Ir ao conteúdo
  • Cadastre-se
Anonimo123

Possíveis infecções

Posts recomendados

Olá,

Estes dias o software RUBotted da TrendMicro me avisou que posso estar com um bot em minha máquina.

Acredito que seja um FP. E quero a confirmação de alguém superior a mim, além da verificação de possíveis outras infecções na máquina :P

Prt do RUBotted:

hehexw.png

Logs:

DDS:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Michel at 23:25:49,92 on 30/09/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2047.1268 [GMT -3:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\svchost.exe -k NetworkService

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\ASUS.SYS\config\DVMExportService.exe

C:\Windows\system32\OSPPSVC.EXE

C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\Explorer.EXE

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\Michel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michel\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.orbitdownloader.com

uURLSearchHooks: Barra de Ferramentas do Yahoo!: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

TB: Barra de Ferramentas do Yahoo!: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

uRun: [ares] "c:\program files\ares\Ares.exe" -h

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [steam] "c:\program files\steam\steam.exe" -silent

uRun: [smartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"

StartupFolder: c:\users\michel\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000

IE: S&end to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: {4582DEE6-1DC1-4887-BB48-EF61F00D28E4} = 208.67.222.222,208.67.220.220

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

AppInit_DLLs: c:\windows\system32\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 224240]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 30112]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-9-21 18816]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-7-17 319488]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-17 304464]

R2 osppsvc;Office Software Protection Platform;c:\windows\system32\OSPPSVC.EXE [2009-4-8 4319136]

R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-9-21 582992]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-17 20952]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-7-31 189440]

R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-9-21 206608]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-7-31 1119232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB7.sys [2010-8-2 1176064]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-4-25 33480048]

S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-9-21 206608]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-31 1343400]

=============== Created Last 30 ================

2010-09-29 02:01:03 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2010-09-29 01:31:41 2048 ----a-w- c:\windows\system32\tzres.dll

2010-09-29 01:26:07 0 d-----w- c:\program files\Wise Registry Cleaner

2010-09-27 23:48:02 0 d-----w- c:\users\michel\.bh_gui

2010-09-27 23:47:35 0 d-----w- c:\program files\SRI

2010-09-23 19:21:07 114176 ----a-w- c:\windows\system32\PCWizard.cpl

2010-09-23 19:21:07 0 d-----w- c:\windows\Java

2010-09-23 19:20:56 0 d-----w- c:\program files\CPUID

2010-09-21 23:49:01 0 d-----w- c:\users\michel\appdata\roaming\PhotoScape

2010-09-21 23:48:43 0 d-----w- c:\program files\PhotoScape

2010-09-21 23:21:03 0 d-----w- c:\programdata\Yahoo! Companion

2010-09-21 23:20:58 0 d-----w- c:\program files\Yahoo!

2010-09-21 23:10:39 0 d-----w- c:\programdata\Nexon

2010-09-21 22:55:25 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys

2010-09-21 22:41:18 0 d-----w- c:\program files\Sophos

2010-09-21 22:30:04 0 d-----w- c:\users\michel\Pavark

2010-09-21 22:15:31 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys

2010-09-19 21:07:06 0 d-----w- C:\Level Up! Games

2010-09-17 22:06:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_point32_01009.Wdf

2010-09-17 22:05:49 0 d-----w- c:\program files\Microsoft IntelliPoint

2010-09-17 22:01:45 0 d-----w- c:\program files\Microsoft IntelliType Pro

2010-09-17 21:49:41 502784 ----a-w- c:\windows\system32\VIASysFx.dll

2010-09-17 21:49:40 868352 ----a-w- c:\windows\system32\VIAPropPageExt.dll

2010-09-14 20:21:03 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-09-13 22:39:21 0 d-----w- c:\programdata\Kaspersky Lab

2010-09-13 21:47:55 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2010-09-13 21:31:03 0 d-----w- c:\users\michel\appdata\roaming\fltk.org

2010-09-13 21:21:02 0 d-----w- c:\users\michel\appdata\roaming\flightgear.org

2010-09-13 00:23:56 0 d-----w- c:\temp\dvmexp

2010-09-12 21:57:09 0 d-----w- c:\program files\VS Revo Group

2010-09-12 21:49:46 0 d-sh--w- C:\$RECYCLE.BIN

2010-09-12 19:10:24 0 d-----w- c:\windows\W7SBC

2010-09-12 18:31:54 272 ----a-w- c:\windows\system32\drivers\sfi.dat

2010-09-12 03:58:31 0 d-----w- C:\LinhaDefensiva

2010-09-12 01:09:40 0 d-----w- c:\programdata\Comodo Downloader

2010-09-11 17:19:57 0 d-----w- c:\program files\MSXML 4.0

2010-09-10 21:16:57 0 d-----w- c:\program files\common files\Stardock

2010-09-10 21:16:51 0 d-----w- c:\program files\Stardock

2010-09-10 21:09:38 2613248 ----a-w- c:\windows\explorer.exe.bak.exe

2010-09-10 21:00:54 249856 ----a-w- c:\windows\system32\uxtheme.dll.backup

2010-09-10 21:00:52 2755072 ----a-w- c:\windows\system32\themeui.dll.backup

2010-09-10 21:00:50 37376 ----a-w- c:\windows\system32\themeservice.dll.backup

2010-09-07 20:22:14 0 d-----w- c:\program files\Mozilla Firefox 4.0 Beta 5

2010-09-07 20:09:37 0 d-----w- c:\users\michel\appdata\roaming\Canneverbe Limited

2010-09-07 20:09:36 0 d-----w- c:\programdata\Canneverbe Limited

2010-09-01 23:37:44 0 d-----w- c:\users\michel\appdata\roaming\uTorrent

==================== Find3M ====================

2010-09-29 22:07:25 666510 ----a-w- c:\windows\system32\prfh0416.dat

2010-09-29 22:07:25 128740 ----a-w- c:\windows\system32\prfc0416.dat

2010-09-10 21:00:54 249856 ----a-w- c:\windows\system32\uxtheme.dll

2010-09-10 21:00:52 2755072 ----a-w- c:\windows\system32\themeui.dll

2010-09-10 21:00:50 37376 ----a-w- c:\windows\system32\themeservice.dll

2010-08-20 13:19:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2010-08-07 02:42:47 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-01 14:40:36 38536 ----a-w- c:\windows\system32\prfd0416.dat

2010-08-01 14:40:36 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat

2010-08-01 14:40:36 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat

2010-08-01 14:40:36 323154 ----a-w- c:\windows\system32\prfi0416.dat

2010-08-01 14:40:36 323154 ----a-w- c:\windows\inf\perflib\0416\perfi.dat

2010-08-01 14:40:36 323154 ----a-w- c:\windows\inf\perflib\0416\perfh.dat

2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-07-09 19:37:10 1469544 ----a-w- c:\windows\system32\nvsvc.dll

2010-07-09 19:37:10 13939816 ----a-w- c:\windows\system32\nvcpl.dll

2010-07-09 19:37:10 129640 ----a-w- c:\windows\system32\nvvsvc.exe

2010-07-09 19:37:10 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-07-09 19:20:06 66664 ----a-w- c:\windows\system32\nvshext.dll

2010-07-09 19:20:06 1881704 ----a-w- c:\windows\system32\nvsvcr.dll

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:26:33,79 ===============

Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 01/08/2010 07:01:35

System Uptime: 30/09/2010 19:21:24 (4 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5Q SE2

Processor: Intel® Core2 Quad CPU Q8300 @ 2.50GHz | LGA775 | 2499/333mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 149 GiB total, 103,726 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 37 GiB total, 37,217 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP126: 22/09/2010 19:16:39 - Windows Update

RP127: 24/09/2010 13:33:30 - Windows Update

RP128: 26/09/2010 20:29:05 - Windows Update

RP129: 27/09/2010 20:47:07 - Installed BotHunter.

RP131: 28/09/2010 14:25:45 - Revo Uninstaller's restore point - BotHunter

RP132: 28/09/2010 14:26:13 - Removed BotHunter.

RP134: 28/09/2010 14:28:39 - Revo Uninstaller's restore point - WinPcap 4.0.2

RP135: 28/09/2010 14:34:52 - Windows Update

RP136: 28/09/2010 23:00:32 - Windows Update

RP136: 29/09/2010 18:57:36 - Windows Update

RP137: 29/09/2010 19:08:06 - Windows Update

RP138: 30/09/2010 15:51:59 - Windows Update

RP139: 30/09/2010 16:39:16 - Windows Update

RP140: 30/09/2010 19:32:34 - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.4 - Português

Adobe Shockwave Player 11.5

Advanced SystemCare 3

AI Suite

AirPlus XtremeG DWL-G520

Applian FLV Player

Ares 2.1.6

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atheros Driver Installation Program

Barra de Ferramentas do Yahoo!

CCleaner

Combat Arms

Express Gate

Ferramenta de Carregamento do Windows Live

Game Booster

Google Chrome

HijackThis 2.0.2

Java Auto Updater

Java 6 Update 21

Malwarebytes' Anti-Malware

Media Player Codec Pack 3.9.6

Messenger Plus! Live

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Antimalware Service PT-BR Language Pack

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Corporation

Microsoft IntelliPoint 8.0

Microsoft IntelliType Pro 8.0

Microsoft Office Access MUI (English) 14

Microsoft Office Excel MUI (English) 14

Microsoft Office Groove MUI (English) 14

Microsoft Office Groove Setup Metadata MUI (English) 14

Microsoft Office InfoPath MUI (English) 14

Microsoft Office OneNote MUI (English) 14

Microsoft Office Outlook MUI (English) 14

Microsoft Office PowerPoint MUI (English) 14

Microsoft Office Professional Plus 14

Microsoft Office Professional Plus 2010 (Technical Preview)

Microsoft Office Proof (English) 14

Microsoft Office Proof (French) 14

Microsoft Office Proof (Spanish) 14

Microsoft Office Proofing (English) 14

Microsoft Office Publisher MUI (English) 14

Microsoft Office Shared MUI (English) 14

Microsoft Office Shared Setup Metadata MUI (English) 14

Microsoft Office Word MUI (English) 14

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 4.0b5 (x86 pt-BR)

Mozilla Thunderbird (3.1.4)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

ObjectDock

Orbit Downloader

PC Probe II

PC Wizard 2010.1.95

PhotoScape

Platform

Realtek Ethernet Controller Driver For Windows Vista and Later

Revo Uninstaller 1.89

Smart Defrag

Sophos Anti-Rootkit 1.5.4

Steam

Team Fortress 2

Trend Micro RUBotted

VIA Gerenciador de dispositivo de plataforma

Windows Essentials Media Codec Pack 3.0

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Player Firefox Plugin

Windows Movie Maker

Wise Registry Cleaner Free 5.61

==== End Of File ===========================

GMER:

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-09-30 23:46:51

Windows 6.1.7600

Running: gmer.exe; Driver: C:\Users\Michel\AppData\Local\Temp\uwryypow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8DE34510]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8DE358D2]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8DE346FC]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8DE33832]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8DE34176]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8DE3370E]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8DE33EF4]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8DE35562]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8DE330F6]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8DE3480C]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8DE3515A]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8DE33ACE]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8DE34352]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8DE33D7E]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8DE34BEE]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8DE34EA2]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8DE35352]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8DE33A68]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8DE33C6A]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8DE3350C]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8DE332F6]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C33AF8

INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C33104

INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C333F4

INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1C2D8

INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1B898

INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C331DC

INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C33958

INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C336F8

INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C33F2C

INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C341A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C93599 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB7F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!RtlSidHashLookup + 220 82CBF730 4 Bytes [10, 45, E3, 8D]

.text ntkrnlpa.exe!RtlSidHashLookup + 248 82CBF758 6 Bytes [D2, 58, E3, 8D, FC, 46]

.text ntkrnlpa.exe!RtlSidHashLookup + 24F 82CBF75F 1 Byte [8D]

.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82CBF7EC 4 Bytes [32, 38, E3, 8D] {XOR BH, [EAX]; JECXZ 0xffffffffffffff91}

.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 82CBF808 4 Bytes [76, 41, E3, 8D] {JBE 0x43; JECXZ 0xffffffffffffff91}

.text ...

.text peauth.sys 96B52C9D 28 Bytes [84, 7F, A8, 59, B9, 67, 20, ...]

.text peauth.sys 96B52CC1 28 Bytes [84, 7F, A8, 59, B9, 67, 20, ...]

PAGE peauth.sys 96B58E20 101 Bytes [89, 76, E2, 32, C4, BA, 5D, ...]

PAGE peauth.sys 96B5902C 102 Bytes [10, 07, 0A, 4D, 0C, 45, E1, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 4F90 99715000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 50B3 99715123 629 Bytes [05, 71, 99, FE, 05, 34, 05, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 5329 99715399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 538F 997153FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 543B 997154AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]

PAGE ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gerenciador de Filtro do Filesystem Microsoft/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38218902-FD9B-4D2C-8ADA-D62A583A5856}

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38218902-FD9B-4D2C-8ADA-D62A583A5856}

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38218902-FD9B-4D2C-8ADA-D62A583A5856}@Path \Microsoft\Microsoft Antimalware\MP Scheduled Scan

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38218902-FD9B-4D2C-8ADA-D62A583A5856}@Triggers 0x15 0x00 0x00 0x00 ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38218902-FD9B-4D2C-8ADA-D62A583A5856}@DynamicInfo 0x03 0x00 0x00 0x00 ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\MP Scheduled Scan@Id {38218902-FD9B-4D2C-8ADA-D62A583A5856}

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá! Seja bem vindo(a) à Remoção de Malwares do Fórum do Clube do Hardware.

Se preferir, salve essa página em seus favoritos para acessar mais facilmente.

Tome nota do seguinte, por favor:

  • a partir de agora analisarei seus logs e orientar-lhe-ei quando necessário. Voltarei assim que possível!
    NÃO faça nenhuma alteração e aguarde.
  • O processo de análise não é instantâneo. Seja paciente e aguarde pelas minhas instruções.
  • As instruções serão específicas para o seu problema e apenas deverão ser usadas neste PC.
  • Se houver algo que não entenda e lhe deixe dúvidas, por favor pergunte antes de prosseguir com as instruções.
  • Por favor coloque as suas respostas neste topico. NÃO inicie um novo tópico!
  • Caso eu fique mais de 4 (quatro) dias sem lhe responder, me envie uma Mensagem Privada.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

ETAPA #1

Você tem conhecimento da seguinte página definida como sua página inicial?

  • hxxp://search.orbitdownloader.com

ETAPA #2
Temporariamente desative anti-virus de seu computador!
Acesse o site do Kaspersky OnLine
  • Clique no botão Accept
  • Na janela que aparecer clique em Run
  • Será iniciado o download de instalação e depois as atualizações;
  • Clique no botão Settings
  • Verifique se as opções abaixo estejam marcadas:
    1. Spyware, Adware, Dialers, and other potentially dangerous programs
    2. Archives
    3. Mail databases

    [*]Clique em My Computer e depois em Save para começar o scan;[*]Uma vez completo, clique em View Scan Report;[*]Clique em Save Resport As...[*]Escolha um local, nome e salve;[*]Copie e cole todo o conteúdo em sua próxima resposta.

Para um melhor entendimento clique no link abaixo e veja a animação:

http://d.imagehost.org/0688/kaspersky.gif

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

GRÁTIS: minicurso “Como ganhar dinheiro montando computadores”

Gabriel TorresGabriel Torres, fundador e editor executivo do Clube do Hardware, acaba de lançar um minicurso totalmente gratuito: "Como ganhar dinheiro montando computadores".

Você aprenderá sobre o quanto pode ganhar, como cobrar, como lidar com a concorrência, como se tornar um profissional altamente qualificado e muito mais!

Inscreva-se agora!