Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
brasilramos

Analise Log HijackThis

Recommended Posts

Não consigo abrir os discos rígidos a partir do Meu Computador. Quando tento abrir, aparece um pedido para escolher o programa a ser usado para abrir.

Encontrei um TR/Crypt.XPACK.Gen e outro malware(??) que não salvei o nome, mas tinha pesquisado e era a provavel causa do meu problema.

Gostaria que analisassem meu log e me ajudassem por favor.

Se precisarem baixo também o combofix e posto o log.

Valeu!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:02:53, on 16/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Documents and Settings\Felipe Brasil Ramos\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\DreaMule\emule.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\Felipe Brasil Ramos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Felipe Brasil Ramos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Felipe Brasil Ramos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Felipe Brasil Ramos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Felipe Brasil Ramos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Felipe Brasil Ramos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Felipe Brasil Ramos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\DOCUME~1\FELIPE~1\CONFIG~1\Temp\Diretório temporário 1 para HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'Ac.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'Ac.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'Ac.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Felipe Brasil Ramos\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\DreaMule\emule.exe -AutoStart

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) -

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 9752 bytes

RELATÓRIO COMBOFIX

ComboFix 08-12-15.05 - Felipe Brasil Ramos 2008-12-16 12:45:16.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2038.1612 [GMT -2:00]

Executando de: c:\documents and settings\Felipe Brasil Ramos\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\FlashGet Network

c:\arquivos de programas\FlashGet Network\FlashGet universal\dbtrans_verbose.log

c:\arquivos de programas\FlashGet Network\FlashGet universal\fgoption.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\P2PCfg.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\p2spmgr.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\p4spmgr.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Profiles\config.dat

c:\arquivos de programas\FlashGet Network\FlashGet universal\Profiles\tasks.dat

c:\arquivos de programas\FlashGet Network\FlashGet universal\transaction.log

C:\Autorun.inf

c:\documents and settings\Felipe Brasil Ramos\Dados de aplicativos\BITS

c:\documents and settings\Felipe Brasil Ramos\Dados de aplicativos\BITS\BITS.ini

c:\documents and settings\Felipe Brasil Ramos\Dados de aplicativos\BITS\DHTTable.dat

c:\documents and settings\Felipe Brasil Ramos\Dados de aplicativos\BITS\ProxyList.ini

c:\documents and settings\Felipe Brasil Ramos\Dados de aplicativos\BITS\UPnP.ini

C:\start.bat

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\desktop.ini

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\gbpdist.dll

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\gbpdist.inf

c:\windows\Tasks\startt.job

D:\Autorun.inf

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-16 to 2008-12-16 ))))))))))))))))))))))))))))

.

2008-12-15 23:05 . 2008-12-15 23:05 <DIR> d-------- c:\documents and settings\Felipe Brasil Ramos\Dados de aplicativos\SUPERAntiSpyware.com

2008-12-15 23:05 . 2008-12-15 23:05 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2008-12-15 23:05 . 2008-12-15 23:05 <DIR> d-------- c:\arquivos de programas\SUPERAntiSpyware

2008-12-15 23:04 . 2008-12-15 23:04 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-12-10 20:19 . 2008-12-10 20:19 <DIR> d-------- c:\arquivos de programas\D'Accord_Music_Software_BR

2008-12-10 20:19 . 2008-12-10 20:19 <DIR> d-------- c:\arquivos de programas\D'Accord Metrônomo

2008-12-10 15:59 . 2008-12-10 16:05 <DIR> d-------- c:\arquivos de programas\Central de Jogos

2008-12-10 15:59 . 2001-04-04 16:01 2,023,424 -ra------ c:\windows\system32\vcl50.bpl

2008-12-10 15:59 . 2001-11-14 17:48 692,736 -ra------ c:\windows\system32\firstclass2000_vcl5.bpl

2008-12-10 15:59 . 2001-04-04 16:01 558,080 -ra------ c:\windows\system32\vcldb50.bpl

2008-12-10 15:59 . 2001-04-04 16:01 387,072 -ra------ c:\windows\system32\dss50.bpl

2008-12-10 15:59 . 1997-05-29 17:29 315,904 --a------ c:\windows\IsUn0416.exe

2008-12-10 15:59 . 2001-04-04 16:01 300,032 -ra------ c:\windows\system32\vclbde50.bpl

2008-12-10 15:59 . 2001-04-04 16:01 248,832 -ra------ c:\windows\system32\vclx50.bpl

2008-12-08 11:57 . 2008-12-08 12:36 <DIR> d-------- c:\documents and settings\Felipe Brasil Ramos\Dados de aplicativos\DeepBurner

2008-12-08 11:56 . 2008-12-08 11:56 <DIR> d-------- c:\arquivos de programas\Astonsoft

2008-12-07 09:59 . 2008-12-07 09:59 <DIR> d-------- c:\arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-12-07 09:57 . 2008-12-07 09:57 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2008-12-06 23:47 . 2004-12-14 14:07 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys

2008-12-06 23:47 . 2004-12-14 14:07 21,744 -ra------ c:\windows\system32\drivers\HPZius12.sys

2008-12-06 23:47 . 2004-12-14 14:07 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys

2008-12-06 23:47 . 2008-04-13 15:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2008-12-06 23:47 . 2008-04-13 15:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

2008-12-06 23:43 . 2008-12-06 23:43 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HP

2008-12-06 23:40 . 2008-12-06 23:41 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\HP

2008-12-06 23:38 . 2008-12-06 23:39 <DIR> d-------- c:\arquivos de programas\Hewlett-Packard

2008-12-06 23:37 . 2008-12-06 23:37 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-12-06 23:36 . 2008-12-06 23:36 <DIR> d-------- c:\windows\system32\URTTemp

2008-12-06 23:35 . 2008-12-06 23:35 <DIR> d-------- C:\Program Files

2008-12-06 23:35 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll

2008-12-06 23:35 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll

2008-12-06 23:35 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll

2008-12-06 23:35 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe

2008-12-06 23:35 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe

2008-12-06 23:35 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll

2008-12-06 23:34 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

2008-12-06 23:33 . 2008-12-06 23:47 <DIR> d-------- c:\arquivos de programas\HP

2008-12-06 23:32 . 2008-12-06 23:48 69,251 --a------ c:\windows\hpoins05.dat

2008-12-06 23:32 . 2004-12-14 14:07 19,696 --------- c:\windows\hpomdl05.dat

2008-12-06 22:07 . 2008-04-13 15:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys

2008-12-06 22:07 . 2008-04-13 15:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys

2008-12-01 17:44 . 2008-12-01 17:44 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avg8

2008-12-01 17:40 . 2008-12-01 17:40 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avira

2008-12-01 17:40 . 2008-12-01 17:40 <DIR> d-------- c:\arquivos de programas\Avira

2008-12-01 15:24 . 2008-04-13 23:21 152,576 --a------ c:\windows\system32\irftp.exe

2008-12-01 15:24 . 2008-04-13 23:21 152,576 --a--c--- c:\windows\system32\dllcache\irftp.exe

2008-12-01 15:24 . 2008-04-13 23:20 28,672 --a------ c:\windows\system32\irmon.dll

2008-12-01 15:24 . 2008-04-13 23:20 28,672 --a--c--- c:\windows\system32\dllcache\irmon.dll

2008-12-01 15:24 . 2008-04-13 23:20 8,192 --a------ c:\windows\system32\wshirda.dll

2008-12-01 15:24 . 2008-04-13 23:20 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll

2008-11-29 18:56 . 2008-12-16 00:07 <DIR> d---s---- c:\windows\Downloaded Program Files

2008-11-29 08:09 . 2008-11-29 08:09 59 --a------ c:\windows\plugin.fax

2008-11-28 14:43 . 2008-11-28 14:44 <DIR> d-------- c:\arquivos de programas\PDFCreator

2008-11-28 14:43 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX

2008-11-28 14:43 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll

2008-11-28 14:43 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL

2008-11-27 15:58 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll

2008-11-22 15:49 . 2008-11-22 15:49 <DIR> d-------- c:\arquivos de programas\Multi_Media

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-16 14:13 --------- d-----w c:\arquivos de programas\DreaMule

2008-12-15 20:17 --------- d-----w c:\arquivos de programas\Windows Live Safety Center

2008-12-14 10:43 --------- d-----w c:\documents and settings\Felipe Brasil Ramos\Dados de aplicativos\uTorrent

2008-12-11 04:22 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2008-12-08 21:37 --------- d-----w c:\arquivos de programas\Java

2008-11-14 18:38 --------- d-----w c:\arquivos de programas\Microsoft.NET

2008-11-11 02:01 --------- d-----w c:\documents and settings\Felipe Brasil Ramos\Dados de aplicativos\Hamachi

2008-11-10 00:27 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys

2008-11-10 00:27 --------- d-----w c:\arquivos de programas\Hamachi

2008-11-06 01:08 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-06 01:08 --------- d-----w c:\arquivos de programas\GameSpy Arcade

2008-11-06 01:07 --------- d-----w c:\arquivos de programas\EA GAMES

2008-11-05 21:23 --------- d-----w c:\arquivos de programas\1964

2008-11-05 20:18 --------- d-----w c:\documents and settings\Felipe Brasil Ramos\Dados de aplicativos\InstallShield

2008-11-05 20:18 --------- d-----w c:\arquivos de programas\VID_0E8F&PID_0003

2008-11-04 01:29 --------- d-----w c:\arquivos de programas\Combined Community Codec Pack

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 12:37 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 16:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 16:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-16 01:02 668,160 ----a-w c:\windows\system32\wininet.dll

2008-10-11 20:53 86,016 ----a-w c:\windows\system32\preflib.dll

2008-10-11 20:53 69,632 ----a-w c:\windows\system32\bcmwlpkt.dll

2008-10-11 20:53 499,712 ----a-w c:\windows\system32\MSVCP71.DLL

2008-10-11 20:53 44,032 ----a-w c:\windows\system32\wltrynt.dll

2008-10-11 20:53 348,160 ----a-w c:\windows\system32\MSVCR71.DLL

2008-10-11 20:53 2,129,920 ----a-w c:\windows\system32\WLBCGCBPRO731.DLL

2008-10-11 20:53 180,224 ----a-w c:\windows\system32\bcmwlu00.exe

2008-10-11 20:53 18,944 ----a-w c:\windows\system32\WLTRYSVC.EXE

2008-10-11 20:53 1,236,992 ----a-w c:\windows\system32\WLTRAY.EXE

2008-10-11 20:53 1,093,632 ----a-w c:\windows\system32\BCMWLTRY.EXE

2008-10-11 20:53 1,060,864 ----a-w c:\windows\system32\MFC71.DLL

2008-10-11 20:52 89,088 ----a-w c:\windows\system32\ATL71.DLL

2008-10-11 20:52 757,760 ----a-w c:\windows\system32\bcm1xsup.dll

2008-10-11 20:52 667,648 ----a-w c:\windows\system32\BCMLogon.dll

2008-10-11 20:51 88,204 ----a-w c:\windows\AGRSMMSG.exe

2008-10-11 20:51 68,096 ----a-w c:\windows\agrsmdel.exe

2008-10-11 20:51 68,096 ------w c:\windows\system32\agrsmdel.exe

2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-09-30 18:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-22 01:37 2,560 ----a-w c:\windows\_MSRSTRT.EXE

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}"= "c:\arquivos de programas\D'Accord_Music_Software_BR\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}]

2007-07-31 16:33 1391640 --a------ c:\arquivos de programas\D'Accord_Music_Software_BR\tbD'Ac.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}"= "c:\arquivos de programas\D'Accord_Music_Software_BR\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}"= "c:\arquivos de programas\D'Accord_Music_Software_BR\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Felipe Brasil Ramos\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-16 133104]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

"eMuleAutoStart"="c:\arquivos de programas\DreaMule\emule.exe" [2008-07-21 6696960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="c:\arquivos de programas\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491]

"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-11 1236992]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 c:\windows\RTHDCPL.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2008-10-11 c:\windows\AGRSMMSG.exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

BTTray.lnk - c:\arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-05 618557]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]

Inicializa‡Æo r*pida do HP Image Zone.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-03 14:56 352256 c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= c:\arquiv~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

"c:\\Documents and Settings\\Felipe Brasil Ramos\\Meus documentos\\utorrent.exe"=

"c:\\Arquivos de programas\\EA GAMES\\MOHAA\\MOHAA.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"22809:TCP"= 22809:TCP:*:Disabled:DreaMule TCP

"12572:UDP"= 12572:UDP:*:Disabled:DreaMule UDP

R1 SASDIFSV;SASDIFSV;\??\c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]

R3 SASENUM;SASENUM;\??\c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\arquivos de programas\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []

S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2008-10-03 61504]

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2008-10-03 9328]

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2008-10-03 97056]

S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w200mgmt.sys [2008-10-03 88560]

S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w200obex.sys [2008-10-03 86368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##192.168.1.193#Rede Fluxo]

\Shell\AutoRun\command - tyewjp.exe

\Shell\explore\Command - tyewjp.exe

\Shell\open\Command - tyewjp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a754beec-88e6-11dd-9bdf-0016367adccf}]

\Shell\AutoRun\command - G:\abk.bat

\Shell\explore\Command - G:\abk.bat

\Shell\open\Command - G:\abk.bat

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-12-16 c:\windows\Tasks\GoogleUpdateTaskUser.job

- c:\documents and settings\Felipe Brasil Ramos\Configura []

2008-10-13 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\arquivos de programas\Uniblue\SpyEraser\SpyEraser.exe [2008-08-25 15:44]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Enviar para Dispositivo &Bluetooth... - c:\arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\Felipe Brasil Ramos\Dados de aplicativos\Mozilla\Firefox\Profiles\ejmej308.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.googlenight.com/pt/#

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-16 12:46:54

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\EverestDriver]

"ImagePath"="\??\c:\arquivos de programas\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(780)

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

c:\windows\System32\BCMLogon.dll

.

Tempo para conclusão: 2008-12-16 12:47:33

ComboFix-quarantined-files.txt 2008-12-16 14:47:29

Pré-execução: 14 pasta(s) 21.657.591.808 bytes disponíveis

Pós execução: 14 pasta(s) 22,024,560,640 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

268 --- E O F --- 2008-12-12 02:11:02

Compartilhar este post


Link para o post
Compartilhar em outros sites

De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×