Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
JRS9

Não consigo instalar antivirus!

Recommended Posts

Por favor analisem meus LOG'S, eu não consigo mais instalar nenhum antivirus.

1- DDS (Ver_09-03-16.01) - NTFSx86

Run by JR Silva at 18:17:48,42 on ter 05/05/2009

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.127 [GMT -3:00]

AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\JR Silva.MICRO\Meus documentos\Novos Programas\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

mURLSearchHooks: H - No File

BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\arquiv~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\arquiv~1\mcafee\sitead~1\mcieplg.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\arquiv~1\arquiv~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\jrsilv~1.mic\menuin~1\progra~1\inicia~1\is-grm3h.lnk - c:\documents and settings\jr silva.micro\desktop\virus removal tool\is-grm3h\startup.exe

StartupFolder: c:\docume~1\jrsilv~1.mic\menuin~1\progra~1\inicia~1\is-u92t7.lnk - c:\documents and settings\jr silva.micro\desktop\virus removal tool\is-u92t7\startup.exe

StartupFolder: c:\docume~1\jrsilv~1.mic\menuin~1\progra~1\inicia~1\micros~1.lnk - c:\arquivos de programas\microsoft office\office11\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\inicia~1.lnk - c:\arquivos de programas\microsoft office\office11\ONENOTEM.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com.br/s/v/28.33/uploader2.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163713723062

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\arquivos de programas\hp\hpcoretech\comp\hpuiprot.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\arquiv~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\Skype4COM.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jrsilv~1.mic\dadosd~1\mozilla\firefox\profiles\d7y5ujmh.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=

FF - component: c:\arquivos de programas\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\arquivos de programas\google\google earth plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\arquivos de programas\unity\webplayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-2 114768]

R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2009-5-3 3968]

R1 is-GRM3Hdrv;is-GRM3Hdrv;c:\windows\system32\drivers\94229063.sys [2009-5-5 148496]

R1 is-U92T7drv;is-U92T7drv;c:\windows\system32\drivers\08750997.sys [2009-5-5 148496]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-2 20560]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\mcafee\siteadvisor\McSACore.exe [2008-9-9 210216]

S1 SASDIFSV;SASDIFSV;\??\c:\arquivos de programas\superantispyware\sasdifsv.sys --> c:\arquivos de programas\superantispyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\arquivos de programas\superantispyware\saskutil.sys --> c:\arquivos de programas\superantispyware\SASKUTIL.sys [?]

S2 gupdate1c985ddf42d753a;Google Update Service (gupdate1c985ddf42d753a);c:\arquivos de programas\google\update\GoogleUpdate.exe [2009-2-3 133104]

S3 SASENUM;SASENUM;\??\c:\arquivos de programas\superantispyware\sasenum.sys --> c:\arquivos de programas\superantispyware\SASENUM.SYS [?]

=============== Created Last 30 ================

2009-05-05 07:49 148,496 a------- c:\windows\system32\drivers\94229063.sys

2009-05-05 02:25 7,563,296 a--sh--- c:\windows\system32\drivers\fidbox.dat

2009-05-05 02:25 24,920 a--sh--- c:\windows\system32\drivers\fidbox.idx

2009-05-05 02:24 148,496 a------- c:\windows\system32\drivers\08750997.sys

2009-05-03 02:29 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Comodo

2009-05-03 02:29 <DIR> --d----- c:\arquivos de programas\COMODO

2009-05-03 01:29 3,968 a------- c:\windows\system32\drivers\AvgArCln.sys

2009-05-02 19:22 <DIR> -cd----- C:\cmdcons

2009-05-02 19:16 161,792 a------- c:\windows\SWREG.exe

2009-05-02 19:16 98,816 a------- c:\windows\sed.exe

2009-05-02 17:24 <DIR> --d----- c:\arquivos de programas\Sygate

2009-05-02 17:24 <DIR> --d----- c:\arquivos de programas\Firebird

2009-05-02 17:24 <DIR> --d----- c:\arquivos de programas\Corel

2009-05-02 17:24 <DIR> --d-h--- c:\documents and settings\jr silva.micro\Recent(2)

2009-05-02 17:24 <DIR> --d----- c:\arquivos de programas\Softwin

2009-05-02 17:24 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Avira

2009-05-02 17:23 <DIR> --d----- c:\arquivos de programas\SUPERAntiSpyware

2009-04-30 19:07 <DIR> --d----- c:\docume~1\jrsilv~1.mic\dadosd~1\Malwarebytes

2009-04-30 19:07 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-04-30 19:07 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-30 19:07 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-04-30 19:07 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-04-29 09:28 <DIR> --d----- c:\arquivos de programas\daniel web studio

2009-04-28 16:21 55,640 a------- c:\windows\system32\drivers\avgntflt.sys

2009-04-24 08:14 <DIR> --d----- c:\windows\system32\Adobe

2009-04-20 06:15 <DIR> -cd----- C:\Arquivos Media Player

2009-04-19 10:30 23,392 a------- c:\windows\system32\nscompat.tlb

2009-04-19 10:30 16,832 a------- c:\windows\system32\amcompat.tlb

2009-04-19 10:29 221,184 a------- c:\windows\system32\wmpns.dll

2009-04-16 17:13 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe

2009-04-16 17:13 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll

2009-04-16 17:13 286,208 -c------ c:\windows\system32\dllcache\pdh.dll

2009-04-16 17:13 111,104 -c------ c:\windows\system32\dllcache\services.exe

2009-04-16 17:13 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll

2009-04-16 17:13 683,520 -c------ c:\windows\system32\dllcache\advapi32.dll

2009-04-16 17:13 731,648 -c------ c:\windows\system32\dllcache\lsasrv.dll

2009-04-16 17:13 730,624 -c------ c:\windows\system32\dllcache\ntdll.dll

2009-04-16 17:13 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-16 09:57 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb

2009-04-16 09:57 216,064 -c------ c:\windows\system32\dllcache\wordpad.exe

2009-04-15 23:45 410,984 a------- c:\windows\system32\deploytk.dll

2009-04-15 23:45 73,728 a------- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2009-04-19 10:04 152,918 a------- c:\windows\system32\perfh016.dat

2009-04-19 10:04 39,076 a------- c:\windows\system32\perfc016.dat

2009-03-06 11:20 286,208 a------- c:\windows\system32\pdh.dll

2009-03-02 21:06 826,368 a------- c:\windows\system32\wininet.dll

2009-02-20 14:11 78,336 a------- c:\windows\system32\ieencode.dll

2009-02-10 19:07 2,070,272 a------- c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:06 1,846,912 a------- c:\windows\system32\win32k.sys

2009-02-09 08:25 2,193,280 a------- c:\windows\system32\ntoskrnl.exe

2009-02-09 08:25 111,104 a------- c:\windows\system32\services.exe

2009-02-09 07:53 731,648 a------- c:\windows\system32\lsasrv.dll

2009-02-09 07:53 730,624 a------- c:\windows\system32\ntdll.dll

2009-02-09 07:53 683,520 a------- c:\windows\system32\advapi32.dll

2009-02-09 07:53 401,408 a------- c:\windows\system32\rpcss.dll

2009-02-06 07:39 35,328 a------- c:\windows\system32\sc.exe

2008-03-10 21:22 4,265,560 a------- c:\arquivos de programas\FLV PlayerRCATSetup.exe

2008-03-10 20:15 411,248 a------- c:\arquivos de programas\FLV PlayerRCSetup.exe

2002-04-05 15:29 1,208,320 -------- c:\arquivos de programas\SothinkHtmlEditor.exe

2001-04-26 12:00 1,340,187 -------- c:\arquivos de programas\SothinkHTMLEditor.chm

2001-04-26 12:00 561,152 -------- c:\arquivos de programas\SiteManager.exe

2001-04-26 12:00 176,128 -------- c:\arquivos de programas\TagDefine.exe

2001-04-26 12:00 17,034 -------- c:\arquivos de programas\HTMLKeyword.txt

2001-04-26 12:00 4,723 -------- c:\arquivos de programas\license.txt

2007-06-22 15:44 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012007062220070623\index.dat

2008-02-13 18:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008021320080214\index.dat

2008-09-14 06:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008091420080915\index.dat

============= FINISH: 18:18:47,07 ===============

2- GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-05-05 19:44:41

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF57066B8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF5706574]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF5706A52]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF570614C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF570664E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF570608C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF57060F0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF570676E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF570672E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF57068AE]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[592] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002

IAT C:\WINDOWS\system32\services.exe[592] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado a Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia,

Em primeiro lugar gostaria de agradecer as suas instruções, pois foram muito uteis.

Ps.: Já exclui o Bitdefender há meses, não entendo porque ele sempre aparece nos logs.

Segue log do COMBOFIX! Obrigado!

ComboFix 09-05-11.08 - JR Silva 12/05/2009 8:22.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.669 [GMT -3:00]

Executando de: c:\documents and settings\JR Silva.MICRO\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated)

AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-12 to 2009-05-12 ))))))))))))))))))))))))))))

.

2009-05-11 21:11 . 2009-05-11 21:11 -------- d-----w c:\windows\LastGood

2009-05-11 20:31 . 2009-05-11 20:31 -------- d-sh--w c:\documents and settings\JR Silva.MICRO\IECompatCache

2009-05-11 20:29 . 2009-05-11 20:29 -------- d-sh--w c:\documents and settings\JR Silva.MICRO\PrivacIE

2009-05-11 20:28 . 2009-05-11 20:28 -------- d-sh--w c:\documents and settings\JR Silva.MICRO\IETldCache

2009-05-11 20:26 . 2009-05-11 20:26 -------- d-----w c:\windows\ie8updates

2009-05-11 20:23 . 2009-05-11 20:25 -------- dc-h--w c:\windows\ie8

2009-05-11 20:22 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll

2009-05-10 03:42 . 2009-05-10 03:42 -------- d-sh--w C:\found.000

2009-05-08 23:24 . 2009-05-08 23:24 -------- d-----r c:\documents and settings\LocalService\Meus documentos

2009-05-08 21:50 . 2009-05-08 21:50 -------- d-----w c:\arquivos de programas\Avira

2009-05-08 21:13 . 2009-05-08 21:10 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys

2009-05-08 21:07 . 2009-05-08 21:24 -------- d-----w c:\documents and settings\JR Silva.MICRO\.housecall6.6

2009-05-08 13:27 . 2001-09-06 02:17 980034 -c--a-w c:\windows\system32\dllcache\cicap.sys

2009-05-08 13:26 . 2008-04-13 18:40 8192 -c--a-w c:\windows\system32\dllcache\changer.sys

2009-05-08 13:25 . 2001-09-06 02:15 49182 -c--a-w c:\windows\system32\dllcache\cem56n5.sys

2009-05-08 13:25 . 2001-09-06 02:15 22044 -c--a-w c:\windows\system32\dllcache\cem33n5.sys

2009-05-08 13:25 . 2001-09-06 02:15 22044 -c--a-w c:\windows\system32\dllcache\cem28n5.sys

2009-05-08 13:25 . 2001-09-06 02:15 27164 -c--a-w c:\windows\system32\dllcache\ce3n5.sys

2009-05-08 13:25 . 2001-09-06 02:15 21530 -c--a-w c:\windows\system32\dllcache\ce2n5.sys

2009-05-08 13:25 . 2001-08-18 00:52 7680 -c--a-w c:\windows\system32\dllcache\cd20xrnt.sys

2009-05-08 13:25 . 2008-04-13 18:46 17024 -c--a-w c:\windows\system32\dllcache\ccdecode.sys

2009-05-08 13:25 . 2001-09-06 02:15 715210 -c--a-w c:\windows\system32\dllcache\cbmdmkxx.sys

2009-05-08 13:25 . 2001-08-17 23:13 46108 -c--a-w c:\windows\system32\dllcache\cben5.sys

2009-05-08 13:24 . 2001-08-17 23:12 39680 -c--a-w c:\windows\system32\dllcache\cb325.sys

2009-05-08 13:24 . 2001-08-17 23:12 37916 -c--a-w c:\windows\system32\dllcache\cb102.sys

2009-05-08 13:24 . 2001-09-06 02:50 32256 -c--a-w c:\windows\system32\dllcache\diapi2NT.dll

2009-05-08 13:24 . 2001-08-17 23:13 164923 -c--a-w c:\windows\system32\dllcache\diapi2.sys

2009-05-08 13:24 . 2008-04-14 02:20 121856 -c--a-w c:\windows\system32\dllcache\camext30.dll

2009-05-08 13:24 . 2001-09-06 02:50 236032 -c--a-w c:\windows\system32\dllcache\camext20.dll

2009-05-08 13:24 . 2001-09-06 02:50 74240 -c--a-w c:\windows\system32\dllcache\camexo20.dll

2009-05-08 13:23 . 2001-08-18 01:04 171264 -c--a-w c:\windows\system32\dllcache\camdrv30.sys

2009-05-08 13:23 . 2001-08-18 01:04 223232 -c--a-w c:\windows\system32\dllcache\camdrv21.sys

2009-05-08 13:23 . 2001-08-18 01:05 314752 -c--a-w c:\windows\system32\dllcache\camdro21.sys

2009-05-08 13:17 . 2001-09-06 02:12 14080 -c--a-w c:\windows\system32\dllcache\bulltlp3.sys

2009-05-08 13:17 . 2001-08-17 23:11 31529 -c--a-w c:\windows\system32\dllcache\brzwlan.sys

2009-05-08 13:17 . 2001-08-18 00:12 10368 -c--a-w c:\windows\system32\dllcache\brusbscn.sys

2009-05-08 13:17 . 2001-08-18 00:12 11008 -c--a-w c:\windows\system32\dllcache\brusbmdm.sys

2009-05-08 13:17 . 2001-08-18 00:12 60416 -c--a-w c:\windows\system32\dllcache\brserwdm.sys

2009-05-08 13:17 . 2001-09-06 02:50 9728 -c--a-w c:\windows\system32\dllcache\brserif.dll

2009-05-08 13:17 . 2001-09-06 02:50 5120 -c--a-w c:\windows\system32\dllcache\brscnrsm.dll

2009-05-08 13:16 . 2001-09-06 02:12 39680 -c--a-w c:\windows\system32\dllcache\brparwdm.sys

2009-05-08 13:16 . 2001-08-18 00:12 3168 -c--a-w c:\windows\system32\dllcache\brparimg.sys

2009-05-08 13:16 . 2001-09-06 02:50 41472 -c--a-w c:\windows\system32\dllcache\brmfusb.dll

2009-05-08 13:16 . 2001-09-06 02:50 32256 -c--a-w c:\windows\system32\dllcache\brmfrsmg.exe

2009-05-08 13:16 . 2001-09-06 02:50 29696 -c--a-w c:\windows\system32\dllcache\brmflpt.dll

2009-05-08 13:16 . 2001-09-06 02:50 81920 -c--a-w c:\windows\system32\dllcache\brmfcwia.dll

2009-05-08 13:16 . 2001-09-06 02:50 15360 -c--a-w c:\windows\system32\dllcache\brmfbidi.dll

2009-05-08 13:16 . 2001-08-18 00:12 3968 -c--a-w c:\windows\system32\dllcache\brfiltup.sys

2009-05-08 13:16 . 2001-08-18 00:12 12160 -c--a-w c:\windows\system32\dllcache\brfiltlo.sys

2009-05-08 13:16 . 2001-08-18 00:12 2944 -c--a-w c:\windows\system32\dllcache\brfilt.sys

2009-05-08 13:16 . 2001-09-06 02:50 12800 -c--a-w c:\windows\system32\dllcache\brevif.dll

2009-05-08 13:16 . 2001-09-06 02:50 9728 -c--a-w c:\windows\system32\dllcache\brcoinst.dll

2009-05-08 13:15 . 2001-09-06 02:50 19456 -c--a-w c:\windows\system32\dllcache\brbidiif.dll

2009-05-08 13:15 . 2001-09-06 02:50 102912 -c--a-w c:\windows\system32\dllcache\binlsvc.dll

2009-05-08 13:15 . 2008-04-13 18:46 11776 -c--a-w c:\windows\system32\dllcache\bdasup.sys

2009-05-08 13:15 . 2001-08-18 00:28 871388 -c--a-w c:\windows\system32\dllcache\bcmdm.sys

2009-05-08 13:15 . 2001-08-17 23:11 26568 -c--a-w c:\windows\system32\dllcache\bcm4e5.sys

2009-05-08 13:15 . 2001-08-17 23:11 54271 -c--a-w c:\windows\system32\dllcache\bcm42xx5.sys

2009-05-08 13:15 . 2001-08-17 23:11 66557 -c--a-w c:\windows\system32\dllcache\bcm42u.sys

2009-05-08 13:15 . 2008-04-13 18:36 14208 -c--a-w c:\windows\system32\dllcache\battc.sys

2009-05-08 13:14 . 2001-08-17 23:48 36128 -c--a-w c:\windows\system32\dllcache\banshee.sys

2009-05-08 13:14 . 2001-09-06 02:49 342336 -c--a-w c:\windows\system32\dllcache\banshee.dll

2009-05-08 13:14 . 2001-09-06 02:09 97184 -c--a-w c:\windows\system32\dllcache\b57xp32.sys

2009-05-08 13:14 . 2001-08-17 23:13 89952 -c--a-w c:\windows\system32\dllcache\b1cbase.sys

2009-05-08 13:14 . 2001-08-17 23:19 36992 -c--a-w c:\windows\system32\dllcache\aztw2320.sys

2009-05-08 13:14 . 2001-08-17 23:13 37568 -c--a-w c:\windows\system32\dllcache\avmwan.sys

2009-05-08 13:14 . 2001-09-06 02:50 144384 -c--a-w c:\windows\system32\dllcache\avmenum.dll

2009-05-08 13:14 . 2001-09-06 02:50 87552 -c--a-w c:\windows\system32\dllcache\avmcoxp.dll

2009-05-08 13:14 . 2008-04-13 18:46 13696 -c--a-w c:\windows\system32\dllcache\avcstrm.sys

2009-05-08 13:14 . 2001-08-18 01:01 36096 -c--a-w c:\windows\system32\dllcache\avcaudio.sys

2009-05-08 13:14 . 2008-04-13 18:46 38912 -c--a-w c:\windows\system32\dllcache\avc.sys

2009-05-08 13:13 . 2001-08-17 23:49 23552 -c--a-w c:\windows\system32\dllcache\atixbar.sys

2009-05-08 13:13 . 2001-08-17 23:49 26624 -c--a-w c:\windows\system32\dllcache\ativxbar.sys

2009-05-08 13:13 . 2001-08-17 23:49 19456 -c--a-w c:\windows\system32\dllcache\ativttxx.sys

2009-05-08 13:13 . 2001-08-17 23:49 9472 -c--a-w c:\windows\system32\dllcache\ativmdcd.sys

2009-05-08 13:13 . 2001-08-17 23:49 17152 -c--a-w c:\windows\system32\dllcache\atitvsnd.sys

2009-05-08 13:13 . 2001-08-17 23:49 17152 -c--a-w c:\windows\system32\dllcache\atitunep.sys

2009-05-08 13:13 . 2001-08-17 23:49 26880 -c--a-w c:\windows\system32\dllcache\atirtsnd.sys

2009-05-08 13:13 . 2001-08-17 23:49 49920 -c--a-w c:\windows\system32\dllcache\atirtcap.sys

2009-05-08 13:13 . 2001-09-06 02:08 70656 -c--a-w c:\windows\system32\dllcache\atiragem.sys

2009-05-08 13:12 . 2001-08-17 23:49 10240 -c--a-w c:\windows\system32\dllcache\atipcxxx.sys

2009-05-08 13:12 . 2001-09-06 02:08 281600 -c--a-w c:\windows\system32\dllcache\atimtai.sys

2009-05-08 13:12 . 2001-09-06 02:08 75264 -c--a-w c:\windows\system32\dllcache\atimpae.sys

2009-05-08 13:12 . 2001-09-06 02:08 289792 -c--a-w c:\windows\system32\dllcache\atimpab.sys

2009-05-08 13:12 . 2001-09-06 02:50 37376 -c--a-w c:\windows\system32\dllcache\atievxx.exe

2009-05-08 13:12 . 2001-09-06 02:49 268160 -c--a-w c:\windows\system32\dllcache\atidvai.dll

2009-05-08 13:12 . 2001-09-06 02:49 137216 -c--a-w c:\windows\system32\dllcache\atidrae.dll

2009-05-08 13:12 . 2001-09-06 02:49 382592 -c--a-w c:\windows\system32\dllcache\atidrab.dll

2009-05-08 13:12 . 2001-08-17 23:49 46464 -c--a-w c:\windows\system32\dllcache\atibt829.sys

2009-05-08 13:11 . 2001-09-06 02:08 77824 -c--a-w c:\windows\system32\dllcache\ati.sys

2009-05-08 13:11 . 2001-09-06 02:49 96128 -c--a-w c:\windows\system32\dllcache\ati.dll

2009-05-08 13:11 . 2001-08-17 23:12 97354 -c--a-w c:\windows\system32\dllcache\aspndis3.sys

2009-05-08 13:11 . 2001-08-18 00:51 14848 -c--a-w c:\windows\system32\dllcache\asc3550.sys

2009-05-08 13:11 . 2001-08-18 00:52 22400 -c--a-w c:\windows\system32\dllcache\asc3350p.sys

2009-05-08 13:11 . 2001-08-18 00:52 26496 -c--a-w c:\windows\system32\dllcache\asc.sys

2009-05-08 13:11 . 2001-08-18 00:47 6272 -c--a-w c:\windows\system32\dllcache\apmbatt.sys

2009-05-08 13:10 . 2004-08-04 00:31 36224 -c--a-w c:\windows\system32\dllcache\an983.sys

2009-05-08 13:10 . 2001-08-18 00:52 12032 -c--a-w c:\windows\system32\dllcache\amsint.sys

2009-05-08 13:10 . 2001-08-17 23:11 16969 -c--a-w c:\windows\system32\dllcache\amb8002.sys

2009-05-08 13:10 . 2001-08-18 00:51 5248 -c--a-w c:\windows\system32\dllcache\aliide.sys

2009-05-08 13:10 . 2001-08-18 00:49 26624 -c--a-w c:\windows\system32\dllcache\alifir.sys

2009-05-08 13:10 . 2001-08-17 23:11 27678 -c--a-w c:\windows\system32\dllcache\ali5261.sys

2009-05-08 13:10 . 2001-08-18 01:07 56960 -c--a-w c:\windows\system32\dllcache\aic78xx.sys

2009-05-08 13:10 . 2001-08-18 01:07 55168 -c--a-w c:\windows\system32\dllcache\aic78u2.sys

2009-05-08 13:10 . 2001-08-18 00:52 12800 -c--a-w c:\windows\system32\dllcache\aha154x.sys

2009-05-08 13:09 . 2001-08-18 01:07 101888 -c--a-w c:\windows\system32\dllcache\adpu160m.sys

2009-05-08 13:09 . 2001-08-17 23:11 46112 -c--a-w c:\windows\system32\dllcache\adptsf50.sys

2009-05-08 13:09 . 2004-08-04 00:32 10880 -c--a-w c:\windows\system32\dllcache\admjoy.sys

2009-05-08 13:07 . 2008-04-13 18:40 12288 -c--a-w c:\windows\system32\dllcache\4mmdat.sys

2009-05-08 13:07 . 2001-08-17 23:48 148352 -c--a-w c:\windows\system32\dllcache\3dfxvsm.sys

2009-05-08 13:07 . 2001-09-06 02:49 689216 -c--a-w c:\windows\system32\dllcache\3dfxvs.dll

2009-05-08 13:07 . 2001-08-18 00:28 762780 -c--a-w c:\windows\system32\dllcache\3cwmcru.sys

2009-05-08 13:07 . 2001-08-18 01:06 11264 -c--a-w c:\windows\system32\dllcache\1394vdbg.sys

2009-05-08 13:07 . 2008-04-13 18:46 53376 -c--a-w c:\windows\system32\dllcache\1394bus.sys

2009-05-08 13:05 . 2001-09-06 02:49 66048 -c--a-w c:\windows\system32\dllcache\s3legacy.dll

2009-05-08 10:00 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\61664031.sys

2009-05-06 13:11 . 2001-09-06 02:27 6912 -c--a-w c:\windows\system32\dllcache\serscan.sys

2009-05-06 13:11 . 2001-09-06 02:27 6912 ----a-w c:\windows\system32\drivers\serscan.sys

2009-05-06 13:11 . 2001-09-06 02:50 37376 -c--a-w c:\windows\system32\dllcache\kousd.dll

2009-05-06 13:11 . 2001-09-06 02:50 37376 ----a-w c:\windows\system32\kousd.dll

2009-05-06 13:11 . 2001-09-06 02:50 71680 -c--a-w c:\windows\system32\dllcache\fnfilter.dll

2009-05-06 13:11 . 2001-09-06 02:50 71680 ----a-w c:\windows\system32\fnfilter.dll

2009-05-06 09:01 . 2009-05-06 09:01 -------- d-----w c:\arquivos de programas\HD Tune

2009-05-06 07:19 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\82533934.sys

2009-05-05 05:25 . 2009-05-12 11:24 62404640 --sha-w c:\windows\system32\drivers\fidbox.dat

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-11 20:27 . 2009-05-05 05:25 578984 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-05-11 17:05 . 2006-09-03 01:24 -------- d-----w c:\arquivos de programas\HP

2009-05-08 01:51 . 2008-09-09 22:04 -------- d-----w c:\arquivos de programas\McAfee

2009-05-07 21:12 . 2007-03-18 01:36 -------- d-----w c:\arquivos de programas\Google

2009-05-02 12:02 . 2007-01-03 13:19 -------- d-----w c:\arquivos de programas\Windows Media Connect 2

2009-04-25 16:25 . 2008-10-31 19:09 -------- d-----w c:\arquivos de programas\DreaMule

2009-04-25 10:52 . 2006-09-02 13:15 -------- d-----w c:\arquivos de programas\Arquivos comuns\Symantec Shared

2009-04-19 13:04 . 2001-10-28 18:07 39076 ----a-w c:\windows\system32\perfc016.dat

2009-04-19 13:04 . 2001-10-28 18:07 152918 ----a-w c:\windows\system32\perfh016.dat

2009-03-08 07:34 . 2004-08-04 00:45 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 07:34 . 2004-08-04 00:45 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 07:33 . 2004-08-04 00:45 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 07:33 . 2004-08-04 00:45 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 07:32 . 2004-08-04 00:45 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 07:32 . 2004-08-04 00:45 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 07:31 . 2004-08-04 00:45 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 07:31 . 2004-08-04 00:44 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 07:31 . 2004-08-04 00:45 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 07:22 . 2001-10-28 15:07 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 14:20 . 2004-08-04 00:45 286208 ----a-w c:\windows\system32\pdh.dll

2008-03-11 00:22 . 2008-03-11 00:16 4265560 ----a-w c:\arquivos de programas\FLV PlayerRCATSetup.exe

2008-03-10 23:15 . 2008-03-10 23:14 411248 ----a-w c:\arquivos de programas\FLV PlayerRCSetup.exe

2002-04-05 18:29 . 2008-03-15 15:09 1208320 ------w c:\arquivos de programas\SothinkHtmlEditor.exe

2001-04-26 15:00 . 2008-03-15 15:09 4723 ------w c:\arquivos de programas\license.txt

2001-04-26 15:00 . 2008-03-15 15:09 561152 ------w c:\arquivos de programas\SiteManager.exe

2001-04-26 15:00 . 2008-03-15 15:09 176128 ------w c:\arquivos de programas\TagDefine.exe

2001-04-26 15:00 . 2008-03-15 15:09 17034 ------w c:\arquivos de programas\HTMLKeyword.txt

2001-04-26 15:00 . 2008-03-15 15:09 1340187 ------w c:\arquivos de programas\SothinkHTMLEditor.chm

.

------- Sigcheck -------

[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys

[7] 2004-08-03 23:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys

[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys

[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-16 148888]

"AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 540672]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-08-03 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32

"wave1"= serwvdrv.dll

"wave3"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Image Zone.lnk]

backup=c:\windows\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização Rápida do Microsoft Office OneNote 2003.lnk]

backup=c:\windows\pss\Inicialização Rápida do Microsoft Office OneNote 2003.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^VIA RAID TOOL.lnk]

backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^JR Silva.MICRO^Menu Iniciar^Programas^Inicializar^is-U92T7.lnk]

backup=c:\windows\pss\is-U92T7.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JR Silva.MICRO^Menu Iniciar^Programas^Inicializar^Microsoft Office OneNote 2003 Quick Launch.lnk]

backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MICRO1^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/5/2009 18:48 114768]

R1 is-G7D0Sdrv;is-G7D0Sdrv;c:\windows\system32\drivers\82533934.sys [6/5/2009 04:19 148496]

R1 is-U92T7drv;is-U92T7drv;c:\windows\system32\drivers\08750997.sys [5/5/2009 02:24 148496]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [8/5/2009 18:50 108289]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/5/2009 18:48 20560]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [9/9/2008 19:05 210216]

S1 SASDIFSV;SASDIFSV;\??\c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS --> c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys --> c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys [?]

S2 0204301241738319mcinstcleanup;McAfee Application Installer Cleanup (0204301241738319);c:\docume~1\JRSILV~1.MIC\CONFIG~1\Temp\020430~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\JRSILV~1.MIC\CONFIG~1\Temp\020430~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 gupdate1c985ddf42d753a;Google Update Service (gupdate1c985ddf42d753a);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [3/2/2009 06:01 133104]

S3 SASENUM;SASENUM;\??\c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS --> c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-05-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-03 09:00]

2009-05-12 c:\windows\Tasks\User_Feed_Synchronization-{437FF51F-8055-478F-AF75-34D986490EF9}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\JR Silva.MICRO\Dados de aplicativos\Mozilla\Firefox\Profiles\d7y5ujmh.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - component: c:\arquivos de programas\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-12 08:24

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(4568)

c:\arquivos de programas\McAfee\SiteAdvisor\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-05-12 8:26

ComboFix-quarantined-files.txt 2009-05-12 11:26

Pré-execução: 28 pasta(s) 19.846.754.304 bytes disponíveis

Pós execução: 27 pasta(s) 19.918.077.952 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

294

Compartilhar este post


Link para o post
Compartilhar em outros sites

Temporariamente desative antivirus de seu computador!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Clique em accept.
  • Surgirá uma janela, clique em Run.
  • O programa será instalado e depois começará a fazer as atualizações (updates). Aguarde...
  • Quando completar as atualizações (100%), clique no botão 3507611311_825f7c7183_o.jpg
  • Verifique, no painel à direita, se estão marcados as seguintes caixas:
  • Em: Detect malicious programs of the following categories:
    • Viruses, Worms, Trojan Horses, Rootkits (por default já vem selecionada)
    • Spyware, Adware, Dialers, and other potentially dangerous programs

    [*]Em: Scan compound files (doesn't apply to the File scan area):

    • Archives
    • Mail databases
  • Clique em My Computer para começar o scan. Aguarde...
  • Ao fim do scan clique no link View scan report.
  • Clique no botão 3508421676_e090b1e383_o.jpg
  • Na janela que abrir em Files of type escolha a extensão Text file (.txt), escolha um local e dê um nome para o arquivo.
  • Pode fechar a página do Kaspersky.
  • Abra o arquivo em que salvou o relatório, selecione todo o conteúdo (ctr + a), copie (ctrl + c) e cole (ctrl + v) em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia,

Segue log kaspersky: Obrigado!

KASPERSKY ONLINE SCANNER 7.0 REPORT

Wednesday, May 13, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Wednesday, May 13, 2009 07:05:20

Records in database: 2171373

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

Scan statistics:

Files scanned: 112820

Threat name: 0

Infected objects: 0

Suspicious objects: 0

Duration of the scan: 02:44:06

No malware has been detected. The scan area is clean.

The selected area was scanned.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seu problema não tem relação com malwares, veja se o seguinte link pode lhe ajudar:

http://kb.bitdefender.com/KB333-en--How-to-uninstall-BitDefender.html

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×