Ir ao conteúdo
  • Cadastre-se
Fuguets

-=Problema com resycled/boot.com=-

Recommended Posts

CREEEEEEEEEEEEEEEEEEEEEEdo galera, eu arrecem formatei o pac e pau pau ja ta pegando nele, esse tal de resycled/boot.com aparece sempre que eu tento acessar algum drive...C: - D: - E: - F:...

Uso Kaspersky e Spyware Doctor mas eles nao encontram nada...como desinfectar isso ?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Como? :confused:

Para resolver o caso você deve aguardar a seção de Remoção de Malware reabrir, ler o seguinte tópico: Leia Antes de Postar - Criando um novo Tópico e postar os logs pedidos lá!

Lá o pessoal devidamente treinado para isso poderá te ajudar!

Enquanto isso mantenha programas de proteção devidamente instalados e atualizados, eles podem resolver o caso! :)

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom, dei uma lida lá...e é o seguinte.

Scan DDS;

DDS (Ver_09-02-01.01) - NTFSx86

Run by Ronaldo at 9:48:32,51 on qui 12/02/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.895.515 [GMT -2:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)

FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

D:\Arquivos de programas\PowerISO\PWRISOVM.EXE

D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

D:\Arquivos de Programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Ronaldo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.terra.com.br/

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - d:\arquivos de programas\bitcomet\tools\BitCometBHO_1.2.8.7.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - d:\arquivos de programas\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\arquiv~1\micros~1\office12\GRA8E1~1.DLL

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "c:\arquivos de programas\msn messenger\MsnMsgr.Exe" /background

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

mRun: [startCCC] c:\arquivos de programas\ati technologies\ati.ace\core-static\CLIStart.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AVP] "d:\arquivos de programas\kaspersky lab\kaspersky anti-virus 2009\avp.exe"

mRun: [PWRISOVM.EXE] d:\arquivos de programas\poweriso\PWRISOVM.EXE

mRun: [GrooveMonitor] "d:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~1.lnk - d:\arquivos de programas\adobe\acrobat 7.0\reader\reader_sl.exe

IE: &B&aixar &com o BitComet - d:\arquivos de programas\bitcomet\BitComet.exe/AddLink.htm

IE: &B&aixar todos os vídeos com o BitComet - d:\arquivos de programas\bitcomet\BitComet.exe/AddVideo.htm

IE: &B&aixar tudo usando o BitComet - d:\arquivos de programas\bitcomet\BitComet.exe/AddAllLink.htm

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\micros~1\office12\EXCEL.EXE/3000

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://d:\arquivos de programas\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - d:\arquivos de programas\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\arquiv~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\arquiv~1\micros~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\arquiv~1\micros~1\office12\GR99D3~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: d:\arquiv~1\kasper~1\kasper~1\mzvkbd.dll,d:\arquiv~1\kasper~1\kasper~1\mzvkbd3.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\arquiv~1\micros~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ronaldo\dadosd~1\mozilla\firefox\profiles\0jzwgpl6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.terra.com.br/

FF - component: c:\documents and settings\ronaldo\dados de aplicativos\mozilla\firefox\profiles\0jzwgpl6.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\components\GbMzhAbn.dll

FF - plugin: d:\arquivos de programas\adobe\acrobat 7.0\reader\browser\nppdf32.dll

---- FIREFOX POLICIES ----

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-2-10 226832]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]

S2 AVP;Kaspersky Anti-Virus;d:\arquivos de programas\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088]

S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]

S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-10 40840]

S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-10 66952]

S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-10 81288]

S3 sdAuxService;PC Tools Auxiliary Service;d:\arquivos de programas\spyware doctor\pctsAuxs.exe [2009-2-10 356920]

S3 sdCoreService;PC Tools Security Service;d:\arquivos de programas\spyware doctor\pctsSvc.exe [2009-2-10 1079176]

=============== Created Last 30 ================

2009-02-12 09:46 <DIR> --d----- c:\arquivos de programas\DDS

2009-02-11 23:43 107,888 a------- c:\windows\system32\CmdLineExt.dll

2009-02-11 23:28 <DIR> --d----- c:\docume~1\ronaldo\dadosd~1\LimeWire

2009-02-11 23:28 410,984 a------- c:\windows\system32\deploytk.dll

2009-02-11 23:28 73,728 a------- c:\windows\system32\javacpl.cpl

2009-02-11 22:31 <DIR> --d----- c:\documents and settings\ronaldo\Contacts

2009-02-11 21:45 219,648 a------- c:\windows\system32\uxtheme.backup

2009-02-11 21:45 8,294,454 a------- c:\windows\startup.bmp

2009-02-11 21:33 <DIR> --d----- c:\windows\VistaMizer

2009-02-10 12:43 272,384 -c------ c:\windows\system32\dllcache\bthport.sys

2009-02-10 12:43 272,384 -------- c:\windows\system32\drivers\bthport.sys

2009-02-10 12:41 2,140,160 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-10 12:41 2,441,344 ac------ c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-10 12:41 2,318,720 ac------ c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-10 12:41 2,019,840 -c------ c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-10 12:38 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2009-02-10 12:38 32,592 a------- c:\windows\system32\msonpmon.dll

2009-02-10 12:33 <DIR> --d----- c:\windows\system32\PreInstall

2009-02-10 12:33 <DIR> --d-h--- c:\windows\$hf_mig$

2009-02-10 12:23 <DIR> --d----- c:\windows\system32\SoftwareDistribution

2009-02-10 11:40 2,938,912 a--sh--- c:\windows\system32\drivers\fidbox.dat

2009-02-10 11:40 278,560 a--sh--- c:\windows\system32\drivers\fidbox2.dat

2009-02-10 11:40 27,184 a--sh--- c:\windows\system32\drivers\fidbox.idx

2009-02-10 11:40 5,176 a--sh--- c:\windows\system32\drivers\fidbox2.idx

2009-02-10 10:59 81,288 a------- c:\windows\system32\drivers\iksyssec.sys

2009-02-10 10:59 66,952 a------- c:\windows\system32\drivers\iksysflt.sys

2009-02-10 10:59 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys

2009-02-10 10:59 29,576 a------- c:\windows\system32\drivers\kcom.sys

2009-02-10 10:59 <DIR> --d----- c:\docume~1\ronaldo\dadosd~1\PC Tools

2009-02-10 10:47 <DIR> --d----- c:\arquivos de programas\Microsoft Visual Studio 8

2009-02-10 10:47 <DIR> --d----- c:\windows\SHELLNEW

2009-02-10 10:19 101,287 a------- c:\windows\system32\drivers\klin.dat

2009-02-10 10:19 89,601 a------- c:\windows\system32\drivers\klick.dat

2009-02-10 10:19 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab

2009-02-10 09:33 <DIR> --d----- c:\docume~1\ronaldo\dadosd~1\Kaspersky_Key_Finder_(KKF

2009-02-10 09:18 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

2009-02-10 00:53 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2009-02-09 22:32 <DIR> --d----- c:\windows\pss

2009-02-09 22:26 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Symantec

2009-02-09 22:26 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Symantec Shared

2009-02-09 22:19 520,192 -------- c:\windows\system32\ati2sgag.exe

2009-02-09 22:01 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll

2009-02-09 22:01 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll

2009-02-09 22:01 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll

2009-02-09 22:01 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll

2009-02-09 22:01 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll

2009-02-09 22:01 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll

2009-02-09 22:01 8,704 a------- c:\windows\system32\kbdjpn.dll

2009-02-09 22:01 8,192 a------- c:\windows\system32\kbdkor.dll

2009-02-09 22:01 6,144 a------- c:\windows\system32\kbd106.dll

2009-02-09 22:01 6,144 a------- c:\windows\system32\kbd101c.dll

2009-02-09 22:01 6,144 a------- c:\windows\system32\kbd101b.dll

2009-02-09 22:01 5,632 a------- c:\windows\system32\kbd103.dll

2009-02-09 21:38 10 a------- c:\windows\WININIT.INI

2009-02-09 21:35 <DIR> --d----- c:\windows\system32\appmgmt

2009-02-09 21:32 96,896 a----r-- c:\windows\system32\drivers\Rtenicxp.sys

2009-02-09 21:32 <DIR> --d----- c:\windows\OPTIONS

2009-02-09 21:31 146,650 a------- c:\windows\system32\BuzzingBee.wav

2009-02-09 21:31 940,794 a------- c:\windows\system32\LoopyMusic.wav

2009-02-09 21:31 <DIR> --d----- c:\windows\system32\Lang

2009-02-09 21:28 22,752 a------- c:\windows\system32\spupdsvc.exe

2009-02-09 21:28 <DIR> --d----- c:\arquivos de programas\Realtek

2009-02-09 21:24 <DIR> --d----- c:\windows\system32\ReinstallBackups

2009-02-09 21:23 <DIR> --d----- c:\arquivos de programas\ATI Technologies

2009-02-09 21:23 <DIR> --d----- c:\arquivos de programas\arquivos comuns\InstallShield

2009-02-09 21:22 <DIR> --d----- C:\ATI

2009-02-09 21:14 <DIR> --dshr-- C:\resycled

2009-02-09 21:08 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll

2009-02-09 21:08 21,504 a------- c:\windows\system32\hidserv.dll

2009-02-09 21:08 14,848 ac------ c:\windows\system32\dllcache\kbdhid.sys

2009-02-09 21:08 14,848 a------- c:\windows\system32\drivers\kbdhid.sys

2009-02-09 21:08 9,600 ac------ c:\windows\system32\dllcache\hidusb.sys

2009-02-09 21:08 9,600 a------- c:\windows\system32\drivers\hidusb.sys

2009-02-09 21:08 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys

2009-02-09 21:08 31,616 a------- c:\windows\system32\drivers\usbccgp.sys

2009-02-09 20:04 <DIR> --d-h--- c:\documents and settings\ronaldo\Modelos

2009-02-09 20:04 <DIR> --d-h--- c:\documents and settings\ronaldo\Dados de aplicativos

2009-02-09 20:04 <DIR> --d-h--- c:\documents and settings\ronaldo\Configurações locais

2009-02-09 20:04 <DIR> --d-h--- c:\documents and settings\ronaldo\Ambiente de rede

2009-02-09 20:04 <DIR> --d-h--- c:\documents and settings\ronaldo\Ambiente de impressão

2009-02-09 20:04 <DIR> --d--r-- c:\documents and settings\ronaldo\Meus documentos

2009-02-09 20:04 <DIR> --d--r-- c:\documents and settings\ronaldo\Menu Iniciar

2009-02-09 20:04 <DIR> --d--r-- c:\documents and settings\ronaldo\Favoritos

2009-02-09 20:04 <DIR> --d----- c:\documents and settings\Ronaldo

2009-02-09 20:03 <DIR> --ds---- c:\windows\system32\Microsoft

2009-02-09 20:03 8,192 a------- c:\windows\REGLOCS.OLD

2009-02-09 20:01 471,102 ac------ c:\windows\system32\dllcache\imskdic.dll

2009-02-09 20:00 77,312 ac------ c:\windows\system32\dllcache\logui.ocx

2009-02-09 19:59 <DIR> --dsh--- c:\documents and settings\all users\DRM

2009-02-09 19:59 488 a---hr-- c:\windows\system32\WindowsLogon.manifest

2009-02-09 19:59 488 a---hr-- c:\windows\system32\logonui.exe.manifest

2009-02-09 19:59 <DIR> --ds---- c:\windows\Downloaded Program Files

2009-02-09 19:59 <DIR> --d--r-- c:\windows\Offline Web Pages

2009-02-09 19:59 749 a---hr-- c:\windows\WindowsShell.Manifest

2009-02-09 19:59 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest

2009-02-09 19:59 749 a---hr-- c:\windows\system32\sapi.cpl.manifest

2009-02-09 19:59 749 a---hr-- c:\windows\system32\nwc.cpl.manifest

2009-02-09 19:59 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest

2009-02-09 19:59 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest

2009-02-09 19:59 <DIR> --d-h--- c:\arquivos de programas\WindowsUpdate

2009-02-09 19:59 <DIR> --d----- c:\arquivos de programas\Serviços on-line

2009-02-09 19:59 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex

2009-02-09 19:59 <DIR> --d----- c:\windows\system32\DirectX

2009-02-09 19:58 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Serviços

2009-02-09 19:58 <DIR> --d----- c:\arquivos de programas\arquivos comuns\MSSoap

2009-02-09 19:57 <DIR> --d----- c:\arquivos de programas\Messenger

2009-02-09 19:57 <DIR> --d----- c:\arquivos de programas\MSN Gaming Zone

2009-02-09 19:56 <DIR> --d----- c:\arquivos de programas\Windows NT

2009-02-09 16:51 <DIR> --d----- c:\arquivos de programas\arquivos comuns\ODBC

2009-02-09 16:51 <DIR> --d----- c:\arquivos de programas\arquivos comuns\SpeechEngines

2009-02-09 16:51 <DIR> --d-h--- c:\documents and settings\all users\Modelos

2009-02-09 16:51 <DIR> --d--r-- c:\documents and settings\all users\Menu Iniciar

2009-02-09 16:51 <DIR> --d--r-- c:\documents and settings\all users\Documentos

2009-02-09 16:51 <DIR> --d----- c:\documents and settings\all users\Favoritos

2009-02-09 16:49 <DIR> --d-hr-- c:\documents and settings\all users\Dados de aplicativos

==================== Find3M ====================

2009-02-11 21:45 219,648 a------- c:\windows\system32\uxtheme.dll

2009-02-11 19:24 425,426 a------- c:\windows\system32\perfh016.dat

2009-02-11 19:24 67,450 a------- c:\windows\system32\perfc016.dat

2009-02-10 11:28 33,808 a------- c:\windows\system32\drivers\klbg.sys

2009-02-09 21:28 315,392 a------- c:\windows\HideWin.exe

2009-02-09 19:59 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-02-09 19:57 21,844 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 9:48:52,34 ===============

Scan gmer:

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2009-02-12 10:12:04

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xEBF8E1DA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xEBF8E7AE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xEBF901EA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xEBF8FB9C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xEBF8D950]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xEBF91B7C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xEBF8E5AE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xEBF8DD92]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xEBF8DF92]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xEBF8FEAC]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xEBF92084]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xEBF8E0A8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xEBF8E110]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xEBF8FD5E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xEBF91620]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xEBF8F9F8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xEBF8DAB2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xEBF8E3B2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xEBF91BA6]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xEBF8E2FE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xEBF8E178]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xEBF8DE7C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xEBF8DC5A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xEBF91888]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xEBF8D5D2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xEBF90A74]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xEBF8D734]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xEBF91F56]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xEBF8D3D0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xEBF9008C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xEBF8E6AC]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xEBF9171A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xEBF91BD0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xEBF8DB08]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xEBF91CB4]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xEBF91DE0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xEBF9154C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xEBF8E47E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xEBF8E4F0]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E74 5 Bytes JMP EBFA5626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE758 5 Bytes JMP EBFA59E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

.text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501610 12 Bytes [ B4, 1C, F9, EB, E0, 1D, F9, ... ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6DDE530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F6DDE530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.14 ----

Thread 4:3328 B78B5150

---- EOF - GMER 1.0.14 ----

Fiz também um scan em todas minha unidades pra ver se podem analisar:

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2009-02-12 10:08:46

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xEBF8E1DA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xEBF8E7AE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xEBF901EA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xEBF8FB9C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xEBF8D950]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xEBF91B7C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xEBF8E5AE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xEBF8DD92]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xEBF8DF92]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xEBF8FEAC]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xEBF92084]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xEBF8E0A8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xEBF8E110]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xEBF8FD5E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xEBF91620]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xEBF8F9F8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xEBF8DAB2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xEBF8E3B2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xEBF91BA6]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xEBF8E2FE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xEBF8E178]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xEBF8DE7C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xEBF8DC5A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xEBF91888]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xEBF8D5D2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xEBF90A74]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xEBF8D734]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xEBF91F56]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xEBF8D3D0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xEBF9008C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xEBF8E6AC]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xEBF9171A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xEBF91BD0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xEBF8DB08]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xEBF91CB4]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xEBF91DE0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xEBF9154C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xEBF8E47E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xEBF8E4F0]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E74 5 Bytes JMP EBFA5626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE758 5 Bytes JMP EBFA59E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

.text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501610 12 Bytes [ B4, 1C, F9, EB, E0, 1D, F9, ... ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6DDE530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F6DDE530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

No aguardo de soluções...Abrraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo era pra postar na area de Remoção de Malware (que está temporariamente fechada).. esse forum não é local para analise de logs e remoção..

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Crie uma nova conta em nossa comunidade. É fácil!

Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.

Entrar agora





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×