Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
fmajzels

[Reaberto] Ajuda com trojan

Recommended Posts

Meu antivirus detectou um Trojan chamado Generic.13JQ0, não achei referência no google.

Fiz os passos solicitados

DDS (Ver_09-03-16.01) - NTFSx86

Run by Majzels at 8:04:16,09 on qua 25/03/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.222 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

D:\WINDOWS\System32\svchost.exe -k netsvcs

D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

D:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

D:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

D:\Arquivos de programas\MagicTune Premium\MagicTuneEngine.exe

D:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\ARQUIV~1\AVG\AVG8\avgrsx.exe

D:\WINDOWS\system32\slserv.exe

D:\WINDOWS\system32\svchost.exe -k imgsvc

D:\ARQUIV~1\AVG\AVG8\avgemc.exe

D:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

D:\WINDOWS\SOUNDMAN.EXE

D:\WINDOWS\system32\RUNDLL32.EXE

D:\WINDOWS\system32\rundll32.exe

D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

D:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

D:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

D:\WINDOWS\system32\hphmon05.exe

D:\Arquivos de programas\Java\jre6\bin\jusched.exe

D:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

D:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

D:\WINDOWS\vVX3000.exe

D:\Arquivos de programas\iTunes\iTunesHelper.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

D:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

D:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe

D:\ARQUIV~1\MICROS~3\rapimgr.exe

D:\Arquivos de programas\Skype\Phone\Skype.exe

D:\Arquivos de programas\Arquivos comuns\DataViz\DvzIncMsgr.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

D:\Arquivos de programas\Palm\Hotsync.exe

D:\WINDOWS\System32\svchost.exe -k HTTPFilter

D:\Arquivos de programas\Logitech\SetPoint\SetPoint.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\Arquivos de programas\Arquivos comuns\Logitech\KHAL\KHALMNPR.EXE

D:\Arquivos de programas\iPod\bin\iPodService.exe

D:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Arquivos de programas\Outlook Express\msimn.exe

D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

D:\Arquivos de programas\BitLord\BitLord.exe

D:\WINDOWS\system32\HPZipm12.exe

D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

D:\Documents and Settings\Majzels\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Barra de Ferramentas do Yahoo! com bloqueador de pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\arquivos de programas\java\jre6\bin\ssv.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\arquivos de programas\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\arquivos de programas\google\googletoolbarnotifier\5.0.926.3450\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - d:\arquivos de programas\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\arquivos de programas\google\google toolbar\GoogleToolbar.dll

TB: {63837897-A6BB-424F-ACB8-F25C93F87890} - No File

uRun: [MsnMsgr] "d:\arquivos de programas\windows live\messenger\MsnMsgr.Exe" /background

uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "d:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

uRun: [H/PC Connection Agent] "d:\arquivos de programas\microsoft activesync\wcescomm.exe"

uRun: [EVEREST AutoStart] d:\arquivos de programas\lavalys\everest ultimate edition\everest.exe

uRun: [skype] "d:\arquivos de programas\skype\phone\Skype.exe" /nosplash /minimized

uRun: [swg] d:\arquivos de programas\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [AVG8_TRAY] d:\arquiv~1\avg\avg8\avgtray.exe

mRun: [HPDJ Taskbar Utility] d:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

mRun: [HPHUPD05] d:\arquivos de programas\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe

mRun: [HP Component Manager] "d:\arquivos de programas\hp\hpcoretech\hpcmpmgr.exe"

mRun: [HP Software Update] "d:\arquivos de programas\hewlett-packard\hp software update\HPWuSchd.exe"

mRun: [HPHmon05] d:\windows\system32\hphmon05.exe

mRun: [sunJavaUpdateSched] "d:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [NeroFilterCheck] d:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [LogMeIn GUI] "d:\arquivos de programas\logmein\x86\LogMeInSystray.exe"

mRun: [LifeCam] "d:\arquivos de programas\microsoft lifecam\LifeExp.exe"

mRun: [VX3000] d:\windows\vVX3000.exe

mRun: [AppleSyncNotifier] d:\arquivos de programas\arquivos comuns\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "d:\arquivos de programas\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "d:\arquivos de programas\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "d:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers

dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE

dRun: [Picasa Media Detector] d:\arquivos de programas\picasa2\PicasaMediaDetector.exe

StartupFolder: d:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\datavi~1.lnk - d:\arquivos de programas\arquivos comuns\dataviz\DvzIncMsgr.exe

StartupFolder: d:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\hotsyn~1.lnk - d:\arquivos de programas\palm\Hotsync.exe

StartupFolder: d:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\logite~1.lnk - d:\arquivos de programas\logitech\setpoint\SetPoint.exe

IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - d:\arquiv~1\micros~2\office10\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\arquivos de programas\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\arquiv~1\micros~3\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\arquiv~1\micros~3\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - d:\arquivos de programas\hp\hpcoretech\comp\hpuiprot.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\majzels\dadosd~1\mozilla\firefox\profiles\982ork32.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: d:\arquiv~1\palm\packag~1\NPInstal.dll

FF - plugin: d:\arquivos de programas\google\google updater\2.4.1368.5602\npCIDetect13.dll

FF - plugin: d:\arquivos de programas\google\picasa3\npPicasa2.dll

FF - plugin: d:\arquivos de programas\google\picasa3\npPicasa3.dll

FF - plugin: d:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: d:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: d:\arquivos de programas\microsoft\office live\npOLW.dll

---- FIREFOX POLICIES ----

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2008-6-4 325128]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;d:\windows\system32\drivers\avgmfx86.sys [2008-6-4 27656]

R1 AvgTdiX;AVG8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2008-6-4 107272]

R2 avg8emc;AVG8 E-mail Scanner;d:\arquiv~1\avg\avg8\avgemc.exe [2008-7-5 903960]

R2 avg8wd;AVG8 WatchDog;d:\arquiv~1\avg\avg8\avgwdsvc.exe [2008-7-5 298264]

R2 LMIInfo;LogMeIn Kernel Information Provider;d:\arquivos de programas\logmein\x86\rainfo.sys [2008-2-28 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows\system32\drivers\LMIRfsDriver.sys [2008-9-2 47640]

R2 SBKUPNT;SBKUPNT;d:\windows\system32\drivers\SBKUPNT.SYS [2008-8-18 14976]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\arquivos de programas\lavalys\everest ultimate edition\kerneld.wnt [2008-8-22 23152]

S3 ggflt;SEMC USB Flash Driver Filter;d:\windows\system32\drivers\ggflt.sys [2009-2-5 13224]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-03-22 22:00 <DIR> --d----- d:\documents and settings\majzels\Tracing

2009-03-22 21:58 <DIR> --d----- d:\arquivos de programas\Microsoft

2009-03-22 21:58 <DIR> --d----- d:\arquivos de programas\Windows Live SkyDrive

2009-03-22 21:52 <DIR> --d----- d:\arquivos de programas\arquivos comuns\Windows Live

2009-03-22 15:25 26 a------- d:\windows\Zone.Identifier

2009-03-19 18:05 <DIR> --dsh--- d:\documents and settings\majzels\PrivacIE

2009-03-19 18:05 <DIR> --dsh--- d:\documents and settings\majzels\IECompatCache

2009-03-19 18:02 <DIR> --dsh--- d:\documents and settings\majzels\IETldCache

2009-03-19 17:59 <DIR> --d----- d:\windows\ie8updates

2009-03-19 17:57 <DIR> -cd-h--- d:\windows\ie8

2009-03-19 17:55 105,984 -c------ d:\windows\system32\dllcache\iecompat.dll

2009-03-12 19:27 <DIR> --d----- d:\docume~1\majzels\dadosd~1\LimeWire

2009-03-12 08:25 <DIR> --d----- d:\arquivos de programas\LimeWire

2009-03-08 14:35 53,248 -------- d:\windows\system32\msrating.dll.mui

2009-03-08 14:35 2,560 -------- d:\windows\system32\mshta.exe.mui

2009-03-08 14:32 4,096 -------- d:\windows\system32\ie4uinit.exe.mui

2009-03-08 14:32 81,920 -------- d:\windows\system32\iedkcs32.dll.mui

2009-03-08 04:33 18,944 -c------ d:\windows\system32\dllcache\corpol.dll

2009-03-06 21:08 <DIR> --d----- D:\HS30LLW2

2009-03-06 20:37 <DIR> --d----- D:\High School 3

==================== Find3M ====================

2009-03-08 04:34 914,944 a------- d:\windows\system32\wininet.dll

2009-03-08 04:34 43,008 a------- d:\windows\system32\licmgr10.dll

2009-03-08 04:33 18,944 a------- d:\windows\system32\corpol.dll

2009-03-08 04:33 420,352 a------- d:\windows\system32\vbscript.dll

2009-03-08 04:32 72,704 a------- d:\windows\system32\admparse.dll

2009-03-08 04:32 71,680 a------- d:\windows\system32\iesetup.dll

2009-03-08 04:31 34,816 a------- d:\windows\system32\imgutil.dll

2009-03-08 04:31 48,128 a------- d:\windows\system32\mshtmler.dll

2009-03-08 04:31 45,568 a------- d:\windows\system32\mshta.exe

2009-03-08 04:22 156,160 a------- d:\windows\system32\msls31.dll

2009-02-09 11:06 1,846,912 a------- d:\windows\system32\win32k.sys

2009-02-06 18:52 49,504 a------- d:\windows\system32\sirenacm.dll

2009-02-05 17:42 0 a---h--- d:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf

2009-02-05 17:42 0 a---h--- d:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-02-05 17:38 1,107,296 a------- d:\windows\system32\WdfCoInstaller01007.dll

2009-02-05 17:38 24,616 a------- d:\windows\system32\drivers\ggsemc.sys

2009-02-05 17:38 13,224 a------- d:\windows\system32\drivers\ggflt.sys

2009-02-04 08:55 10,520 a------- d:\windows\system32\avgrsstx.dll

2009-02-04 08:55 325,128 a------- d:\windows\system32\drivers\avgldx86.sys

2009-02-04 08:55 107,272 a------- d:\windows\system32\drivers\avgtdix.sys

2009-01-19 17:14 410,984 a------- d:\windows\system32\deploytk.dll

2009-01-15 19:57 724,992 a------- d:\windows\iun6002.exe

2009-01-07 18:21 26,144 a------- d:\windows\system32\spupdsvc.exe

2009-01-07 18:20 24,576 a------- d:\windows\system32\nlsdl.dll

2009-01-07 18:20 26,112 a------- d:\windows\system32\idndl.dll

2009-01-07 18:20 23,552 a------- d:\windows\system32\normaliz.dll

2009-01-07 18:20 265,720 a------- d:\windows\system32\msdbg2.dll

2009-01-05 19:33 3,751,995 a------- d:\windows\system32\GPhotos.scr

2008-12-27 17:35 400,896 a------- d:\windows\system32\CF22384.exe

2008-10-27 19:49 47,360 a------- d:\docume~1\majzels\dadosd~1\pcouffin.sys

2008-08-21 22:38 21,808 a------- d:\docume~1\majzels\dadosd~1\GDIPFONTCACHEV1.DAT

2008-06-04 00:36 32 a------- d:\docume~1\alluse~1\dadosd~1\ezsid.dat

2008-06-07 09:05 32,768 a--sh--- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008060720080608\index.dat

============= FINISH: 8:04:47,65 ===============

GMER 1.0.15.14944 - http://www.gmer.net

Rootkit scan 2009-03-25 19:06:36

Windows 5.1.2600 Service Pack 3

---- User code sections - GMER 1.0.15 ----

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 01179315 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 01254832 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 0136E021 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 0136DF51 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 0136DFBE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 0136DE22 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 0136DE84 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 0136E084 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 0136DEE6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3424] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 01179315 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3424] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0124DBCB D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3424] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 0124DD81 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3424] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 01254832 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3424] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 011B1CA2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3424] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 0136E021 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3424] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 0136DF51 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3424] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 0136DFBE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3424] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 0136DE22 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3424] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 0136DE84 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3424] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 0136E084 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3424] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 0136DEE6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3424] ole32.dll!CoCreateInstance 774E057E 5 Bytes JMP 0125488E D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4464] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 01179315 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4464] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 01254832 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4464] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 0136E021 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4464] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 0136DF51 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4464] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 0136DFBE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4464] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 0136DE22 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4464] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 0136DE84 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4464] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 0136E084 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4464] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 0136DEE6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[5524] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 01179315 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[5524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0124DBCB D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[5524] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 0124DD81 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[5524] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 01254832 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[5524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 011B1CA2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[5524] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 0136E021 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[5524] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 0136DF51 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[5524] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 0136DFBE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[5524] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 0136DE22 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[5524] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 0136DE84 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[5524] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 0136E084 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[5524] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 0136DEE6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[5524] ole32.dll!CoCreateInstance 774E057E 5 Bytes JMP 0125488E D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[3424] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009418FD] D:\Arquivos de programas\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

IAT D:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[5524] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009418FD] D:\Arquivos de programas\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (Núcleo e sistema do NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (Núcleo e sistema do NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (Núcleo e sistema do NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (Núcleo e sistema do NT/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

GRato

Fernando

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Baixe o ATF-Cleaner.

  • Clique em ATF-Cleaner.exe .
  • Em "Select Files To Delete", marque Select All.
  • Clique em Empty Selected.
  • Na janela Done Cleaning dê o OK e Exit.

Atenção: Se utiliza o Firefox:

  • No topo clique em Firefox e escolha: Select All
  • Depois, clique em Empty Selected.

Atenção: Se utiliza o Opera:

  • No topo clique em Opera e escolha: Select All
  • Depois, clique em Empty Selected.

Temporariamente desactive o seu anti-virus!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e cole-o na sua próxima mensagem.

    [*]Gere e cole também um novo log do DDS.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico reaberto a pedido do autor.

Por favor gere e cole novos logs.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Tópico reaberto a pedido do autor.

Por favor gere e cole novos logs.

NOVO DDS

DDS (Ver_09-03-16.01) - NTFSx86

Run by Majzels at 23:03:08,62 on qua 01/04/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.380 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

D:\WINDOWS\System32\svchost.exe -k netsvcs

D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

D:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

D:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\MagicTune Premium\MagicTuneEngine.exe

D:\ARQUIV~1\AVG\AVG8\avgrsx.exe

D:\WINDOWS\SOUNDMAN.EXE

D:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\slserv.exe

D:\WINDOWS\system32\svchost.exe -k imgsvc

D:\ARQUIV~1\AVG\AVG8\avgemc.exe

D:\ARQUIV~1\AVG\AVG8\avgtray.exe

D:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

D:\WINDOWS\system32\rundll32.exe

D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

D:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

D:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

D:\WINDOWS\system32\hphmon05.exe

D:\Arquivos de programas\Java\jre6\bin\jusched.exe

D:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

D:\WINDOWS\vVX3000.exe

D:\Arquivos de programas\iTunes\iTunesHelper.exe

D:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

D:\WINDOWS\system32\HPZipm12.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

D:\WINDOWS\System32\svchost.exe -k HTTPFilter

D:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

D:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe

D:\ARQUIV~1\MICROS~3\rapimgr.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

D:\Arquivos de programas\Skype\Phone\Skype.exe

D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Arquivos de programas\Arquivos comuns\DataViz\DvzIncMsgr.exe

D:\Arquivos de programas\iPod\bin\iPodService.exe

D:\Arquivos de programas\Palm\Hotsync.exe

D:\Arquivos de programas\Logitech\SetPoint\SetPoint.exe

D:\Arquivos de programas\Arquivos comuns\Logitech\KHAL\KHALMNPR.EXE

D:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

D:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

D:\Arquivos de programas\Java\jre6\bin\jucheck.exe

D:\Arquivos de programas\Outlook Express\msimn.exe

D:\Arquivos de programas\Messenger\msmsgs.exe

D:\Arquivos de programas\BitLord\BitLord.exe

D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW09.exe

C:\Arquivos de Programas RFB\IRPF2009\IRPF2009.EXE

D:\Arquivos de programas\Java\jre6\bin\javaw.exe

D:\Arquivos de programas\Programas RFB\IRPF2008windows\IRPF2008.EXE

D:\Arquivos de programas\Internet Explorer\iexplore.exe

D:\Arquivos de programas\Internet Explorer\iexplore.exe

D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW09.exe

D:\Arquivos de programas\Internet Explorer\iexplore.exe

D:\Documents and Settings\Majzels\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Barra de Ferramentas do Yahoo! com bloqueador de pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\arquivos de programas\java\jre6\bin\ssv.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\arquivos de programas\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\arquivos de programas\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - d:\arquivos de programas\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\arquivos de programas\google\google toolbar\GoogleToolbar.dll

TB: {63837897-A6BB-424F-ACB8-F25C93F87890} - No File

uRun: [MsnMsgr] "d:\arquivos de programas\windows live\messenger\MsnMsgr.Exe" /background

uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "d:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

uRun: [H/PC Connection Agent] "d:\arquivos de programas\microsoft activesync\wcescomm.exe"

uRun: [EVEREST AutoStart] d:\arquivos de programas\lavalys\everest ultimate edition\everest.exe

uRun: [skype] "d:\arquivos de programas\skype\phone\Skype.exe" /nosplash /minimized

uRun: [swg] d:\arquivos de programas\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [AVG8_TRAY] d:\arquiv~1\avg\avg8\avgtray.exe

mRun: [HPDJ Taskbar Utility] d:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

mRun: [HPHUPD05] d:\arquivos de programas\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe

mRun: [HP Component Manager] "d:\arquivos de programas\hp\hpcoretech\hpcmpmgr.exe"

mRun: [HP Software Update] "d:\arquivos de programas\hewlett-packard\hp software update\HPWuSchd.exe"

mRun: [HPHmon05] d:\windows\system32\hphmon05.exe

mRun: [sunJavaUpdateSched] "d:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [NeroFilterCheck] d:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [LogMeIn GUI] "d:\arquivos de programas\logmein\x86\LogMeInSystray.exe"

mRun: [LifeCam] "d:\arquivos de programas\microsoft lifecam\LifeExp.exe"

mRun: [VX3000] d:\windows\vVX3000.exe

mRun: [AppleSyncNotifier] d:\arquivos de programas\arquivos comuns\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [Adobe Reader Speed Launcher] "d:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers

mRun: [QuickTime Task] "d:\arquivos de programas\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "d:\arquivos de programas\itunes\iTunesHelper.exe"

dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE

dRun: [Picasa Media Detector] d:\arquivos de programas\picasa2\PicasaMediaDetector.exe

StartupFolder: d:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\datavi~1.lnk - d:\arquivos de programas\arquivos comuns\dataviz\DvzIncMsgr.exe

StartupFolder: d:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\hotsyn~1.lnk - d:\arquivos de programas\palm\Hotsync.exe

StartupFolder: d:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\logite~1.lnk - d:\arquivos de programas\logitech\setpoint\SetPoint.exe

IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - d:\arquiv~1\micros~2\office10\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\arquivos de programas\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\arquiv~1\micros~3\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\arquiv~1\micros~3\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - d:\arquivos de programas\hp\hpcoretech\comp\hpuiprot.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\majzels\dadosd~1\mozilla\firefox\profiles\982ork32.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: d:\arquiv~1\palm\packag~1\NPInstal.dll

FF - plugin: d:\arquivos de programas\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: d:\arquivos de programas\google\picasa3\npPicasa2.dll

FF - plugin: d:\arquivos de programas\google\picasa3\npPicasa3.dll

FF - plugin: d:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: d:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: d:\arquivos de programas\microsoft\office live\npOLW.dll

---- FIREFOX POLICIES ----

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2008-6-4 325128]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;d:\windows\system32\drivers\avgmfx86.sys [2008-6-4 27656]

R1 AvgTdiX;AVG8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2008-6-4 107272]

R2 avg8emc;AVG8 E-mail Scanner;d:\arquiv~1\avg\avg8\avgemc.exe [2008-7-5 903960]

R2 avg8wd;AVG8 WatchDog;d:\arquiv~1\avg\avg8\avgwdsvc.exe [2008-7-5 298264]

R2 LMIInfo;LogMeIn Kernel Information Provider;d:\arquivos de programas\logmein\x86\rainfo.sys [2008-2-28 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows\system32\drivers\LMIRfsDriver.sys [2008-9-2 47640]

R2 SBKUPNT;SBKUPNT;d:\windows\system32\drivers\SBKUPNT.SYS [2008-8-18 14976]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\arquivos de programas\lavalys\everest ultimate edition\kerneld.wnt [2008-8-22 23152]

S3 ggflt;SEMC USB Flash Driver Filter;d:\windows\system32\drivers\ggflt.sys [2009-2-5 13224]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

==================== Find3M ====================

2009-03-31 20:39 427,986 a------- d:\windows\system32\perfh016.dat

2009-03-31 20:39 68,190 a------- d:\windows\system32\perfc016.dat

2009-03-08 04:34 914,944 a------- d:\windows\system32\wininet.dll

2009-03-08 04:34 43,008 a------- d:\windows\system32\licmgr10.dll

2009-03-08 04:33 18,944 a------- d:\windows\system32\corpol.dll

2009-03-08 04:33 420,352 a------- d:\windows\system32\vbscript.dll

2009-03-08 04:32 72,704 a------- d:\windows\system32\admparse.dll

2009-03-08 04:32 71,680 a------- d:\windows\system32\iesetup.dll

2009-03-08 04:31 34,816 a------- d:\windows\system32\imgutil.dll

2009-03-08 04:31 48,128 a------- d:\windows\system32\mshtmler.dll

2009-03-08 04:31 45,568 a------- d:\windows\system32\mshta.exe

2009-03-08 04:22 156,160 a------- d:\windows\system32\msls31.dll

2009-03-05 23:59 36,864 a------- d:\windows\system32\drivers\usbaapl.sys

2009-02-09 11:06 1,846,912 a------- d:\windows\system32\win32k.sys

2009-02-06 18:52 49,504 a------- d:\windows\system32\sirenacm.dll

2009-02-05 17:42 0 a---h--- d:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf

2009-02-05 17:42 0 a---h--- d:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-02-05 17:38 1,107,296 a------- d:\windows\system32\WdfCoInstaller01007.dll

2009-02-05 17:38 24,616 a------- d:\windows\system32\drivers\ggsemc.sys

2009-02-05 17:38 13,224 a------- d:\windows\system32\drivers\ggflt.sys

2009-02-04 08:55 10,520 a------- d:\windows\system32\avgrsstx.dll

2009-02-04 08:55 325,128 a------- d:\windows\system32\drivers\avgldx86.sys

2009-02-04 08:55 107,272 a------- d:\windows\system32\drivers\avgtdix.sys

2009-01-19 17:14 410,984 a------- d:\windows\system32\deploytk.dll

2009-01-15 19:57 724,992 a------- d:\windows\iun6002.exe

2009-01-07 18:21 26,144 a------- d:\windows\system32\spupdsvc.exe

2009-01-07 18:20 24,576 a------- d:\windows\system32\nlsdl.dll

2009-01-07 18:20 26,112 a------- d:\windows\system32\idndl.dll

2009-01-07 18:20 23,552 a------- d:\windows\system32\normaliz.dll

2009-01-07 18:20 265,720 a------- d:\windows\system32\msdbg2.dll

2009-01-05 19:33 3,751,995 a------- d:\windows\system32\GPhotos.scr

2008-10-27 19:49 47,360 a------- d:\docume~1\majzels\dadosd~1\pcouffin.sys

2008-08-21 22:38 21,808 a------- d:\docume~1\majzels\dadosd~1\GDIPFONTCACHEV1.DAT

2008-06-04 00:36 32 a------- d:\docume~1\alluse~1\dadosd~1\ezsid.dat

2008-06-07 09:05 32,768 a--sh--- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008060720080608\index.dat

============= FINISH: 23:03:47,92 ===============

Kaspersky

KASPERSKY ONLINE SCANNER 7 REPORT

Wednesday, April 1, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Wednesday, April 01, 2009 12:04:52

Records in database: 1992393

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

G:\

Scan statistics:

Files scanned: 105353

Threat name: 2

Infected objects: 3

Suspicious objects: 0

Duration of the scan: 02:46:42

File name / Threat name / Threats count

D:\Documents and Settings\Majzels\Meus documentos\Meus documentos do HD Antigo\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 2

D:\Documents and Settings\Majzels\Meus documentos\Meus documentos do HD Antigo\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.p 1

The selected area was scanned.

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado pela ajuda

Fernando

Olá,

Seu log está limpo e o scan da Kaspersky apenas deteta o RemotelyAnywhere.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×