Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Fuguets

-=Problema com resycled/boot.com=-

Recommended Posts

CREEEEEEEEEEEEEEEEEEEEEEdo galera, eu arrecem formatei o pac e pau pau ja ta pegando nele, esse tal de resycled/boot.com aparece sempre que eu tento acessar algum drive...C: - D: - E: - F:...

Uso Kaspersky e Spyware Doctor mas eles nao encontram nada...como desinfectar isso ?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Como? :confused:

Para resolver o caso você deve aguardar a seção de Remoção de Malware reabrir, ler o seguinte tópico: Leia Antes de Postar - Criando um novo Tópico e postar os logs pedidos lá!

Lá o pessoal devidamente treinado para isso poderá te ajudar!

Enquanto isso mantenha programas de proteção devidamente instalados e atualizados, eles podem resolver o caso! :)

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom, dei uma lida lá...e é o seguinte.

Scan DDS;

DDS (Ver_09-02-01.01) - NTFSx86

Run by Ronaldo at 9:48:32,51 on qui 12/02/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.895.515 [GMT -2:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)

FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

D:\Arquivos de programas\PowerISO\PWRISOVM.EXE

D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

D:\Arquivos de Programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Ronaldo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.terra.com.br/

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - d:\arquivos de programas\bitcomet\tools\BitCometBHO_1.2.8.7.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - d:\arquivos de programas\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\arquiv~1\micros~1\office12\GRA8E1~1.DLL

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "c:\arquivos de programas\msn messenger\MsnMsgr.Exe" /background

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

mRun: [startCCC] c:\arquivos de programas\ati technologies\ati.ace\core-static\CLIStart.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AVP] "d:\arquivos de programas\kaspersky lab\kaspersky anti-virus 2009\avp.exe"

mRun: [PWRISOVM.EXE] d:\arquivos de programas\poweriso\PWRISOVM.EXE

mRun: [GrooveMonitor] "d:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~1.lnk - d:\arquivos de programas\adobe\acrobat 7.0\reader\reader_sl.exe

IE: &B&aixar &com o BitComet - d:\arquivos de programas\bitcomet\BitComet.exe/AddLink.htm

IE: &B&aixar todos os vídeos com o BitComet - d:\arquivos de programas\bitcomet\BitComet.exe/AddVideo.htm

IE: &B&aixar tudo usando o BitComet - d:\arquivos de programas\bitcomet\BitComet.exe/AddAllLink.htm

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\micros~1\office12\EXCEL.EXE/3000

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://d:\arquivos de programas\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - d:\arquivos de programas\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\arquiv~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\arquiv~1\micros~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\arquiv~1\micros~1\office12\GR99D3~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: d:\arquiv~1\kasper~1\kasper~1\mzvkbd.dll,d:\arquiv~1\kasper~1\kasper~1\mzvkbd3.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\arquiv~1\micros~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ronaldo\dadosd~1\mozilla\firefox\profiles\0jzwgpl6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.terra.com.br/

FF - component: c:\documents and settings\ronaldo\dados de aplicativos\mozilla\firefox\profiles\0jzwgpl6.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\components\GbMzhAbn.dll

FF - plugin: d:\arquivos de programas\adobe\acrobat 7.0\reader\browser\nppdf32.dll

---- FIREFOX POLICIES ----

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-2-10 226832]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]

S2 AVP;Kaspersky Anti-Virus;d:\arquivos de programas\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088]

S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]

S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-10 40840]

S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-10 66952]

S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-10 81288]

S3 sdAuxService;PC Tools Auxiliary Service;d:\arquivos de programas\spyware doctor\pctsAuxs.exe [2009-2-10 356920]

S3 sdCoreService;PC Tools Security Service;d:\arquivos de programas\spyware doctor\pctsSvc.exe [2009-2-10 1079176]

=============== Created Last 30 ================

2009-02-12 09:46 <DIR> --d----- c:\arquivos de programas\DDS

2009-02-11 23:43 107,888 a------- c:\windows\system32\CmdLineExt.dll

2009-02-11 23:28 <DIR> --d----- c:\docume~1\ronaldo\dadosd~1\LimeWire

2009-02-11 23:28 410,984 a------- c:\windows\system32\deploytk.dll

2009-02-11 23:28 73,728 a------- c:\windows\system32\javacpl.cpl

2009-02-11 22:31 <DIR> --d----- c:\documents and settings\ronaldo\Contacts

2009-02-11 21:45 219,648 a------- c:\windows\system32\uxtheme.backup

2009-02-11 21:45 8,294,454 a------- c:\windows\startup.bmp

2009-02-11 21:33 <DIR> --d----- c:\windows\VistaMizer

2009-02-10 12:43 272,384 -c------ c:\windows\system32\dllcache\bthport.sys

2009-02-10 12:43 272,384 -------- c:\windows\system32\drivers\bthport.sys

2009-02-10 12:41 2,140,160 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-10 12:41 2,441,344 ac------ c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-10 12:41 2,318,720 ac------ c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-10 12:41 2,019,840 -c------ c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-10 12:38 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2009-02-10 12:38 32,592 a------- c:\windows\system32\msonpmon.dll

2009-02-10 12:33 <DIR> --d----- c:\windows\system32\PreInstall

2009-02-10 12:33 <DIR> --d-h--- c:\windows\$hf_mig$

2009-02-10 12:23 <DIR> --d----- c:\windows\system32\SoftwareDistribution

2009-02-10 11:40 2,938,912 a--sh--- c:\windows\system32\drivers\fidbox.dat

2009-02-10 11:40 278,560 a--sh--- c:\windows\system32\drivers\fidbox2.dat

2009-02-10 11:40 27,184 a--sh--- c:\windows\system32\drivers\fidbox.idx

2009-02-10 11:40 5,176 a--sh--- c:\windows\system32\drivers\fidbox2.idx

2009-02-10 10:59 81,288 a------- c:\windows\system32\drivers\iksyssec.sys

2009-02-10 10:59 66,952 a------- c:\windows\system32\drivers\iksysflt.sys

2009-02-10 10:59 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys

2009-02-10 10:59 29,576 a------- c:\windows\system32\drivers\kcom.sys

2009-02-10 10:59 <DIR> --d----- c:\docume~1\ronaldo\dadosd~1\PC Tools

2009-02-10 10:47 <DIR> --d----- c:\arquivos de programas\Microsoft Visual Studio 8

2009-02-10 10:47 <DIR> --d----- c:\windows\SHELLNEW

2009-02-10 10:19 101,287 a------- c:\windows\system32\drivers\klin.dat

2009-02-10 10:19 89,601 a------- c:\windows\system32\drivers\klick.dat

2009-02-10 10:19 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab

2009-02-10 09:33 <DIR> --d----- c:\docume~1\ronaldo\dadosd~1\Kaspersky_Key_Finder_(KKF

2009-02-10 09:18 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

2009-02-10 00:53 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2009-02-09 22:32 <DIR> --d----- c:\windows\pss

2009-02-09 22:26 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Symantec

2009-02-09 22:26 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Symantec Shared

2009-02-09 22:19 520,192 -------- c:\windows\system32\ati2sgag.exe

2009-02-09 22:01 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll

2009-02-09 22:01 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll

2009-02-09 22:01 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll

2009-02-09 22:01 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll

2009-02-09 22:01 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll

2009-02-09 22:01 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll

2009-02-09 22:01 8,704 a------- c:\windows\system32\kbdjpn.dll

2009-02-09 22:01 8,192 a------- c:\windows\system32\kbdkor.dll

2009-02-09 22:01 6,144 a------- c:\windows\system32\kbd106.dll

2009-02-09 22:01 6,144 a------- c:\windows\system32\kbd101c.dll

2009-02-09 22:01 6,144 a------- c:\windows\system32\kbd101b.dll

2009-02-09 22:01 5,632 a------- c:\windows\system32\kbd103.dll

2009-02-09 21:38 10 a------- c:\windows\WININIT.INI

2009-02-09 21:35 <DIR> --d----- c:\windows\system32\appmgmt

2009-02-09 21:32 96,896 a----r-- c:\windows\system32\drivers\Rtenicxp.sys

2009-02-09 21:32 <DIR> --d----- c:\windows\OPTIONS

2009-02-09 21:31 146,650 a------- c:\windows\system32\BuzzingBee.wav

2009-02-09 21:31 940,794 a------- c:\windows\system32\LoopyMusic.wav

2009-02-09 21:31 <DIR> --d----- c:\windows\system32\Lang

2009-02-09 21:28 22,752 a------- c:\windows\system32\spupdsvc.exe

2009-02-09 21:28 <DIR> --d----- c:\arquivos de programas\Realtek

2009-02-09 21:24 <DIR> --d----- c:\windows\system32\ReinstallBackups

2009-02-09 21:23 <DIR> --d----- c:\arquivos de programas\ATI Technologies

2009-02-09 21:23 <DIR> --d----- c:\arquivos de programas\arquivos comuns\InstallShield

2009-02-09 21:22 <DIR> --d----- C:\ATI

2009-02-09 21:14 <DIR> --dshr-- C:\resycled

2009-02-09 21:08 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll

2009-02-09 21:08 21,504 a------- c:\windows\system32\hidserv.dll

2009-02-09 21:08 14,848 ac------ c:\windows\system32\dllcache\kbdhid.sys

2009-02-09 21:08 14,848 a------- c:\windows\system32\drivers\kbdhid.sys

2009-02-09 21:08 9,600 ac------ c:\windows\system32\dllcache\hidusb.sys

2009-02-09 21:08 9,600 a------- c:\windows\system32\drivers\hidusb.sys

2009-02-09 21:08 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys

2009-02-09 21:08 31,616 a------- c:\windows\system32\drivers\usbccgp.sys

2009-02-09 20:04 <DIR> --d-h--- c:\documents and settings\ronaldo\Modelos

2009-02-09 20:04 <DIR> --d-h--- c:\documents and settings\ronaldo\Dados de aplicativos

2009-02-09 20:04 <DIR> --d-h--- c:\documents and settings\ronaldo\Configurações locais

2009-02-09 20:04 <DIR> --d-h--- c:\documents and settings\ronaldo\Ambiente de rede

2009-02-09 20:04 <DIR> --d-h--- c:\documents and settings\ronaldo\Ambiente de impressão

2009-02-09 20:04 <DIR> --d--r-- c:\documents and settings\ronaldo\Meus documentos

2009-02-09 20:04 <DIR> --d--r-- c:\documents and settings\ronaldo\Menu Iniciar

2009-02-09 20:04 <DIR> --d--r-- c:\documents and settings\ronaldo\Favoritos

2009-02-09 20:04 <DIR> --d----- c:\documents and settings\Ronaldo

2009-02-09 20:03 <DIR> --ds---- c:\windows\system32\Microsoft

2009-02-09 20:03 8,192 a------- c:\windows\REGLOCS.OLD

2009-02-09 20:01 471,102 ac------ c:\windows\system32\dllcache\imskdic.dll

2009-02-09 20:00 77,312 ac------ c:\windows\system32\dllcache\logui.ocx

2009-02-09 19:59 <DIR> --dsh--- c:\documents and settings\all users\DRM

2009-02-09 19:59 488 a---hr-- c:\windows\system32\WindowsLogon.manifest

2009-02-09 19:59 488 a---hr-- c:\windows\system32\logonui.exe.manifest

2009-02-09 19:59 <DIR> --ds---- c:\windows\Downloaded Program Files

2009-02-09 19:59 <DIR> --d--r-- c:\windows\Offline Web Pages

2009-02-09 19:59 749 a---hr-- c:\windows\WindowsShell.Manifest

2009-02-09 19:59 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest

2009-02-09 19:59 749 a---hr-- c:\windows\system32\sapi.cpl.manifest

2009-02-09 19:59 749 a---hr-- c:\windows\system32\nwc.cpl.manifest

2009-02-09 19:59 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest

2009-02-09 19:59 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest

2009-02-09 19:59 <DIR> --d-h--- c:\arquivos de programas\WindowsUpdate

2009-02-09 19:59 <DIR> --d----- c:\arquivos de programas\Serviços on-line

2009-02-09 19:59 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex

2009-02-09 19:59 <DIR> --d----- c:\windows\system32\DirectX

2009-02-09 19:58 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Serviços

2009-02-09 19:58 <DIR> --d----- c:\arquivos de programas\arquivos comuns\MSSoap

2009-02-09 19:57 <DIR> --d----- c:\arquivos de programas\Messenger

2009-02-09 19:57 <DIR> --d----- c:\arquivos de programas\MSN Gaming Zone

2009-02-09 19:56 <DIR> --d----- c:\arquivos de programas\Windows NT

2009-02-09 16:51 <DIR> --d----- c:\arquivos de programas\arquivos comuns\ODBC

2009-02-09 16:51 <DIR> --d----- c:\arquivos de programas\arquivos comuns\SpeechEngines

2009-02-09 16:51 <DIR> --d-h--- c:\documents and settings\all users\Modelos

2009-02-09 16:51 <DIR> --d--r-- c:\documents and settings\all users\Menu Iniciar

2009-02-09 16:51 <DIR> --d--r-- c:\documents and settings\all users\Documentos

2009-02-09 16:51 <DIR> --d----- c:\documents and settings\all users\Favoritos

2009-02-09 16:49 <DIR> --d-hr-- c:\documents and settings\all users\Dados de aplicativos

==================== Find3M ====================

2009-02-11 21:45 219,648 a------- c:\windows\system32\uxtheme.dll

2009-02-11 19:24 425,426 a------- c:\windows\system32\perfh016.dat

2009-02-11 19:24 67,450 a------- c:\windows\system32\perfc016.dat

2009-02-10 11:28 33,808 a------- c:\windows\system32\drivers\klbg.sys

2009-02-09 21:28 315,392 a------- c:\windows\HideWin.exe

2009-02-09 19:59 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-02-09 19:57 21,844 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 9:48:52,34 ===============

Scan gmer:

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2009-02-12 10:12:04

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xEBF8E1DA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xEBF8E7AE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xEBF901EA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xEBF8FB9C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xEBF8D950]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xEBF91B7C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xEBF8E5AE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xEBF8DD92]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xEBF8DF92]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xEBF8FEAC]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xEBF92084]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xEBF8E0A8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xEBF8E110]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xEBF8FD5E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xEBF91620]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xEBF8F9F8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xEBF8DAB2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xEBF8E3B2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xEBF91BA6]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xEBF8E2FE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xEBF8E178]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xEBF8DE7C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xEBF8DC5A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xEBF91888]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xEBF8D5D2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xEBF90A74]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xEBF8D734]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xEBF91F56]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xEBF8D3D0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xEBF9008C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xEBF8E6AC]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xEBF9171A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xEBF91BD0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xEBF8DB08]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xEBF91CB4]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xEBF91DE0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xEBF9154C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xEBF8E47E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xEBF8E4F0]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E74 5 Bytes JMP EBFA5626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE758 5 Bytes JMP EBFA59E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

.text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501610 12 Bytes [ B4, 1C, F9, EB, E0, 1D, F9, ... ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6DDE530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F6DDE530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.14 ----

Thread 4:3328 B78B5150

---- EOF - GMER 1.0.14 ----

Fiz também um scan em todas minha unidades pra ver se podem analisar:

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2009-02-12 10:08:46

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xEBF8E1DA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xEBF8E7AE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xEBF901EA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xEBF8FB9C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xEBF8D950]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xEBF91B7C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xEBF8E5AE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xEBF8DD92]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xEBF8DF92]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xEBF8FEAC]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xEBF92084]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xEBF8E0A8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xEBF8E110]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xEBF8FD5E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xEBF91620]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xEBF8F9F8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xEBF8DAB2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xEBF8E3B2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xEBF91BA6]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xEBF8E2FE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xEBF8E178]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xEBF8DE7C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xEBF8DC5A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xEBF91888]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xEBF8D5D2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xEBF90A74]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xEBF8D734]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xEBF91F56]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xEBF8D3D0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xEBF9008C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xEBF8E6AC]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xEBF9171A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xEBF91BD0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xEBF8DB08]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xEBF91CB4]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xEBF91DE0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xEBF9154C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xEBF8E47E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xEBF8E4F0]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E74 5 Bytes JMP EBFA5626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE758 5 Bytes JMP EBFA59E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

.text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501610 12 Bytes [ B4, 1C, F9, EB, E0, 1D, F9, ... ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6DDE530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F6DDE530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

No aguardo de soluções...Abrraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo era pra postar na area de Remoção de Malware (que está temporariamente fechada).. esse forum não é local para analise de logs e remoção..

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário






Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×