Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
abichels

Trojan detectado quando inicio o pc

Recommended Posts

Olá!

Quando inicio o meu pc aparece um aviso do antivirus, dizendo que achou um trojan AKXF, arquivo skp66.exe. Eu deleto o arquivo, mas quando reinicio o pc ele aparece de novo... repetidamente aparece o aviso do trojan...

Isso começou quando liguei um pendrive, que tinha um arquivo contaminado autorun.inf...

Executando msconfig, na guia inicializar, aparece a opção "skp66.exe*", com local em " SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

Já desmarquei a opção e não deu resultado...

Aqui vão os logs do HJT e do DDS... o gmer não gerou log nenhum após ser executado...

Log do HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:21:58, on 11/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\PrevxCSI\prevxcsi.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\MagicTune Premium\MagicTuneEngine.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

C:\Arquivos de programas\MultiScreen\MultiScreen.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\MagicTune Premium\GammaTray.exe

C:\Arquivos de programas\SEC\Natural Color Pro\NCProTray.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\MagicTune Premium\MagicTune.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\PrevxCSI\prevxcsi.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

F2 - REG:system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,skp66.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [iSUSPM] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [MultiScreen] C:\Arquivos de programas\MultiScreen\MultiScreen.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: GammaTray.lnk = ?

O4 - Global Startup: NCProTray.lnk = ?

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: CSIScanner - Prevx - C:\Arquivos de programas\PrevxCSI\prevxcsi.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MagicTuneEngine - Unknown owner - C:\Arquivos de programas\MagicTune Premium\MagicTuneEngine.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--

End of file - 10362 bytes

Log do DDS

DDS (Version 1.0.1) - NTFSx86

Run by Andre at 16:05:15,32 on qui 11/12/2008

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.502.74 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\PrevxCSI\prevxcsi.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\MagicTune Premium\MagicTuneEngine.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

C:\Arquivos de programas\MultiScreen\MultiScreen.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\MagicTune Premium\GammaTray.exe

C:\Arquivos de programas\SEC\Natural Color Pro\NCProTray.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\MagicTune Premium\MagicTune.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\PrevxCSI\prevxcsi.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Andre\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\userinit.exe,skp66.exe

BHO: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\arquivos de programas\orbitdownloader\orbitcth.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\arquivos de programas\avg\avg8\avgssie.dll

BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre6\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\arquivos de programas\orbitdownloader\GrabPro.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\arquivos de programas\orbitdownloader\GrabPro.dll

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AVG8_TRAY] c:\arquiv~1\avg\avg8\avgtray.exe

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\arquivos de programas\cyberlink\powerdvd\language\Language.exe"

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Windows Defender] "c:\arquivos de programas\windows defender\MSASCui.exe" -hide

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [Adobe Photo Downloader] "c:\arquivos de programas\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [iSUSPM] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime

mRun: [MultiScreen] c:\arquivos de programas\multiscreen\MultiScreen.exe

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\gammat~1.lnk - c:\arquivos de programas\magictune premium\GammaTray.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\ncprot~1.lnk - c:\arquivos de programas\sec\natural color pro\NCProTray.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\orbit.lnk - c:\arquivos de programas\orbitdownloader\orbitdm.exe

IE: &Download by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\arquiv~1\wifd1f~1\MpShHook.dll

SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andre\dadosd~1\mozilla\firefox\profiles\8d085yxg.default\

FF - prefs.js: startup.homepage - hxxp://www.uol.com.br

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-11 28544]

R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-12-11 26808]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-14 97928]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-14 26824]

R2 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\avg\avg8\avgemc.exe [2008-7-4 875288]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\avg\avg8\avgwdsvc.exe [2008-7-4 231704]

R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-14 76040]

R2 CSIScanner;CSIScanner;"c:\arquivos de programas\prevxcsi\prevxcsi.exe" /service [2008-12-11 927288]

R2 WinDefend;Windows Defender;"c:\arquivos de programas\windows defender\MsMpEng.exe" [2006-11-3 13592]

S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [2008-6-17 61600]

S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [2008-6-17 9360]

S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [2008-6-17 97184]

S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [2008-6-17 88688]

S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [2008-6-17 18704]

S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [2008-6-17 86560]

S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [2008-6-17 90800]

S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2008-6-16 167424]

=============== Created Last 30 ================

2008-12-11 13:45 <DIR> --d----- c:\arquivos de programas\Trend Micro

2008-12-11 12:05 26,808 a------- c:\windows\system32\drivers\pxark.sys

2008-12-11 12:05 <DIR> --d----- c:\arquivos de programas\PrevxCSI

2008-12-11 12:05 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PrevxCSI

2008-12-11 10:50 28,544 a------- c:\windows\system32\drivers\pavboot.sys

2008-12-11 10:49 <DIR> --d----- c:\arquivos de programas\Panda Security

2008-12-11 10:43 <DIR> --d----- c:\windows\system32\NtmsData

2008-12-03 10:02 <DIR> --d----- c:\docume~1\andre\dadosd~1\IObit

2008-12-03 10:02 <DIR> --d----- c:\arquivos de programas\IObit

2008-12-03 09:47 <DIR> --d----- c:\windows\pss

2008-12-02 13:09 <DIR> --d----- c:\docume~1\andre\dadosd~1\Design Science

2008-12-02 13:08 <DIR> --d----- c:\arquivos de programas\MathType

2008-11-25 23:32 410,976 a------- c:\windows\system32\deploytk.dll

2008-11-25 12:39 <DIR> --d----- c:\arquivos de programas\arquivos comuns\SourceTec

2008-11-25 12:39 <DIR> --d----- c:\arquivos de programas\SourceTec

2008-11-19 00:24 <DIR> --d----- C:\Program Files

2008-11-19 00:24 <DIR> --d----- c:\arquivos de programas\ApecSoft

2008-11-13 23:43 <DIR> --d----- c:\arquivos de programas\X-VCD Player

2008-11-12 15:24 <DIR> --d----- c:\windows\system32\Adobe

2008-11-12 12:36 <DIR> --d----- c:\docume~1\andre\dadosd~1\SWF.max

2008-11-12 12:36 <DIR> --d----- c:\arquivos de programas\SWF.max

2008-11-11 23:29 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2008-11-11 23:28 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

2008-11-11 21:53 <DIR> --d----- c:\arquivos de programas\PowerISO

==================== Find3M ====================

2008-11-02 05:44 56,572 a------- c:\windows\system32\drivers\scdemu.sys

2008-10-28 19:36 823,296 a------- c:\windows\system32\divx_xx0c.dll

2008-10-28 19:36 823,296 a------- c:\windows\system32\divx_xx07.dll

2008-10-28 19:35 815,104 a------- c:\windows\system32\divx_xx0a.dll

2008-10-28 19:35 802,816 a------- c:\windows\system32\divx_xx11.dll

2008-10-28 19:35 684,032 a------- c:\windows\system32\DivX.dll

2008-10-24 08:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 09:37 286,720 a------- c:\windows\system32\gdi32.dll

2008-10-16 17:23 826,368 a------- c:\windows\system32\wininet.dll

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-12 23:43 416,030 a------- c:\windows\system32\perfh016.dat

2008-10-12 23:43 62,244 a------- c:\windows\system32\perfc016.dat

2008-10-03 07:04 247,326 a------- c:\windows\system32\strmdll.dll

2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

2008-09-25 05:03 524,288 a------- c:\windows\system32\DivXsm.exe

2008-09-25 05:03 196,608 a------- c:\windows\system32\dtu100.dll

2008-09-25 05:03 81,920 a------- c:\windows\system32\dpl100.dll

2008-09-25 05:03 53,248 a------- c:\windows\system32\dpuGUI10.dll

2008-09-25 05:03 593,920 a------- c:\windows\system32\dpuGUI11.dll

2008-09-25 05:03 344,064 a------- c:\windows\system32\dpus11.dll

2008-09-25 05:03 57,344 a------- c:\windows\system32\dpv11.dll

2008-09-25 05:03 294,912 a------- c:\windows\system32\dpu11.dll

2008-09-25 05:03 294,912 a------- c:\windows\system32\dpu10.dll

2008-09-25 05:03 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe

2008-09-19 18:57 3,596,288 a------- c:\windows\system32\qt-dx331.dll

2008-09-19 18:55 1,044,480 a------- c:\windows\system32\libdivx.dll

2008-09-19 18:55 200,704 a------- c:\windows\system32\ssldivx.dll

2008-09-19 18:54 12,288 a------- c:\windows\system32\DivXWMPExtType.dll

2008-09-15 12:26 1,846,528 a------- c:\windows\system32\win32k.sys

2008-06-16 16:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008060920080616\index.dat

2008-06-16 16:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008061620080617\index.dat

============= FINISH: 16:05:56,82 ===============

Espero que vocês possam me ajudar...

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste novo log do DDS, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato!

Obrigado pela ajuda... ocorreu uma mudança no problema... agora esse mesmo trojan Agent AKXF está sendo encontrado em outros locais... e nao aparece mais nenhum aviso ao iniciar o pc, apenas durante um tempo de uso... nem sinal do spk66.exe...

mesmo assim, por favor, de uma olhada no log

Log do DDS

DDS (Version 1.0.1) - NTFSx86

Run by Andre at 1:15:10,48 on seg 05/01/2009

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.502.162 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\MagicTune Premium\MagicTuneEngine.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

C:\Arquivos de programas\MultiScreen\MultiScreen.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\MagicTune Premium\MagicTune.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Documents and Settings\Andre\Desktop\Segurança\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\userinit.exe,skp66.exe

BHO: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\arquivos de programas\orbitdownloader\orbitcth.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\arquivos de programas\avg\avg8\avgssie.dll

BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre6\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\arquivos de programas\orbitdownloader\GrabPro.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\arquivos de programas\orbitdownloader\GrabPro.dll

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [PC Suite Tray] "c:\arquivos de programas\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

mRun: [AVG8_TRAY] c:\arquiv~1\avg\avg8\avgtray.exe

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\arquivos de programas\cyberlink\powerdvd\language\Language.exe"

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Windows Defender] "c:\arquivos de programas\windows defender\MSASCui.exe" -hide

mRun: [Adobe Photo Downloader] "c:\arquivos de programas\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [iSUSPM] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime

mRun: [MultiScreen] c:\arquivos de programas\multiscreen\MultiScreen.exe

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Microsoft® System Manager] c:\windows\system32\syrmgr.exe

mRun: [naxmgr] c:\windows\system32\naxmgr.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\gammat~1.lnk - c:\arquivos de programas\magictune premium\GammaTray.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\ncprot~1.lnk - c:\arquivos de programas\sec\natural color pro\NCProTray.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\orbit.lnk - c:\arquivos de programas\orbitdownloader\orbitdm.exe

IE: &Download by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\arquiv~1\wifd1f~1\MpShHook.dll

SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andre\dadosd~1\mozilla\firefox\profiles\8d085yxg.default\

FF - prefs.js: startup.homepage - hxxp://www.uol.com.br

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-11 28544]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-14 97928]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-14 26824]

R2 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\avg\avg8\avgemc.exe [2008-7-4 875288]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\avg\avg8\avgwdsvc.exe [2008-7-4 231704]

R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-14 76040]

R2 WinDefend;Windows Defender;"c:\arquivos de programas\windows defender\MsMpEng.exe" [2006-11-3 13592]

S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [2008-6-17 61600]

S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [2008-6-17 9360]

S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [2008-6-17 97184]

S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [2008-6-17 88688]

S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [2008-6-17 18704]

S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [2008-6-17 86560]

S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [2008-6-17 90800]

S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2008-6-16 167424]

=============== Created Last 30 ================

==================== Find3M ====================

2008-12-24 15:36 416,030 a------- c:\windows\system32\perfh016.dat

2008-12-24 15:36 62,244 a------- c:\windows\system32\perfc016.dat

2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll

2008-10-29 11:24 831,048 a------- c:\windows\system32\WudfUpdate_01005.dll

2008-10-28 19:36 823,296 a------- c:\windows\system32\divx_xx0c.dll

2008-10-28 19:36 823,296 a------- c:\windows\system32\divx_xx07.dll

2008-10-28 19:35 815,104 a------- c:\windows\system32\divx_xx0a.dll

2008-10-28 19:35 802,816 a------- c:\windows\system32\divx_xx11.dll

2008-10-28 19:35 684,032 a------- c:\windows\system32\DivX.dll

2008-10-23 09:37 286,720 a------- c:\windows\system32\gdi32.dll

2008-10-16 17:23 826,368 a------- c:\windows\system32\wininet.dll

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-06-16 16:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008060920080616\index.dat

2008-06-16 16:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008061620080617\index.dat

============= FINISH: 1:15:46,75 ===============

LOG do GMER

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2009-01-05 01:26:41

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT spmo.sys ZwCreateKey [0xF82750E0]

SSDT spmo.sys ZwEnumerateKey [0xF8293CA2]

SSDT spmo.sys ZwEnumerateValueKey [0xF8294030]

SSDT spmo.sys ZwOpenKey [0xF82750C0]

SSDT spmo.sys ZwQueryKey [0xF8294108]

SSDT spmo.sys ZwQueryValueKey [0xF8293F88]

SSDT spmo.sys ZwSetValueKey [0xF829419A]

INT 0x62 ? 82385BF8

INT 0x63 ? 821B3D68

INT 0x73 ? 82385BF8

INT 0x73 ? 82385BF8

INT 0x73 ? 82385BF8

INT 0x94 ? 821B3D68

INT 0xA4 ? 821B3D68

INT 0xB4 ? 821B3D68

---- Kernel code sections - GMER 1.0.14 ----

? spmo.sys O sistema não pode encontrar o arquivo especificado. !

.text USBPORT.SYS!DllUnload F7E848AC 5 Bytes JMP 821B3348

.text a4fmrwfz.SYS F7DEA386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]

.text a4fmrwfz.SYS F7DEA3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]

.text a4fmrwfz.SYS F7DEA3C4 3 Bytes [ 00, 50, 02 ]

.text a4fmrwfz.SYS F7DEA3C9 1 Byte [ 26 ]

.text a4fmrwfz.SYS F7DEA3CB 9 Bytes [ 00, 00, 32, 02, 00, 00, 00, ... ]

.text ...

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8276040] spmo.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F827613C] spmo.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F82760BE] spmo.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F82767FC] spmo.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F82766D2] spmo.sys

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!KfAcquireSpinLock] 00000600

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!READ_PORT_UCHAR] 8B73EB00

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!KeGetCurrentIrql] 00C72845

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!KfRaiseIrql] 0000000F

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!KfLowerIrql] 458B68EB

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!HalGetInterruptVector] [1000C728] \Arquivos de programas\DAEMON Tools Lite\daemon.dll (DAEMON Tools Lite control library/DT Soft Ltd.)

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!HalTranslateBusAddress] EB000000

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!KeStallExecutionProcessor] 28458B5D

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!KfReleaseSpinLock] 001100C7

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 52EB0000

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!READ_PORT_USHORT] C728458B

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00001200

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!WRITE_PORT_UCHAR] 8B47EB00

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[WMILIB.SYS!WmiSystemControl] 00000008

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[WMILIB.SYS!WmiCompleteRequest] 458B3CEB

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 823831F8

Device \Driver\sptd \Device\1000922788 spmo.sys

Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbehci \Device\USBPDO-0 821FC1F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 823861F8

Device \Driver\dmio \Device\DmControl\DmConfig 823861F8

Device \Driver\dmio \Device\DmControl\DmPnP 823861F8

Device \Driver\dmio \Device\DmControl\DmInfo 823861F8

Device \Driver\usbuhci \Device\USBPDO-1 822251F8

Device \Driver\usbuhci \Device\USBPDO-2 822251F8

Device \Driver\usbuhci \Device\USBPDO-3 822251F8

Device \Driver\usbuhci \Device\USBPDO-4 822251F8

Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 823871F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 823871F8

Device \Driver\Cdrom \Device\CdRom0 821911F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-17 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\NetBT \Device\NetBt_Wins_Export 81C3E1F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{A828F7F6-0634-4361-A4AB-2ECA06DDED77} 81C3E1F8

Device \Driver\NetBT \Device\NetbiosSmb 81C3E1F8

Device \Driver\PCI_PNP4038 \Device\0000004c spmo.sys

Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 822251F8

Device \Driver\usbuhci \Device\USBFDO-1 822251F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81CBA500

Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-2 822251F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 81CBA500

Device \Driver\usbuhci \Device\USBFDO-3 822251F8

Device \Driver\usbehci \Device\USBFDO-4 821FC1F8

Device \Driver\Ftdisk \Device\FtControl 823871F8

Device \Driver\a4fmrwfz \Device\Scsi\a4fmrwfz1 82170268

Device \FileSystem\Cdfs \Cdfs 821C5500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x46 0x90 0xBA ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x39 0xB4 0x4E 0xD8 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x46 0x90 0xBA ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x39 0xB4 0x4E 0xD8 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SOFTWARE\Classes\CLSID\{20182402-24ED-DBEE-0C047CC941A92C12}\{18337038-91FA-1511-718667CAE01F35A0}\{7E9CBDE1-C583-B4C7-27A5326796C918BF}

Reg HKLM\SOFTWARE\Classes\CLSID\{20182402-24ED-DBEE-0C047CC941A92C12}\{18337038-91FA-1511-718667CAE01F35A0}\{7E9CBDE1-C583-B4C7-27A5326796C918BF}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{A73A7B6D-D5C7-2D01-6A3ED58A203D5FEA}\{958FE6C0-B367-4AD6-C310294BFC5DB709}\{E2E9EAF6-387C-4947-07B2C800F4ACC9F3}

Reg HKLM\SOFTWARE\Classes\CLSID\{A73A7B6D-D5C7-2D01-6A3ED58A203D5FEA}\{958FE6C0-B367-4AD6-C310294BFC5DB709}\{E2E9EAF6-387C-4947-07B2C800F4ACC9F3}@RA4KGUJC6T6LBNJRIDQ63C2L6C1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.14 ----

Obrigado...

André

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato!

Obrigado pela ajuda... ocorreu uma mudança no problema... agora esse mesmo trojan Agent AKXF está sendo encontrado em outros locais... e nao aparece mais nenhum aviso ao iniciar o pc, apenas durante um tempo de uso... nem sinal do spk66.exe...

mesmo assim, por favor, de uma olhada no log

Log do DDS

DDS (Version 1.0.1) - NTFSx86

Run by Andre at 1:15:10,48 on seg 05/01/2009

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.502.162 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\MagicTune Premium\MagicTuneEngine.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

C:\Arquivos de programas\MultiScreen\MultiScreen.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\MagicTune Premium\MagicTune.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Documents and Settings\Andre\Desktop\Segurança\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\userinit.exe,skp66.exe

BHO: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\arquivos de programas\orbitdownloader\orbitcth.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\arquivos de programas\avg\avg8\avgssie.dll

BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre6\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\arquivos de programas\orbitdownloader\GrabPro.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\arquivos de programas\orbitdownloader\GrabPro.dll

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [PC Suite Tray] "c:\arquivos de programas\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

mRun: [AVG8_TRAY] c:\arquiv~1\avg\avg8\avgtray.exe

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\arquivos de programas\cyberlink\powerdvd\language\Language.exe"

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Windows Defender] "c:\arquivos de programas\windows defender\MSASCui.exe" -hide

mRun: [Adobe Photo Downloader] "c:\arquivos de programas\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [iSUSPM] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime

mRun: [MultiScreen] c:\arquivos de programas\multiscreen\MultiScreen.exe

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Microsoft® System Manager] c:\windows\system32\syrmgr.exe

mRun: [naxmgr] c:\windows\system32\naxmgr.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\gammat~1.lnk - c:\arquivos de programas\magictune premium\GammaTray.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\ncprot~1.lnk - c:\arquivos de programas\sec\natural color pro\NCProTray.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\orbit.lnk - c:\arquivos de programas\orbitdownloader\orbitdm.exe

IE: &Download by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\arquiv~1\wifd1f~1\MpShHook.dll

SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andre\dadosd~1\mozilla\firefox\profiles\8d085yxg.default\

FF - prefs.js: startup.homepage - hxxp://www.uol.com.br

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-11 28544]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-14 97928]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-14 26824]

R2 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\avg\avg8\avgemc.exe [2008-7-4 875288]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\avg\avg8\avgwdsvc.exe [2008-7-4 231704]

R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-14 76040]

R2 WinDefend;Windows Defender;"c:\arquivos de programas\windows defender\MsMpEng.exe" [2006-11-3 13592]

S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [2008-6-17 61600]

S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [2008-6-17 9360]

S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [2008-6-17 97184]

S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [2008-6-17 88688]

S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [2008-6-17 18704]

S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [2008-6-17 86560]

S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [2008-6-17 90800]

S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2008-6-16 167424]

=============== Created Last 30 ================

==================== Find3M ====================

2008-12-24 15:36 416,030 a------- c:\windows\system32\perfh016.dat

2008-12-24 15:36 62,244 a------- c:\windows\system32\perfc016.dat

2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll

2008-10-29 11:24 831,048 a------- c:\windows\system32\WudfUpdate_01005.dll

2008-10-28 19:36 823,296 a------- c:\windows\system32\divx_xx0c.dll

2008-10-28 19:36 823,296 a------- c:\windows\system32\divx_xx07.dll

2008-10-28 19:35 815,104 a------- c:\windows\system32\divx_xx0a.dll

2008-10-28 19:35 802,816 a------- c:\windows\system32\divx_xx11.dll

2008-10-28 19:35 684,032 a------- c:\windows\system32\DivX.dll

2008-10-23 09:37 286,720 a------- c:\windows\system32\gdi32.dll

2008-10-16 17:23 826,368 a------- c:\windows\system32\wininet.dll

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-06-16 16:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008060920080616\index.dat

2008-06-16 16:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008061620080617\index.dat

============= FINISH: 1:15:46,75 ===============

LOG do GMER

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2009-01-05 01:26:41

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT spmo.sys ZwCreateKey [0xF82750E0]

SSDT spmo.sys ZwEnumerateKey [0xF8293CA2]

SSDT spmo.sys ZwEnumerateValueKey [0xF8294030]

SSDT spmo.sys ZwOpenKey [0xF82750C0]

SSDT spmo.sys ZwQueryKey [0xF8294108]

SSDT spmo.sys ZwQueryValueKey [0xF8293F88]

SSDT spmo.sys ZwSetValueKey [0xF829419A]

INT 0x62 ? 82385BF8

INT 0x63 ? 821B3D68

INT 0x73 ? 82385BF8

INT 0x73 ? 82385BF8

INT 0x73 ? 82385BF8

INT 0x94 ? 821B3D68

INT 0xA4 ? 821B3D68

INT 0xB4 ? 821B3D68

---- Kernel code sections - GMER 1.0.14 ----

? spmo.sys O sistema não pode encontrar o arquivo especificado. !

.text USBPORT.SYS!DllUnload F7E848AC 5 Bytes JMP 821B3348

.text a4fmrwfz.SYS F7DEA386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]

.text a4fmrwfz.SYS F7DEA3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]

.text a4fmrwfz.SYS F7DEA3C4 3 Bytes [ 00, 50, 02 ]

.text a4fmrwfz.SYS F7DEA3C9 1 Byte [ 26 ]

.text a4fmrwfz.SYS F7DEA3CB 9 Bytes [ 00, 00, 32, 02, 00, 00, 00, ... ]

.text ...

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8276040] spmo.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F827613C] spmo.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F82760BE] spmo.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F82767FC] spmo.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F82766D2] spmo.sys

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!KfAcquireSpinLock] 00000600

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!READ_PORT_UCHAR] 8B73EB00

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!KeGetCurrentIrql] 00C72845

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!KfRaiseIrql] 0000000F

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!KfLowerIrql] 458B68EB

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!HalGetInterruptVector] [1000C728] \Arquivos de programas\DAEMON Tools Lite\daemon.dll (DAEMON Tools Lite control library/DT Soft Ltd.)

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!HalTranslateBusAddress] EB000000

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!KeStallExecutionProcessor] 28458B5D

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!KfReleaseSpinLock] 001100C7

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 52EB0000

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!READ_PORT_USHORT] C728458B

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00001200

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[HAL.dll!WRITE_PORT_UCHAR] 8B47EB00

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[WMILIB.SYS!WmiSystemControl] 00000008

IAT \SystemRoot\System32\Drivers\a4fmrwfz.SYS[WMILIB.SYS!WmiCompleteRequest] 458B3CEB

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 823831F8

Device \Driver\sptd \Device\1000922788 spmo.sys

Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbehci \Device\USBPDO-0 821FC1F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 823861F8

Device \Driver\dmio \Device\DmControl\DmConfig 823861F8

Device \Driver\dmio \Device\DmControl\DmPnP 823861F8

Device \Driver\dmio \Device\DmControl\DmInfo 823861F8

Device \Driver\usbuhci \Device\USBPDO-1 822251F8

Device \Driver\usbuhci \Device\USBPDO-2 822251F8

Device \Driver\usbuhci \Device\USBPDO-3 822251F8

Device \Driver\usbuhci \Device\USBPDO-4 822251F8

Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 823871F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 823871F8

Device \Driver\Cdrom \Device\CdRom0 821911F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-17 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\NetBT \Device\NetBt_Wins_Export 81C3E1F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{A828F7F6-0634-4361-A4AB-2ECA06DDED77} 81C3E1F8

Device \Driver\NetBT \Device\NetbiosSmb 81C3E1F8

Device \Driver\PCI_PNP4038 \Device\0000004c spmo.sys

Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 822251F8

Device \Driver\usbuhci \Device\USBFDO-1 822251F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81CBA500

Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-2 822251F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 81CBA500

Device \Driver\usbuhci \Device\USBFDO-3 822251F8

Device \Driver\usbehci \Device\USBFDO-4 821FC1F8

Device \Driver\Ftdisk \Device\FtControl 823871F8

Device \Driver\a4fmrwfz \Device\Scsi\a4fmrwfz1 82170268

Device \FileSystem\Cdfs \Cdfs 821C5500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x46 0x90 0xBA ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x39 0xB4 0x4E 0xD8 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x46 0x90 0xBA ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x39 0xB4 0x4E 0xD8 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x31 0xD4 0xD8 0x5C ...

Reg HKLM\SOFTWARE\Classes\CLSID\{20182402-24ED-DBEE-0C047CC941A92C12}\{18337038-91FA-1511-718667CAE01F35A0}\{7E9CBDE1-C583-B4C7-27A5326796C918BF}

Reg HKLM\SOFTWARE\Classes\CLSID\{20182402-24ED-DBEE-0C047CC941A92C12}\{18337038-91FA-1511-718667CAE01F35A0}\{7E9CBDE1-C583-B4C7-27A5326796C918BF}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{A73A7B6D-D5C7-2D01-6A3ED58A203D5FEA}\{958FE6C0-B367-4AD6-C310294BFC5DB709}\{E2E9EAF6-387C-4947-07B2C800F4ACC9F3}

Reg HKLM\SOFTWARE\Classes\CLSID\{A73A7B6D-D5C7-2D01-6A3ED58A203D5FEA}\{958FE6C0-B367-4AD6-C310294BFC5DB709}\{E2E9EAF6-387C-4947-07B2C800F4ACC9F3}@RA4KGUJC6T6LBNJRIDQ63C2L6C1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.14 ----

Obrigado...

André

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado a Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato... Aqui está o log gerado pelo ComboFix:

ComboFix 09-01-05.03 - Andre 2009-01-06 0:52:50.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.502.201 [GMT -3:00]

Executando de: c:\documents and settings\Andre\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-06 to 2009-01-06 ))))))))))))))))))))))))))))

.

2008-12-24 16:00 . 2008-12-24 16:00 <DIR> d-------- c:\arquivos de programas\PC Connectivity Solution

2008-12-24 16:00 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys

2008-12-24 15:37 . 2008-12-24 15:37 <DIR> d-------- c:\documents and settings\Andre\Dados de aplicativos\NSeries

2008-12-24 15:35 . 2008-04-13 11:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys

2008-12-24 15:35 . 2008-04-13 11:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys

2008-12-24 15:34 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll

2008-12-24 15:34 . 2008-12-24 15:34 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2008-12-24 15:34 . 2008-12-24 15:34 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2008-12-24 15:26 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll

2008-12-24 15:26 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll

2008-12-24 15:26 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys

2008-12-24 15:26 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys

2008-12-24 15:26 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys

2008-12-24 15:26 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys

2008-12-24 15:24 . 2008-12-24 15:24 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Nokia

2008-12-24 15:21 . 2008-12-24 15:57 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Installations

2008-12-18 16:13 . 2008-12-18 16:13 1,393 --a------ c:\windows\imsins.BAK

2008-12-15 11:06 . 2008-12-15 11:06 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Nokia

2008-12-15 10:59 . 2008-12-24 16:10 <DIR> d-------- c:\documents and settings\Andre\Dados de aplicativos\Nokia

2008-12-15 10:59 . 2008-12-15 11:09 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2008-12-15 10:53 . 2008-12-24 16:01 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\PCSuite

2008-12-15 10:50 . 2008-12-24 15:37 <DIR> d-------- c:\documents and settings\Andre\Dados de aplicativos\PC Suite

2008-12-15 10:50 . 2008-12-24 16:01 <DIR> d-------- c:\arquivos de programas\Nokia

2008-12-15 10:50 . 2008-12-24 16:00 <DIR> d-------- c:\arquivos de programas\DIFX

2008-12-15 10:50 . 2008-09-15 07:56 91,136 --a------ c:\windows\system32\nmwcdcls.dll

2008-12-13 18:28 . 2008-12-13 18:28 102,431 --a------ c:\windows\system32\msvcrt2.dll

2008-12-11 18:22 . 2008-12-11 18:22 <DIR> d-------- c:\arquivos de programas\CCleaner

2008-12-11 16:08 . 2009-01-05 01:17 250 --a------ c:\windows\gmer.ini

2008-12-11 13:45 . 2008-12-11 13:45 <DIR> d-------- c:\arquivos de programas\Trend Micro

2008-12-11 10:50 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-12-11 10:49 . 2008-12-11 10:49 <DIR> d-------- c:\arquivos de programas\Panda Security

2008-12-11 10:43 . 2008-12-11 10:46 <DIR> d-------- c:\windows\system32\NtmsData

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-05 15:31 --------- d-----w c:\documents and settings\Andre\Dados de aplicativos\Orbit

2008-12-31 15:34 --------- d-----w c:\arquivos de programas\Orbitdownloader

2008-12-31 14:56 --------- d-----w c:\documents and settings\Andre\Dados de aplicativos\LimeWire

2008-12-25 15:52 --------- d-----w c:\arquivos de programas\Java

2008-12-23 18:30 --------- d-----w c:\documents and settings\Andre\Dados de aplicativos\SWF.max

2008-12-20 15:52 --------- d-----w c:\arquivos de programas\PowerArchiver

2008-12-11 21:24 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-12-11 03:31 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2008-12-03 13:02 --------- d-----w c:\documents and settings\Andre\Dados de aplicativos\IObit

2008-12-03 13:02 --------- d-----w c:\arquivos de programas\IObit

2008-12-02 16:09 --------- d-----w c:\documents and settings\Andre\Dados de aplicativos\Design Science

2008-12-02 16:08 --------- d-----w c:\arquivos de programas\MathType

2008-11-28 23:41 --------- d-----w c:\documents and settings\Andre\Dados de aplicativos\uTorrent

2008-11-26 16:32 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2008-11-25 16:04 --------- d-----w c:\arquivos de programas\SourceTec

2008-11-25 15:44 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-11-25 15:39 --------- d-----w c:\arquivos de programas\Arquivos comuns\SourceTec

2008-11-25 15:31 --------- d-----w c:\arquivos de programas\SWF.max

2008-11-23 18:58 --------- d-----w c:\documents and settings\Andre\Dados de aplicativos\Skype

2008-11-19 14:34 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-11-19 03:24 --------- d-----w c:\arquivos de programas\ApecSoft

2008-11-15 02:39 --------- d-----w c:\documents and settings\Andre\Dados de aplicativos\skypePM

2008-11-14 02:43 --------- d-----w c:\arquivos de programas\X-VCD Player

2008-11-14 02:39 --------- d-----w c:\documents and settings\Andre\Dados de aplicativos\CyberLink

2008-11-14 02:39 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2008-11-12 01:13 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-12 01:00 --------- d-----w c:\arquivos de programas\Microsoft Games

2008-11-12 00:53 --------- d-----w c:\arquivos de programas\PowerISO

2008-11-11 15:54 --------- d-----w c:\arquivos de programas\Programas RFB

2008-11-11 04:21 --------- d-----w c:\arquivos de programas\DivX

2008-11-10 08:43 410,984 ----a-w c:\windows\system32\deploytk.dll

2008-10-29 14:24 831,048 ----a-w c:\windows\system32\WudfUpdate_01005.dll

2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll

2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll

2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll

2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll

2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll

2008-10-23 12:37 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:23 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 17:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 17:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 17:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 17:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 17:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 17:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 17:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 17:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 17:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 17:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-06-16 19:50 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008060920080616\index.dat

2008-06-16 19:50 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008061620080617\index.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-13 1695232]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-11-21 1202176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"Adobe Photo Downloader"="c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

"ISUSPM"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2008-09-06 413696]

"MultiScreen"="c:\arquivos de programas\MultiScreen\MultiScreen.exe" [2008-02-22 114688]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

GammaTray.lnk - c:\arquivos de programas\MagicTune Premium\GammaTray.exe [2008-10-16 36864]

NCProTray.lnk - c:\arquivos de programas\SEC\Natural Color Pro\NCProTray.exe [2008-10-16 49220]

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-08-25 1711304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]

--a------ 2007-09-07 14:44 3100672 c:\arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Warcraft III\\Frozen Throne.exe"=

"c:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"c:\\Documents and Settings\\Andre\\Desktop\\autorefresh\\WarcraftIIIAutoRefresh.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\abichels\\day of defeat\\hl.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\MagicTune Premium\\MagicTune.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"skp66.exe"= skp66.exe:BNDMSS

"c:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Arquivos de programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4000:TCP"= 4000:TCP:Open Battle.net

"6112:TCP"= 6112:TCP:StarCraft Battle.net TCP

"6112:UDP"= 6112:UDP:StarCraft Battle.net UDP

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-11 28544]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-14 97928]

R4 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]

R4 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]

R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-14 76040]

R4 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [2008-06-17 61600]

S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [2008-06-17 9360]

S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [2008-06-17 97184]

S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [2008-06-17 88688]

S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [2008-06-17 18704]

S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [2008-06-17 86560]

S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [2008-06-17 90800]

S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2008-06-16 167424]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\autorun.exe

\Shell\directx\command - f:\directx9\dxsetup.exe

\Shell\setup\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\CDCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\CDCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\Shell\AutoRun\command - I:\CDCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{495a8ce9-3c71-11dd-80ab-0015c532d3c5}]

\Shell\AutoRun\command - F:\ncyrf.bat

\Shell\explore\Command - F:\ncyrf.bat

\Shell\open\Command - F:\ncyrf.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0d64bc4-d52b-11dd-85c9-0015c532d3c5}]

\Shell\AutoRun\command - F:\dll32.exe

\Shell\open\command - F:\dll32.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-05 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-Microsoft® System Manager - c:\windows\system32\syrmgr.exe

HKLM-Run-naxmgr - c:\windows\system32\naxmgr.exe

MSConfigStartUp-Windows Network Data Management System Service - skp66.exe

.

------- Scan Suplementar -------

.

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

FF - ProfilePath - c:\documents and settings\Andre\Dados de aplicativos\Mozilla\Firefox\Profiles\8d085yxg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

ATTENTION: FIREFOX POLICES IS IN FORCE

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-06 00:54:50

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(760)

c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(864)

c:\windows\system32\avgrsstx.dll

.

Tempo para conclusão: 2009-01-06 0:56:59

ComboFix-quarantined-files.txt 2009-01-06 03:56:56

Pré-execução: 18 pasta(s) 41.225.859.072 bytes disponíveis

Pós execução: 18 pasta(s) 41,436,512,256 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

249 --- E O F --- 2009-01-02 09:50:43

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

desculpe, não entendi a ultima mensagem...

poderia postar novamente?

obrigado

abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Por gentileza, aguarde, estamos com um problema técnico no fórum.

Obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Alguma novidade? Ainda estou aguardando...

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Infelizmente nada, as barras invertidas não são exibidas corretamente, veja o exemplo abaixo:

C:\Pasta\arquivo.exe

O que podemos fazer é eu postar o script mesmo assim, e você adicionar as barras separando arquivos e pastas, mas terá que se certificar de não esquecer nenhuma.

Pode ser ou prefere esperar?

Obs: Isso é aleatório, hora aparece, hora desaparece.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato...

Eu prefiro esperar... pra evitar problemas...

Então aguardo sua mensagem... mas ja fazem umas duas semanas que o aviso do arquivo infectado nao aparece... quer que eu poste um novo log?

Obrigado

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ainda falta um script para eliminar o restante das infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Problema das barras resolvido, ainda deseja ajuda?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato... gostaria sim...

você poderia consultar meus logs? quais devo enviar?

obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poderia executar o ComboFix novamente e postar seu log para análise?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola Renato... tentei passar o combofix no meu computador...

ele completou as 50 etapas, apareceu a seguinte mensagem: "C:\WINDOWS\system32\ não é reconhecido como um comando interno ou externo, um programa operável ou um arquivo em lotes."

e ele pára aí... que eu faço?

obrigado

abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você desativou os programas de proteção ANTES de executar o ComboFix?

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

Tente executar o ComboFix novamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Renato, já tentei iniciar o combofix em modo de segurança, e com todos os programas fechados, incluindo firewall, antivirus e spyware... ele trava no final, com a mesma mensagem sobre "system 32 nao é reconhecido como um comando interno ou externo, um programa operável ou um arquivo em lotes"

que posso fazer? deseja o log de algum outro programa ou existe algum meio?

obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Malwarebytes Anti-Malware:

Link1

Link alternativo

Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.

  • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
  • Se existirem atualizações, elas serão baixadas e instaladas.
  • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
  • O scan iniciará e poderá ser demorado. Por favor seja paciente.
  • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
  • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
  • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
  • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
  • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×