DIR> --d----- c:\docume~1\pardal\dadosd~1\JCreator

2007-09-01 16:51 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\JCreator

2007-04-19 11:35 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\MSScanAppDataDir

2007-04-09 11:08 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\UDL

2006-12-21 13:46 <DIR> --d----- c:\docume~1\pardal\dadosd~1\IsolatedStorage

2006-12-21 13:37 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PowerQuest

============= FINISH: 15:46:33,71 ===============

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-11 15:48:37

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xF5B4F9B0]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xF5B4FA60]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xF5B5F460]

Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess

Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 84F731D8

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Threads - GMER 1.0.14 ----

Thread 4:472 84C2E6F0

Thread 4:476 84C2E6F0

Thread 4:480 84BFFEB0

Thread 4:484 84BFFEB0

Thread 4:488 84BFFEB0

---- EOF - GMER 1.0.14 ----

P.S.: o 2º log do gmer gerou logo que abrir o gmer.exe, como foi rápido, não sei se o procedimento foi o correto, além disso, quando clico no scan para fazer a varredura, depois de alguns minutos ele reinicia o computador.

P.S: A licença do antivírus acabou, posso remover ele e instalar outro ou espera acabar a análise do log?

Obrigado e até mais,

Beto

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seu log está limpo, o computador apresenta algum problema?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato,

Ele anda um pouco lento e consumindo muita memória, principalmente o firefox.

Abraços e até mais

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e poste na sua próxima resposta.

    [*]Gere e cole também um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato, ainda não passei o scan do antivirus, pois pelo tempo estimado demora 10 horas.

Porém instalei o comodo firewal e ele detectou esse processo "csrcs" tentando acessar a net, acredito que deve ser um trojan ou vírus, o que você acha?

Abs e até mais

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato, sobre o trojan csrcs ele foi pego ontem a noite através de pen-drive, abaixo segue os log's solicitados:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Sunday, December 14, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Saturday, December 13, 2008 22:21:15

Records in database: 1458763

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

A:\

C:\

E:\

F:\

J:\

Scan statistics:

Files scanned: 169153

Threat name: 4

Infected objects: 4

Suspicious objects: 0

Duration of the scan: 04:40:31

File name / Threat name / Threats count

C:\Arquivos de programas\GoSing_WhenUSave_Installer\URL2\SAVEInst.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1

C:\WINDOWS\system32\csrcs.exe Infected: Trojan.Win32.Autoit.fj 1

E:\bkp\Downloads\Programas\CrossLoopSetup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1

E:\bkp\Downloads\Programas\CrossLoopSetup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1

The selected area was scanned.

=================================

DDS (Version 1.0) - NTFSx86

Run by Pardal at 11:40:42,57 on dom 14/12/2008

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.447.197 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Pardal\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar =

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1

mWinlogon: Shell=Explorer.exe csrcs.exe

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [VTTrayp] VTtrayp.exe

mRun: [VTTimer] VTTimer.exe

mRun: [spywareTerminator] "c:\arquivos de programas\spyware terminator\SpywareTerminatorShield.exe"

mRun: [avgnt] "c:\arquivos de programas\avira\antivir personaledition classic\avgnt.exe" /min

mRun: [COMODO Firewall Pro] "c:\arquivos de programas\comodo\firewall\cfp.exe" -h

mRun: [COMODO Internet Security] "c:\arquivos de programas\comodo\firewall\cfp.exe" -h

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;\??\c:\arquivos de programas\avira\antivir personaledition classic\avgio.sys [2008-12-12 11840]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-12-12 101776]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-12-12 31504]

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-27 141312]

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\arquivos de programas\avira\antivir personaledition classic\sched.exe" [2008-12-12 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;"c:\arquivos de programas\avira\antivir personaledition classic\avguard.exe" [2008-12-12 151297]

R2 cmdAgent;COMODO Internet Security Helper Service;"c:\arquivos de programas\comodo\firewall\cmdagent.exe" [2008-12-12 618232]

R3 avgntflt;avgntflt;\??\c:\arquivos de programas\avira\antivir personaledition classic\avgntflt.sys [2008-12-12 52032]

S1 F1rewall;F1rewall;c:\windows\system32\drivers\firewall.sys []

S3 clm50;Ambient CLM Data Fax Voice;c:\windows\system32\drivers\clm50.sys [2000-8-10 427867]

S3 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice [2002-1-25 20480]

S3 scsiprnt;Microsoft SCSI/1394 Generic Printer Class;c:\windows\system32\drivers\scsiprnt.sys [2008-5-2 11648]

S3 siusbmod;siusbmod;c:\windows\system32\drivers\siusbmod.sys []

=============== Created Last 30 ================

2008-12-13 20:27 0 a--shr-- C:\khr

2008-12-13 20:26 249,176 a------- c:\windows\system32\xxc.exe

2008-12-12 22:46 <DIR> --d----- c:\docume~1\pardal\dadosd~1\Comodo

2008-12-12 22:45 147,192 a------- c:\windows\system32\guard32.dll

2008-12-12 22:45 101,776 a------- c:\windows\system32\drivers\cmdguard.sys

2008-12-12 22:45 31,504 a------- c:\windows\system32\drivers\cmdhlp.sys

2008-12-12 22:45 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\comodo

2008-12-12 22:45 <DIR> --d----- c:\arquivos de programas\COMODO

2008-12-12 19:43 <DIR> --dsh--- C:\found.001

2008-12-12 14:03 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Avira

2008-12-12 14:03 <DIR> --d----- c:\arquivos de programas\Avira

2008-11-30 11:42 <DIR> --d----- C:\CI_C79

2008-11-27 22:12 <DIR> --d----- c:\docume~1\pardal\dadosd~1\Malwarebytes

2008-11-27 22:12 15,504 a------- c:\windows\system32\drivers\mbam.sys

2008-11-27 22:12 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-27 22:12 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2008-11-27 22:12 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-27 21:55 141,312 a------- c:\windows\system32\drivers\sp_rsdrv2.sys

2008-11-27 21:55 <DIR> --d----- c:\docume~1\pardal\dadosd~1\Spyware Terminator

2008-11-27 21:55 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spyware Terminator

2008-11-27 21:55 <DIR> --d----- c:\arquivos de programas\Spyware Terminator

2008-11-23 12:32 <DIR> --dsh--- C:\found.000

2008-11-20 15:28 1,024,000 -c------ c:\windows\system32\dllcache\ieframe.dll.mui

2008-11-20 15:28 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll

2008-11-20 15:28 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll

2008-11-20 15:28 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll

2008-11-20 15:28 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe

2008-11-20 15:28 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll

2008-11-20 15:28 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat

2008-11-20 15:28 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll

2008-11-20 15:28 63,488 -c------ c:\windows\system32\dllcache\icardie.dll

2008-11-20 13:44 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2008-11-20 13:37 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

2008-11-20 13:24 27,672 a------- c:\windows\system32\wuapi.dll.mui

2008-11-20 12:51 <DIR> --d----- c:\arquivos de programas\CCleaner

2008-11-18 21:13 <DIR> a-dshr-- C:\cmdcons

==================== Find3M ====================

2008-12-14 11:30 <DIR> --d----- c:\arquivos de programas\eMule

2008-12-12 13:59 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab

2008-11-27 21:22 <DIR> --d----- c:\arquivos de programas\Sony

2008-11-22 14:15 513,966 a------- c:\windows\system32\perfh016.dat

2008-11-22 14:15 101,190 a------- c:\windows\system32\perfc016.dat

2008-11-20 20:50 <DIR> --d----- c:\arquivos de programas\PowerQuest

2008-11-20 20:38 <DIR> --d----- c:\arquivos de programas\Spybot - Search & Destroy

2008-11-20 20:36 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2008-11-09 23:42 <DIR> --d----- c:\arquivos de programas\trend micro

2008-11-09 23:29 <DIR> --d----- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2008-11-09 23:29 <DIR> --d----- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2008-11-09 00:38 <DIR> --d----- c:\arquivos de programas\GoSing_WhenUSave_Installer

2008-11-08 22:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

2008-11-08 22:47 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\avg8

2008-11-08 11:18 <DIR> --d----- c:\arquivos de programas\GbPlugin

2008-11-02 12:28 <DIR> --d----- c:\arquivos de programas\Marcos Velasco Security

2008-10-26 20:21 <DIR> --d----- c:\arquivos de programas\Messenger

2008-10-26 20:13 <DIR> --d----- c:\arquivos de programas\Windows NT

2008-10-23 09:37 286,720 a------- c:\windows\system32\gdi32.dll

2008-10-16 17:23 826,368 a------- c:\windows\system32\wininet.dll

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-03 20:57 <DIR> --d----- c:\docume~1\pardal\dadosd~1\XCPCSync.OEM

2008-10-03 07:04 247,326 a------- c:\windows\system32\strmdll.dll

2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

2008-09-15 12:26 1,846,528 a------- c:\windows\system32\win32k.sys

2007-09-01 16:51 <DIR> --d----- c:\docume~1\pardal\dadosd~1\JCreator

2007-09-01 16:51 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\JCreator

2007-04-19 11:35 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\MSScanAppDataDir

2007-04-09 11:08 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\UDL

2006-12-21 13:46 <DIR> --d----- c:\docume~1\pardal\dadosd~1\IsolatedStorage

2006-12-21 13:37 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PowerQuest

2008-04-13 20:23 420,392 a--shr-- c:\windows\system32\csrcs.exe

============= FINISH: 11:41:28,87 ===============

========================================

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-14 11:44:58

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwEnumerateKey [0xF7485D1C]

SSDT sptd.sys ZwEnumerateValueKey [0xF74860BC]

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 84F721D8

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.14 ----

==========================

Abraços e até mais

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato, desculpe a seqüência de mensagens.

Estava no fórum da linha defensiva e encontrei um programa que você criou o PenClean executei no micro e ele removeu o csrcs, porém a "Pastas da Web" que ele criou no "Meu Computador" ainda continua. Abaixo segue o log do PenClean e do HijackThis para análise:

Iniciando relatório do PenClean 2.0.3

Por Renato Victor Mejias

renatomejias@yahoo.com.br

15/12/2008 18:42:51

-----------------------------------------------------------

Arquivos e chaves excluídos do computador:

Arquivos excluídos do computador (Win32.Banker.MWF):

C:\WINDOWS\system32\csrcs.exe foi deletado com sucesso!

Valor Shell restaurado com sucesso!

-----------------------------------------------------------

Arquivos excluídos da unidade escolhida:

-----------------------------------------------------------

Arquivos excluídos da unidade E: (Resik):

-----------------------------------------------------------

Fim da análise no computador.

-----------------------------------------------------------

======================================

DDS (Version 1.0) - NTFSx86

Run by Pardal at 19:27:23,71 on seg 15/12/2008

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.447.191 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Pardal\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar =

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [VTTrayp] VTtrayp.exe

mRun: [VTTimer] VTTimer.exe

mRun: [spywareTerminator] "c:\arquivos de programas\spyware terminator\SpywareTerminatorShield.exe"

mRun: [avgnt] "c:\arquivos de programas\avira\antivir personaledition classic\avgnt.exe" /min

mRun: [COMODO Firewall Pro] "c:\arquivos de programas\comodo\firewall\cfp.exe" -h

mRun: [COMODO Internet Security] "c:\arquivos de programas\comodo\firewall\cfp.exe" -h

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;\??\c:\arquivos de programas\avira\antivir personaledition classic\avgio.sys [2008-12-12 11840]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-12-12 101776]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-12-12 31504]

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-27 141312]

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\arquivos de programas\avira\antivir personaledition classic\sched.exe" [2008-12-12 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;"c:\arquivos de programas\avira\antivir personaledition classic\avguard.exe" [2008-12-12 151297]

R2 cmdAgent;COMODO Internet Security Helper Service;"c:\arquivos de programas\comodo\firewall\cmdagent.exe" [2008-12-12 618232]

R3 avgntflt;avgntflt;\??\c:\arquivos de programas\avira\antivir personaledition classic\avgntflt.sys [2008-12-12 52032]

S1 F1rewall;F1rewall;c:\windows\system32\drivers\firewall.sys []

S3 clm50;Ambient CLM Data Fax Voice;c:\windows\system32\drivers\clm50.sys [2000-8-10 427867]

S3 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice [2002-1-25 20480]

S3 scsiprnt;Microsoft SCSI/1394 Generic Printer Class;c:\windows\system32\drivers\scsiprnt.sys [2008-5-2 11648]

S3 siusbmod;siusbmod;c:\windows\system32\drivers\siusbmod.sys []

=============== Created Last 30 ================

2008-12-15 18:40 <DIR> --d----- C:\PenClean

2008-12-13 20:27 0 a--shr-- C:\khr

2008-12-13 20:26 249,176 a------- c:\windows\system32\xxc.exe

2008-12-12 22:46 <DIR> --d----- c:\docume~1\pardal\dadosd~1\Comodo

2008-12-12 22:45 147,192 a------- c:\windows\system32\guard32.dll

2008-12-12 22:45 101,776 a------- c:\windows\system32\drivers\cmdguard.sys

2008-12-12 22:45 31,504 a------- c:\windows\system32\drivers\cmdhlp.sys

2008-12-12 22:45 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\comodo

2008-12-12 22:45 <DIR> --d----- c:\arquivos de programas\COMODO

2008-12-12 19:43 <DIR> --dsh--- C:\found.001

2008-12-12 14:03 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Avira

2008-12-12 14:03 <DIR> --d----- c:\arquivos de programas\Avira

2008-11-30 11:42 <DIR> --d----- C:\CI_C79

2008-11-27 22:12 <DIR> --d----- c:\docume~1\pardal\dadosd~1\Malwarebytes

2008-11-27 22:12 15,504 a------- c:\windows\system32\drivers\mbam.sys

2008-11-27 22:12 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-27 22:12 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2008-11-27 22:12 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-27 21:55 141,312 a------- c:\windows\system32\drivers\sp_rsdrv2.sys

2008-11-27 21:55 <DIR> --d----- c:\docume~1\pardal\dadosd~1\Spyware Terminator

2008-11-27 21:55 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spyware Terminator

2008-11-27 21:55 <DIR> --d----- c:\arquivos de programas\Spyware Terminator

2008-11-23 12:32 <DIR> --dsh--- C:\found.000

2008-11-20 15:28 1,024,000 -c------ c:\windows\system32\dllcache\ieframe.dll.mui

2008-11-20 15:28 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll

2008-11-20 15:28 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll

2008-11-20 15:28 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll

2008-11-20 15:28 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe

2008-11-20 15:28 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll

2008-11-20 15:28 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat

2008-11-20 15:28 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll

2008-11-20 15:28 63,488 -c------ c:\windows\system32\dllcache\icardie.dll

2008-11-20 13:44 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2008-11-20 13:37 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

2008-11-20 13:24 27,672 a------- c:\windows\system32\wuapi.dll.mui

2008-11-20 12:51 <DIR> --d----- c:\arquivos de programas\CCleaner

2008-11-18 21:13 <DIR> a-dshr-- C:\cmdcons

==================== Find3M ====================

2008-12-14 11:30 <DIR> --d----- c:\arquivos de programas\eMule

2008-12-12 13:59 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab

2008-11-27 21:22 <DIR> --d----- c:\arquivos de programas\Sony

2008-11-22 14:15 513,966 a------- c:\windows\system32\perfh016.dat

2008-11-22 14:15 101,190 a------- c:\windows\system32\perfc016.dat

2008-11-20 20:50 <DIR> --d----- c:\arquivos de programas\PowerQuest

2008-11-20 20:38 <DIR> --d----- c:\arquivos de programas\Spybot - Search & Destroy

2008-11-20 20:36 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2008-11-09 23:42 <DIR> --d----- c:\arquivos de programas\trend micro

2008-11-09 23:29 <DIR> --d----- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2008-11-09 23:29 <DIR> --d----- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2008-11-09 00:38 <DIR> --d----- c:\arquivos de programas\GoSing_WhenUSave_Installer

2008-11-08 22:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

2008-11-08 22:47 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\avg8

2008-11-08 11:18 <DIR> --d----- c:\arquivos de programas\GbPlugin

2008-11-02 12:28 <DIR> --d----- c:\arquivos de programas\Marcos Velasco Security

2008-10-26 20:21 <DIR> --d----- c:\arquivos de programas\Messenger

2008-10-26 20:13 <DIR> --d----- c:\arquivos de programas\Windows NT

2008-10-23 09:37 286,720 a------- c:\windows\system32\gdi32.dll

2008-10-16 17:23 826,368 a------- c:\windows\system32\wininet.dll

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-03 20:57 <DIR> --d----- c:\docume~1\pardal\dadosd~1\XCPCSync.OEM

2008-10-03 07:04 247,326 a------- c:\windows\system32\strmdll.dll

2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

2007-09-01 16:51 <DIR> --d----- c:\docume~1\pardal\dadosd~1\JCreator

2007-09-01 16:51 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\JCreator

2007-04-19 11:35 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\MSScanAppDataDir

2007-04-09 11:08 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\UDL

2006-12-21 13:46 <DIR> --d----- c:\docume~1\pardal\dadosd~1\IsolatedStorage

2006-12-21 13:37 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PowerQuest

============= FINISH: 19:28:08,78 ===============

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-15 19:30:23

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwEnumerateKey [0xF7485D1C]

SSDT sptd.sys ZwEnumerateValueKey [0xF74860BC]

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 84F721D8

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.14 ----

Obrigado e até mais

Compartilhar este post


Link para o post
Compartilhar em outros sites

Este computador pertence a alguma rede?

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado a Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato, o computador pertence a uma rede.

Abaixo segue o log do ComboFix:

ComboFix 08-12-15.01 - Pardal 2008-12-15 21:48:59.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.447.153 [GMT -3:00]

Executando de: c:\documents and settings\Pardal\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-16 to 2008-12-16 ))))))))))))))))))))))))))))

.

2008-12-15 18:40 . 2008-12-15 18:40 <DIR> d-------- C:\PenClean

2008-12-13 20:27 . 2008-12-13 20:27 0 -rahs---- C:\khr

2008-12-13 20:26 . 2008-12-13 20:27 249,176 --a------ c:\windows\system32\xxc.exe

2008-12-12 22:46 . 2008-12-12 22:46 <DIR> d-------- c:\documents and settings\Pardal\Dados de aplicativos\Comodo

2008-12-12 22:45 . 2008-12-12 23:20 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\comodo

2008-12-12 22:45 . 2008-12-12 22:45 <DIR> d-------- c:\arquivos de programas\COMODO

2008-12-12 22:45 . 2008-12-13 12:43 147,192 --a------ c:\windows\system32\guard32.dll

2008-12-12 22:45 . 2008-12-13 12:43 101,776 --a------ c:\windows\system32\drivers\cmdguard.sys

2008-12-12 22:45 . 2008-12-13 12:44 31,504 --a------ c:\windows\system32\drivers\cmdhlp.sys

2008-12-12 19:43 . 2008-12-12 19:43 <DIR> d--hs---- C:\found.001

2008-12-12 17:35 . 2008-12-12 17:39 1,393 --a------ c:\windows\imsins.BAK

2008-12-12 14:03 . 2008-12-12 14:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avira

2008-12-12 14:03 . 2008-12-12 14:03 <DIR> d-------- c:\arquivos de programas\Avira

2008-11-30 11:42 . 2008-11-30 11:42 <DIR> d-------- C:\CI_C79

2008-11-27 22:12 . 2008-11-27 22:12 <DIR> d-------- c:\documents and settings\Pardal\Dados de aplicativos\Malwarebytes

2008-11-27 22:12 . 2008-11-27 22:12 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-11-27 22:12 . 2008-12-04 14:37 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-27 22:12 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-27 22:12 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-27 21:55 . 2008-12-15 19:31 <DIR> d-------- c:\documents and settings\Pardal\Dados de aplicativos\Spyware Terminator

2008-11-27 21:55 . 2008-12-15 18:19 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator

2008-11-27 21:55 . 2008-12-15 19:31 <DIR> d-------- c:\arquivos de programas\Spyware Terminator

2008-11-27 21:55 . 2008-11-27 21:55 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys

2008-11-23 12:32 . 2008-11-23 12:32 <DIR> d--hs---- C:\found.000

2008-11-20 15:28 . 2008-10-16 17:23 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll

2008-11-20 15:28 . 2007-04-17 06:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2008-11-20 15:28 . 2007-03-08 02:12 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2008-11-20 15:28 . 2008-10-16 17:23 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2008-11-20 15:28 . 2008-10-16 17:23 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2008-11-20 15:28 . 2008-10-16 17:23 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2008-11-20 15:28 . 2008-10-16 17:23 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2008-11-20 15:28 . 2008-10-16 17:23 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2008-11-20 15:28 . 2008-10-16 10:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2008-11-20 13:44 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-20 13:37 . 2008-09-04 14:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-20 13:24 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

2008-11-20 12:51 . 2008-11-28 18:02 <DIR> d-------- c:\arquivos de programas\CCleaner

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-15 23:13 --------- d-----w c:\arquivos de programas\Mozilla Thunderbird

2008-12-14 14:30 --------- d-----w c:\arquivos de programas\eMule

2008-12-12 16:59 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-11-30 01:34 --------- d-----w c:\documents and settings\Pardal\Dados de aplicativos\Skype

2008-11-28 00:28 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-11-28 00:22 --------- d-----w c:\arquivos de programas\Sony

2008-11-20 23:50 --------- d-----w c:\arquivos de programas\PowerQuest

2008-11-20 23:38 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2008-11-20 23:36 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-11-20 18:46 --------- d-----w c:\arquivos de programas\Microsoft Works

2008-11-13 02:57 --------- d-----w c:\documents and settings\Pardal\Dados de aplicativos\skypePM

2008-11-10 02:42 --------- d-----w c:\arquivos de programas\trend micro

2008-11-10 02:29 --------- d-----w c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2008-11-10 02:29 --------- d-----w c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2008-11-09 03:38 --------- d-----w c:\arquivos de programas\GoSing_WhenUSave_Installer

2008-11-09 01:50 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-11-09 01:47 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg8

2008-11-08 14:18 --------- d-----w c:\arquivos de programas\GbPlugin

2008-11-02 15:28 --------- d-----w c:\arquivos de programas\Marcos Velasco Security

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 12:37 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:23 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 17:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 17:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 17:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 17:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 17:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 17:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 17:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 17:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 17:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 17:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-09-30 19:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-03-21 19:02 32 ----a-w c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat

2008-02-29 20:35 10,412 ----a-w c:\documents and settings\Pardal\Dados de aplicativos\unins000.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminator"="c:\arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" [2008-11-27 1783808]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"COMODO Firewall Pro"="c:\arquivos de programas\COMODO\Firewall\cfp.exe" [2008-12-13 1797880]

"COMODO Internet Security"="c:\arquivos de programas\COMODO\Firewall\cfp.exe" [2008-12-13 1797880]

"VTTrayp"="VTtrayp.exe" [2005-03-11 c:\windows\system32\VTTrayp.exe]

"VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

"msacm.l3fhg"= mp3fhg.acm

"msvideo8"= STV680tg.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Assistente Tecnico Speedy.lnk]

backup=c:\windows\pss\Assistente Tecnico Speedy.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discador iG]

--a------ 2005-02-17 08:36 1310208 c:\arquivos de programas\iGinternet iLimitada\Discador iG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaKey]

--a------ 2000-07-31 23:11 73728 c:\arquiv~1\INTERN~2\MEDIAKEY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC Service Utility]

--a------ 2007-10-09 12:55 665600 c:\arquivos de programas\SSC Service Utility\ssc_serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

-ra------ 2006-03-30 16:45 313472 c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-08-03 20:02 36352 c:\arquivos de programas\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2005-06-30 02:16 88203 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Wolfenstein - Enemy Territory\\ET.exe"=

"c:\\Team17\\Worms Armageddon\\WA.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\iGinternet iLimitada\\Discador iG.exe"=

"c:\\Arquivos de programas\\Discador itelefonica\\DiscadorCompitelefonica.exe"=

"c:\\Arquivos de programas\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\apache\\mysql\\bin\\mysqld.exe"=

"c:\\Arquivos de programas\\GroupMail 5\\GMMain.exe"=

"c:\\Arquivos de programas\\Free SMTP Server\\localsrv.exe"=

"c:\\eclipse-java-europa-fall2-win32[1]\\eclipse\\eclipse.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Arquivos de programas\\Microsoft Office Communicator\\communicator.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"80:TCP"= 80:TCP:80

"8100:TCP"= 8100:TCP:WorkgroupShare (Non-SSL)

"8101:TCP"= 8101:TCP:WorkgroupShare (SSL)

"8102:UDP"= 8102:UDP:WorkgroupShare (Monitor)

"8104:UDP"= 8104:UDP:WorkgroupShare (Monitor)

"8109:TCP"= 8109:TCP:WorkgroupShare (Free/Busy)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e9ab90c-c96b-11dd-be1f-0015f2e6eb15}]

\Shell\AutoRun\command - D:\feruib.exe

\Shell\explore\Command - D:\feruib.exe

\Shell\open\Command - D:\feruib.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

2007-07-17 c:\windows\Tasks\desligar.job

- c:\documents and settings\Pardal\Desktop\desligar.bat []

2008-11-19 c:\windows\Tasks\GoogleUpdateTaskUser.job

- c:\documents and settings\Pardal\Configura []

.

- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-AVP - c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

MSConfigStartUp-Google Update - c:\documents and settings\Pardal\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

.

------- Scan Suplementar -------

.

FF - ProfilePath - c:\documents and settings\Pardal\Dados de aplicativos\Mozilla\Firefox\Profiles\wi0550yd.default\

FF - user.js: capability.policy.policynames - localfilelinks

FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.pt http://s2.travian.pt http://s3.travian.pt http://s4.travian.pt http://s5.travian.pt http://s6.travian.pt http://s7.travian.pt http://s8.travian.pt http://s9.travian.pt http://s10.travian.pt http://speed.travian.pt http://speed2.travian.pt http://s1.travian.com.pt http://s2.travian.com.pt http://s3.travian.com.pt http://s4.travian.com.pt http://s5.travian.com.pt http://s6.travian.com.pt http://s7.travian.com.pt http://s8.travian.com.pt http://s9.travian.com.pt http://s10.travian.com.pt http://speed.travian.com.pt http://speed2.travian.com.pt http://s1.travian.com.br http://s2.travian.com.br http://s3.travian.com.br http://s4.travian.com.br http://s5.travian.com.br http://s6.travian.com.br http://s7.travian.com.br http://s8.travian.com.br http://s9.travian.com.br http://s10.travian.com.br http://speed.travian.com.br http://s1.travian3.com.br http://s2.travian3.com.br http://s3.travian3.com.br http://s4.travian3.com.br http://s5.travian3.com.br http://s6.travian3.com.br http://s7.travian3.com.br http://s8.travian3.com.br http://s9.travian3.com.br http://s10.travian3.com.br http://speed.travian3.com.br

FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPPOKER.dll

FF - plugin: c:\documents and settings\Pardal\Configurações locais\Dados de aplicativos\Google\Update\1.2.131.11\npGoogleOneClick5.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-15 21:51:57

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\abp480n5]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ACPI]

"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\actser]

"ImagePath"="system32\drivers\actser.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\adpu160m]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\aec]

"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AFD]

"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AgereSoftModem]

"ImagePath"="system32\DRIVERS\AGRSM.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Aha154x]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\aic78u2]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\aic78xx]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Alerter]

"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AliIde]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\amsint]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AntiVirScheduler]

"ImagePath"="\"c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AntiVirService]

"ImagePath"="\"c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\asc]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\asc3350p]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\asc3550]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ASP]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\aspnet_state]

"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\atapi]

"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Atdisk]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Atmarpc]

"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AudioSrv]

"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\audstub]

"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\avgio]

"ImagePath"="\??\c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\avgntflt]

"ImagePath"="\??\c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\avipbb]

"ImagePath"="system32\DRIVERS\avipbb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\BattC]

"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Beep]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\BITS]

"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Cdfs]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Changer]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\CiSvc]

"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ClipSrv]

"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\clm50]

"ImagePath"="system32\DRIVERS\clm50.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\clr_optimization_v2.0.50727_32]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\cmdAgent]

"ImagePath"="\"c:\arquivos de programas\COMODO\Firewall\cmdagent.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\cmdGuard]

"ImagePath"="System32\DRIVERS\cmdguard.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\cmdHlp]

"ImagePath"="System32\DRIVERS\cmdhlp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\CmdIde]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\cmuda]

"ImagePath"="system32\drivers\cmuda.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\COMSysApp]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\CryptSvc]

"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dac960nt]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Dhcp]

"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Disk]

"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dmadmin]

"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dmboot]

"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dmio]

"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dmload]

"ImagePath"="System32\drivers\dmload.sys"

Compartilhar este post


Link para o post
Compartilhar em outros sites

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dmserver]

"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\DMusic]

"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Dot3svc]

"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dpti2o]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\EapHost]

"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ERSvc]

"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Eventlog]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\EventSystem]

"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\F1rewall]

"ImagePath"="system32\drivers\firewall.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fastfat]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\FastUserSwitchingCompatibility]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fdc]

"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\FETNDIS]

"ImagePath"="system32\DRIVERS\fetnd5.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\FETNDISB]

"ImagePath"="system32\DRIVERS\fetnd5b.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fips]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Flpydisk]

"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ftdisk]

"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\giveio]

"ImagePath"="\??\c:\windows\system32\giveio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\gmer]

"ImagePath"="System32\DRIVERS\gmer.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Gpc]

"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HidServ]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\hkmsvc]

"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\hpn]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\i2omp]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\IDriverT]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\IISADMIN]

"ImagePath"="c:\windows\system32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Imapi]

"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ImapiService]

"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\inetaccs]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\InetInfo]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ini910u]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Inport]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Inspect]

"ImagePath"="System32\DRIVERS\inspect.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\IntelIde]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\intelppm]

"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ip6Fw]

"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\IpInIp]

"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\IpNat]

"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\IPSec]

"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\IRENUM]

"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\isapnp]

"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\KBFiltr]

"ImagePath"="System32\Drivers\KBFiltr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\kmixer]

"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\KSecDD]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\lanmanserver]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\lanmanworkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ldap]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\LicenseService]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\LmHosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MDM]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE\""

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Messenger]

"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mnmdd]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mnmsrvc]

"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Modem]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MODEMCSA]

"ImagePath"="system32\drivers\MODEMCSA.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MountMgr]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mraid35x]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MRENDIS5]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MRxDAV]

"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MRxSmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MSDTC]

"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Msfs]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MSIServer]

"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MSSQLSERVER]

"ImagePath"="c:\arquiv~1\MI6841~1\MSSQL\binn\sqlservr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MSSQLServerADHelper]

"ImagePath"="c:\arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Mup]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\napagent]

"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NDIS]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NDProxy]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NetBT]

"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NetDDE]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NetDDEdsdm]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Nla]

"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Npfs]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ntfs]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NTFSDRV]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NtLmSsp]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NtmsSvc]

"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NTSIM]

"ImagePath"="\??\c:\windows\system32\ntsim.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Null]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NwlnkFlt]

"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NwlnkFwd]

"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ose]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Outlook]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Parport]

"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PartMgr]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ParVdm]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCI]

"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCIDump]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCIIde]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PDRELI]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\perc2]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\perc2hib]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PerfNet]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PerfOS]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PerfProc]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PHPGeekUtil]

"ImagePath"="\"c:\apache\APACHE.EXE\" --ntservice"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PlugPlay]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PolicyAgent]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PSched]

"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ptilink]

"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PxHelp20]

"ImagePath"="system32\DRIVERS\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ql1080]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ql12160]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ql1240]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ql1280]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RasAcd]

"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Raspti]

"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RDPDD]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\rdpdr]

"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RDPNP]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RDPWD]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RDSessMgr]

"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\redbook]

"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RemoteAccess]

"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ROOTMODEM]

"ImagePath"="System32\Drivers\RootMdm.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RpcSs]

"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RSVP]

"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SCardSvr]

"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Schedule]

"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ScsiAccess]

"ImagePath"="c:\arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ScsiPort]

"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\scsiprnt]

"ImagePath"="system32\DRIVERS\scsiprnt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Secdrv]

"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\seclogon]

"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\serenum]

"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Serial]

"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Simbad]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\siusbmod]

"ImagePath"="system32\DRIVERS\siusbmod.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\smserial]

"ImagePath"="system32\DRIVERS\smserial.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SMTPSVC]

"ImagePath"="c:\windows\system32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Sparrow]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\splitter]

"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Spooler]

"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sptd]

"ImagePath"="System32\Drivers\sptd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sp_rsdrv2]

"ImagePath"="\??\c:\windows\system32\drivers\sp_rsdrv2.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sp_rssrv]

"ImagePath"="\"c:\arquivos de programas\Spyware Terminator\sp_rsser.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SQLSERVERAGENT]

"ImagePath"="c:\arquiv~1\MI6841~1\MSSQL\binn\sqlagent.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sr]

"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\srservice]

"ServiceDll"="c:\windows\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Srv]

"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ssmdrv]

"ImagePath"="system32\DRIVERS\ssmdrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\StarWindService]

"ImagePath"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\stisvc]

"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\STV680]

"ImagePath"="system32\drivers\STV680.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\swmidi]

"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SwPrv]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{C719E03F-AAD4-429C-9256-C52E23991364}"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\swwd]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\symc810]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\symc8xx]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sym_hi]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sym_u3]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sysaudio]

"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SysmonLog]

"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip]

"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TDTCP]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Themes]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TlntSvr]

"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TosIde]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TrkWks]

"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TSDDD]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\uagp35]

"ImagePath"="system32\DRIVERS\uagp35.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Udfs]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ultra]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Update]

"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\UPS]

"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\usbprint]

"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\USBSTOR]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\usbuhci]

"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\usnjsvc]

"ImagePath"="\"c:\arquivos de programas\Windows Live\Messenger\usnsvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vaxscsi]

"ImagePath"="\SystemRoot\System32\Drivers\vaxscsi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\viagfx]

"ImagePath"="system32\DRIVERS\vtmini.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ViaIde]

"ImagePath"="system32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\viamraid]

"ImagePath"="system32\drivers\viamraid.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\VolSnap]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vsbus]

"ImagePath"="system32\DRIVERS\vsb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vserial]

"ImagePath"="System32\DRIVERS\vserial.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\VSS]

"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vulfnths]

"ImagePath"="\SystemRoot\System32\Drivers\vulfnth.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vulfntrs]

"ImagePath"="\SystemRoot\System32\Drivers\vulfntr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\VXD]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\W3SVC]

"ImagePath"="%SystemRoot%\system32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Wanarp]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WDICA]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\wdmaud]

"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WebPost]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Winsock]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WinSock2]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WinTrust]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WLSetupSvc]

"ImagePath"="\"c:\arquivos de programas\Windows Live\installer\WLSetupSvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WmdmPmSN]

"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Wmi]

"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WmiApSrv]

"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WMPNetworkSvc]

"ImagePath"="\"c:\arquivos de programas\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\wuauserv]

"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WudfPf]

"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WudfRd]

"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WudfSvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WZCSVC]

"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\xmlprov]

"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{E7279694-553C-4ABA-88E0-8C31B1A5504D}]

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(756)

c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(812)

c:\windows\system32\guard32.dll

.

Tempo para conclusão: 2008-12-15 21:53:25

ComboFix-quarantined-files.txt 2008-12-16 00:53:17

ComboFix2.txt 2008-11-20 00:29:35

PrÚ-execuþÒo: 3.538.034.688 bytes dispon¡veis

PŸs execuþÒo: 3,677,691,904 bytes dispon¡veis

763 --- E O F --- 2008-12-13 15:24:39

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá Renato, o computador pertence a uma rede.

Você possui uma infecção que é transmitida pela rede, seu antivírus deve idetificá-la como Autoit. Não se pode corrigí-la enquanto houver computadores infectados, como esse computador aparentemente pertence a uma rede comercial, recomendo que informe o administrador da rede.

Informe o estado do computador.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Você possui uma infecção que é transmitida pela rede, seu antivírus deve idetificá-la como Autoit. Não se pode corrigí-la enquanto houver computadores infectados, como esse computador aparentemente pertence a uma rede comercial, recomendo que informe o administrador da rede.

Informe o estado do computador.

Oi Renato,

O computador pertence a uma rede doméstica, ela é composta pelo micro analisado, um notebook do meu irmão, o roteador e o modem da banda larga.

Aparentemente o micro parece consumir muita memória, no momento 333 MB, sendo que o firefox consome 71 MB.

Além disso, hoje cedo, minha irmã pegou vírus pelo pen-drive, agora a pouco executei o PenClean e ele removeu o autorun.inf do pendrive. Abaixo segue o log do antívirus:

Virus or unwanted program 'TR/Dropper.Gen [trojan]'

detected in file 'G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe.

Action performed: Move file to quarantine

Devo abrir outro tópico com o log do notebook ou posso colar aqui nesse tópico?

Obrigado pela ajuda e até mais

Beto

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Renato para completar a resposta anterior segue log do Anvira Antivirus:

Avira AntiVir Personal

Report file date: quarta-feira, 17 de dezembro de 2008 15:21

Scanning for 1088623 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: Pardal

Computer name: PARDAL-C55BD496

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 12/12/2008 17:29:58

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/5/2008 12:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/6/2008 17:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/5/2008 12:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 17:29:59

ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 7/12/2008 17:30:00

ANTIVIR2.VDF : 7.1.0.230 156160 Bytes 14/12/2008 21:48:01

ANTIVIR3.VDF : 7.1.0.237 32768 Bytes 15/12/2008 21:48:04

Engineversion : 8.2.0.45

AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 15:05:56

AESCRIPT.DLL : 8.1.1.19 336252 Bytes 12/12/2008 17:30:01

AESCN.DLL : 8.1.1.5 123251 Bytes 12/12/2008 17:30:00

AERDL.DLL : 8.1.1.3 438645 Bytes 12/12/2008 17:30:00

AEPACK.DLL : 8.1.3.4 393591 Bytes 12/12/2008 17:30:00

AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/12/2008 17:30:00

AEHEUR.DLL : 8.1.0.75 1524087 Bytes 12/12/2008 17:30:00

AEHELP.DLL : 8.1.2.0 119159 Bytes 12/12/2008 17:30:00

AEGEN.DLL : 8.1.1.8 323956 Bytes 12/12/2008 17:30:00

AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 15:05:56

AECORE.DLL : 8.1.5.2 172405 Bytes 12/12/2008 17:30:00

AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 15:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 9/7/2008 13:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/5/2008 14:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 12/12/2008 17:30:00

AVREG.DLL : 8.0.0.1 33537 Bytes 9/5/2008 16:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/2/2008 13:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/6/2008 17:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/1/2008 22:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/6/2008 17:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/1/2008 17:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/6/2008 18:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/6/2008 18:34:37

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: c:\arquivos de programas\avira\antivir personaledition classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, E:, A:, F:, J:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: quarta-feira, 17 de dezembro de 2008 15:21

Starting search for hidden objects.

'56281' objects were checked, '0' hidden objects were found.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'StarWindService.exe' - '1' Module(s) have been scanned

Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned

Scan process 'scsiaccess.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'inetinfo.exe' - '1' Module(s) have been scanned

Scan process 'cmdagent.exe' - '0' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'cfp.exe' - '0' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned

Scan process 'VTTimer.exe' - '1' Module(s) have been scanned

Scan process 'VTTrayp.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

30 processes with 30 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Boot sector 'A:\'

[iNFO] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.

The registry was scanned ( '46' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Arquivos de programas\GbPlugin\gbieh.dll

[WARNING] The file could not be opened!

C:\Arquivos de programas\GbPlugin\gbiehcef.dll

[WARNING] The file could not be opened!

C:\Arquivos de programas\GbPlugin\gbiehuni.dll

[WARNING] The file could not be opened!

C:\Arquivos de programas\GbPlugin\gbpdist.dll

[WARNING] The file could not be opened!

C:\Arquivos de programas\GbPlugin\gbpsv.exe

[WARNING] The file could not be opened!

C:\Documents and Settings\Pardal\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\wi0550yd.default\Cache\C2152591d01

[0] Archive type: RAR SFX (self extracting)

--> 32788R22FWJFW\hidec.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

--> 32788R22FWJFW\NirCmd.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\nircmd.com

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\NirCmdC.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application

--> 32788R22FWJFW\psexec.cfexe

[1] Archive type: RSRC

--> Object

[DETECTION] Contains recognition pattern of the APPL/PsExec.E application

[NOTE] The file was moved to '497a4e87.qua'!

C:\Documents and Settings\Pardal\Desktop\ComboFix.exe

[0] Archive type: RAR SFX (self extracting)

--> 32788R22FWJFW\hidec.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

--> 32788R22FWJFW\NirCmd.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\nircmd.com

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\NirCmdC.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application

--> 32788R22FWJFW\psexec.cfexe

[1] Archive type: RSRC

--> Object

[DETECTION] Contains recognition pattern of the APPL/PsExec.E application

[WARNING] The file was ignored!

C:\WINDOWS\NIRCMD.exe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

[NOTE] The file was moved to '499b506a.qua'!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\vaxscsi.sys

[WARNING] The file could not be opened!

Begin scan in 'E:\' <Dados>

E:\bkp\Downloads\Webdesigner\crakers\FlaX_v1.40.zip

[0] Archive type: ZIP

--> keygen.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '49aa586c.qua'!

Begin scan in 'A:\'

Search path A:\ could not be opened!

System error [21]: O dispositivo não está pronto.

Begin scan in 'F:\'

Search path F:\ could not be opened!

System error [21]: O dispositivo não está pronto.

Begin scan in 'J:\'

Search path J:\ could not be opened!

System error [21]: O dispositivo não está pronto.

End of the scan: quarta-feira, 17 de dezembro de 2008 17:19

Used time: 1:58:35 Hour(s)

The scan has been done completely.

25154 Scanning directories

654793 Files were scanned

12 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

3 files were moved to quarantine

0 files were renamed

8 Files cannot be scanned

654773 Files not concerned

12522 Archives were scanned

9 Warnings

3 Notes

56281 Objects were scanned with rootkit scan

0 Hidden objects were found

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Malwarebytes Anti-Malware:

Link1

Link alternativo

Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.

  • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
  • Se existirem atualizações, elas serão baixadas e instaladas.
  • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
  • O scan iniciará e poderá ser demorado. Por favor seja paciente.
  • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
  • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
  • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
  • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
  • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato, segue o log:

Malwarebytes' Anti-Malware 1.31

Versão do banco de dados: 1528

Windows 5.1.2600 Service Pack 3

21/12/2008 18:50:15

mbam-log-2008-12-21 (18-50-15).txt

Tipo de Verificação: Rápida

Objetos verificados: 55363

Tempo decorrido: 6 minute(s), 5 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Obrigado e até mais

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lhe passarei alguns procedimentos por MP, favor, me responda também por MP.

Obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá beto_sp,

Obrigado por sua MP, já havia perdido o reporte deste tópico.

Poste novo log do DDS, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato, obrigado pela ajuda.

Abaixo segue novo log:

DDS (Version 1.0) - NTFSx86

Run by Pardal at 17:52:30,82 on ter 06/01/2009

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.447.220 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Pardal\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar =

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [VTTrayp] VTtrayp.exe

mRun: [VTTimer] VTTimer.exe

mRun: [spywareTerminator] "c:\arquivos de programas\spyware terminator\SpywareTerminatorShield.exe"

mRun: [avgnt] "c:\arquivos de programas\avira\antivir personaledition classic\avgnt.exe" /min

mRun: [COMODO Firewall Pro] "c:\arquivos de programas\comodo\firewall\cfp.exe" -h

mRun: [COMODO Internet Security] "c:\arquivos de programas\comodo\firewall\cfp.exe" -h

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;\??\c:\arquivos de programas\avira\antivir personaledition classic\avgio.sys [2008-12-12 11840]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-12-12 101776]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-12-12 31504]

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-27 141312]

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\arquivos de programas\avira\antivir personaledition classic\sched.exe" [2008-12-12 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;"c:\arquivos de programas\avira\antivir personaledition classic\avguard.exe" [2008-12-12 151297]

R2 cmdAgent;COMODO Internet Security Helper Service;"c:\arquivos de programas\comodo\firewall\cmdagent.exe" [2008-12-12 618232]

R3 avgntflt;avgntflt;\??\c:\arquivos de programas\avira\antivir personaledition classic\avgntflt.sys [2008-12-12 52032]

S1 F1rewall;F1rewall;c:\windows\system32\drivers\firewall.sys []

S3 clm50;Ambient CLM Data Fax Voice;c:\windows\system32\drivers\clm50.sys [2000-8-10 427867]

S3 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice [2002-1-25 20480]

S3 scsiprnt;Microsoft SCSI/1394 Generic Printer Class;c:\windows\system32\drivers\scsiprnt.sys [2008-5-2 11648]

S3 siusbmod;siusbmod;c:\windows\system32\drivers\siusbmod.sys []

=============== Created Last 30 ================

2009-01-05 16:19 <DIR> --d----- C:\CS1.6 pod-Bot

2009-01-04 17:53 5,632 a------- c:\windows\system32\ptpusb.dll

2009-01-04 17:53 159,232 a------- c:\windows\system32\ptpusd.dll

2009-01-02 23:55 <DIR> --d----- c:\arquivos de programas\DreaMule

2009-01-02 14:01 54,156 a---h--- c:\windows\QTFont.qfn

2009-01-02 14:01 1,409 a------- c:\windows\QTFont.for

2008-12-15 21:47 161,792 a------- c:\windows\SWREG.exe

2008-12-15 21:47 98,816 a------- c:\windows\sed.exe

2008-12-15 18:40 <DIR> --d----- C:\PenClean

2008-12-13 20:27 0 a--shr-- C:\khr

2008-12-13 20:26 249,176 a------- c:\windows\system32\xxc.exe

2008-12-12 22:46 <DIR> --d----- c:\docume~1\pardal\dadosd~1\Comodo

2008-12-12 22:45 147,192 a------- c:\windows\system32\guard32.dll

2008-12-12 22:45 101,776 a------- c:\windows\system32\drivers\cmdguard.sys

2008-12-12 22:45 31,504 a------- c:\windows\system32\drivers\cmdhlp.sys

2008-12-12 22:45 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\comodo

2008-12-12 22:45 <DIR> --d----- c:\arquivos de programas\COMODO

2008-12-12 19:43 <DIR> --dsh--- C:\found.001

2008-12-12 14:03 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Avira

2008-12-12 14:03 <DIR> --d----- c:\arquivos de programas\Avira

==================== Find3M ====================

2009-01-05 18:51 <DIR> --d----- c:\arquivos de programas\eMule

2009-01-05 11:53 <DIR> --d----- c:\docume~1\pardal\dadosd~1\Spyware Terminator

2008-12-26 12:00 <DIR> --d----- c:\arquivos de programas\Spyware Terminator

2008-12-25 12:11 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spyware Terminator

2008-12-12 13:59 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab

2008-12-04 14:37 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-28 18:02 <DIR> --d----- c:\arquivos de programas\CCleaner

2008-11-27 22:12 <DIR> --d----- c:\docume~1\pardal\dadosd~1\Malwarebytes

2008-11-27 22:12 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2008-11-27 21:22 <DIR> --d----- c:\arquivos de programas\Sony

2008-11-22 14:15 513,966 a------- c:\windows\system32\perfh016.dat

2008-11-22 14:15 101,190 a------- c:\windows\system32\perfc016.dat

2008-11-20 20:50 <DIR> --d----- c:\arquivos de programas\PowerQuest

2008-11-20 20:38 <DIR> --d----- c:\arquivos de programas\Spybot - Search & Destroy

2008-11-20 20:36 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2008-11-09 23:42 <DIR> --d----- c:\arquivos de programas\trend micro

2008-11-09 23:29 <DIR> --d----- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2008-11-09 23:29 <DIR> --d----- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2008-11-09 00:38 <DIR> --d----- c:\arquivos de programas\GoSing_WhenUSave_Installer

2008-11-08 22:50 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

2008-11-08 22:47 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\avg8

2008-11-08 11:18 <DIR> --d----- c:\arquivos de programas\GbPlugin

2008-10-23 09:37 286,720 a------- c:\windows\system32\gdi32.dll

2008-10-16 17:23 826,368 a------- c:\windows\system32\wininet.dll

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-03 20:57 <DIR> --d----- c:\docume~1\pardal\dadosd~1\XCPCSync.OEM

2007-09-01 16:51 <DIR> --d----- c:\docume~1\pardal\dadosd~1\JCreator

2007-09-01 16:51 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\JCreator

2007-04-19 11:35 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\MSScanAppDataDir

2007-04-09 11:08 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\UDL

2006-12-21 13:46 <DIR> --d----- c:\docume~1\pardal\dadosd~1\IsolatedStorage

2006-12-21 13:37 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PowerQuest

============= FINISH: 17:53:30,89 ===============

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2009-01-06 17:56:36

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwEnumerateKey [0xF7485D1C]

SSDT sptd.sys ZwEnumerateValueKey [0xF74860BC]

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 84F731D8

Device \FileSystem\Fastfat \Fat 849051D8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

O computador continua apresentando problemas?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato,

As vezes o micro demora para carregar os programas e consumindo muita memória, principalmente o firefox que no momento consome 72MB.

Obrigado e até mais

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá Renato,

As vezes o micro demora para carregar os programas e consumindo muita memória, principalmente o firefox que no momento consome 72MB.

Obrigado e até mais

Isso dificilmente tem relação com malwares.

Parabéns, seu log está limpo.

De agora em diante fique ALERTA!

Para finalizar faça o seguinte:

Vá em Iniciar > Executar e digite combofix /u. Isso desinstalará o ComboFix de sua máquina.

Desative e reative a Restauração do Sistema

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Sugiro também que consulte este artigo: Proteja seu PC

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato,

Obrigado pela ajuda.

Esqueci de dizer que "Pastas da Web" está aparecendo quando vou em "meu computador" tem algum problema?

Abraços e até mais

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não relacionado com malwares, poste na seção de sistemas operacionais.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×