Ir ao conteúdo
  • Cadastre-se

VÍRUS: Não consigo remover de nenhuma maneira!


Herweg

Posts recomendados

Pesquisei no Fórum e já fiz o básico todo: desabilitei a restauração do sistema, passei o AVG, o Avast!, o Avira e o Malwarebytes' Anti-Malware, porém sem nenhum sucesso...

Utilizei o ComboFix e a performance do PC melhorou, meu antivírus parou de abrir inúmeras janelas sucessivas. Infelizmente um Trojan continua ativo e lentamente reinstalando outros vírus assim que aciono meu cable-modem. A firewall do Windows XP também é desativada constantemente pelo malware (acredito eu)...

Seguindo as regras deste Fórum, segue meu log DDS:

============== Running Processes ===============

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\control.exe

C:\WINDOWS\system32\control.exe

C:\WINDOWS\system32\control.exe

C:\Documents and Settings\eduardo.HOME\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe

mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe

mRun: [soundMAXPnP] c:\arquivos de programas\analog devices\core\smax4pnp.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre1.6.0_05\bin\jusched.exe"

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink dvd solution\powerdvd\PDVDServ.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\qttask.exe" -atboottime

mRun: [iSUSPM Startup] c:\arquiv~1\arquiv~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\issch.exe" -start

mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\alluse~1.win\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1.win\menuin~1\progra~1\inicia~1\hpdigi~1.lnk - c:\arquivos de programas\hp\digital imaging\bin\hpqtra08.exe

IE: Download with GetRight - c:\arquivos de programas\getright\GRdownload.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: Open with GetRight Browser - c:\arquivos de programas\getright\GRbrowse.htm

IE: Sothink SWF Catcher - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_05\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehcef.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\eduar~1.hom\dadosd~1\mozilla\firefox\profiles\yry4gips.default\

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-26 26792]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-2 114768]

R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-8-14 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2009-8-14 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-8-14 185089]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-2 20560]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast4\ashServ.exe [2007-11-4 138680]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-14 55656]

R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2008-3-30 53288]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast4\ashMaiSv.exe [2007-11-4 254040]

S3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast4\ashWebSv.exe [2007-11-4 352920]

=============== Created Last 30 ================

2009-08-15 13:03 <DIR> -cd----- c:\windows\system32\dllcache\cache

2009-08-15 12:45 <DIR> a-dshr-- C:\cmdcons

2009-08-15 12:45 29,184 ac------ c:\windows\system32\dllcache\beep.sys

2009-08-15 12:36 216,064 a------- c:\windows\PEV.exe

2009-08-15 12:36 161,792 a------- c:\windows\SWREG.exe

2009-08-15 12:36 98,816 a------- c:\windows\sed.exe

2009-08-15 10:28 42 a------- c:\windows\system32\scud.udf

2009-08-14 22:26 <DIR> --d----- c:\docume~1\alluse~1.win\dadosd~1\Avira

2009-08-14 22:26 <DIR> --d----- c:\arquivos de programas\Avira

2009-08-14 21:49 55,656 a------- c:\windows\system32\drivers\avgntflt.sys

2009-08-14 00:24 <DIR> --d----- c:\docume~1\eduar~1.hom\dadosd~1\Malwarebytes

2009-08-14 00:24 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-14 00:24 <DIR> --d----- c:\docume~1\alluse~1.win\dadosd~1\Malwarebytes

2009-08-14 00:24 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-08-14 00:24 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-08-13 23:34 <DIR> --d----- c:\docume~1\alluse~1.win\dadosd~1\SUPERAntiSpyware.com

2009-08-13 23:34 <DIR> --d----- c:\docume~1\eduar~1.hom\dadosd~1\SUPERAntiSpyware.com

2009-08-13 23:34 <DIR> --d----- c:\arquivos de programas\SUPERAntiSpyware

2009-08-13 19:08 <DIR> --d----- c:\windows\ServicePackFiles

2009-07-31 13:10 <DIR> --d----- c:\arquivos de programas\arquivos comuns\DivX Shared

==================== Find3M ====================

2009-08-15 13:28 8,126,464 a---h--- c:\documents and settings\eduardo.home\NTUSER.DAT

2009-08-05 06:06 205,312 a------- c:\windows\system32\mswebdvd.dll

2009-07-17 15:57 58,880 a------- c:\windows\system32\atl.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll

2009-07-01 14:58 26,792 a------- c:\windows\system32\drivers\GbpKm.sys

2009-06-26 13:18 661,504 a------- c:\windows\system32\wininet.dll

2009-06-26 13:18 81,920 a------- c:\windows\system32\ieencode.dll

2009-06-25 15:36 661,504 a------- c:\windows\system32\mqqm.dll

2009-06-25 15:36 523,776 a------- c:\windows\system32\mqutil.dll

2009-06-25 15:36 517,120 a------- c:\windows\system32\mqsnap.dll

2009-06-25 15:36 225,280 a------- c:\windows\system32\mqoa.dll

2009-06-25 15:36 186,880 a------- c:\windows\system32\mqtrig.dll

2009-06-25 15:36 177,152 a------- c:\windows\system32\mqrt.dll

2009-06-25 15:36 138,240 a------- c:\windows\system32\mqad.dll

2009-06-25 15:36 123,392 a------- c:\windows\system32\mqrtdep.dll

2009-06-25 15:36 95,744 a------- c:\windows\system32\mqsec.dll

2009-06-25 15:36 48,640 a------- c:\windows\system32\mqupgrd.dll

2009-06-25 15:36 47,104 a------- c:\windows\system32\mqdscli.dll

2009-06-25 15:36 16,896 a------- c:\windows\system32\mqise.dll

2009-06-22 08:49 117,248 a------- c:\windows\system32\mqtgsvc.exe

2009-06-22 08:49 19,968 a------- c:\windows\system32\mqbkup.exe

2009-06-22 08:49 4,608 a------- c:\windows\system32\mqsvc.exe

2009-06-22 08:48 91,776 a------- c:\windows\system32\drivers\mqac.sys

2009-06-16 11:54 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 11:54 82,432 a------- c:\windows\system32\fontsub.dll

2009-06-15 08:33 77,824 a------- c:\windows\system32\telnet.exe

2009-06-15 08:33 81,408 a------- c:\windows\system32\tlntsess.exe

2009-06-13 13:00 90,112 a------- c:\windows\DUMP82bc.tmp

2009-06-10 11:24 85,504 a------- c:\windows\system32\avifil32.dll

2009-06-10 03:31 132,096 a------- c:\windows\system32\wkssvc.dll

2009-06-05 04:48 655,872 a------- c:\windows\system32\mstscax.dll

2009-06-03 16:26 1,295,360 a------- c:\windows\system32\quartz.dll

2007-12-14 20:36 0 a------- c:\documents and settings\eduardo.home\file.zip

2004-10-01 14:00 40,960 a------- c:\arquivos de programas\Uninstall_CDS.exe

2008-02-21 23:52 8 ---shr-- c:\windows\system32\D48C744E00.sys

2009-02-24 13:33 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 15:21:58,37 ===============

Link para o comentário
Compartilhar em outros sites

  • Coordenador

O ComboFix não deve ser usado sem acompanhamento para sua própria segurança.

Poste o log gerado por ele em:

C:\Combofix.txt

Link para o comentário
Compartilhar em outros sites

RenatoMejias, obrigado pela atenção!

A performance do meu PC melhorou, porém o Avira ainda está acusando a presença de vírus em "\Configurações locais\temp\_avast4_\unp(...).tmp", uma pasta temporária relacionada ao Avast!.

Segue o log do ComboFix:

ComboFix 09-08-10.06 - herweg 15/08/2009 12:48.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.959.594 [GMT -3:00]

Executando de: c:\documents and settings\herweg.HOME\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1335 [VPS 090814-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - drivers: deleted 208 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\LocalService.AUTORIDADE NT\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\braviax.exe

c:\windows\Installer\62c4e9.msp

c:\windows\Installer\c61aa.msi

c:\windows\system32\AutoRun.inf

c:\windows\system32\braviax.exe

c:\windows\system32\dllcache\figaro.sys

c:\windows\system32\wisdstr.exe

A cópia de c:\windows\system32\drivers\ntfs.sys foi encontrada e desinfectada

Cópia restaurada de - c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

c:\windows\system32\drivers\beep.sys . . . está infectado!!

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_RKHIT

-------\Service_RkHit

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-15 to 2009-08-15 ))))))))))))))))))))))))))))

.

2009-08-15 15:45 . 2009-08-15 15:45 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-08-15 01:26 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-15 01:26 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-15 01:26 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-15 01:26 . 2009-08-15 01:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Avira

2009-08-15 01:26 . 2009-08-15 01:26 -------- d-----w- c:\arquivos de programas\Avira

2009-08-15 00:49 . 2009-07-28 19:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-14 03:24 . 2009-08-03 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-14 03:24 . 2009-08-14 03:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

2009-08-14 03:24 . 2009-08-14 03:24 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-08-14 03:24 . 2009-08-03 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-14 02:34 . 2009-08-14 02:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\SUPERAntiSpyware.com

2009-08-14 02:34 . 2009-08-15 00:57 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2009-08-13 22:08 . 2009-08-13 22:08 -------- d-----w- c:\windows\ServicePackFiles

2009-07-31 16:10 . 2009-07-31 16:11 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DivX Shared

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-10 21:59 . 2007-12-29 19:13 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-08-05 09:06 . 2004-08-04 03:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-01 03:30 . 2008-03-30 19:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

2009-08-01 03:30 . 2008-03-30 19:49 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-07-31 16:11 . 2007-11-10 01:42 -------- d-----w- c:\arquivos de programas\DivX

2009-07-17 18:57 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 02:43 . 2004-08-04 03:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-01 17:58 . 2008-12-26 21:47 26792 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-06-26 16:18 . 2004-08-04 03:45 661504 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 16:18 . 2004-08-04 03:45 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-06-25 18:36 . 2004-08-04 03:45 95744 ----a-w- c:\windows\system32\mqsec.dll

2009-06-25 18:36 . 2004-08-04 03:45 661504 ----a-w- c:\windows\system32\mqqm.dll

2009-06-25 18:36 . 2004-08-04 03:45 523776 ----a-w- c:\windows\system32\mqutil.dll

2009-06-25 18:36 . 2004-08-04 03:45 517120 ----a-w- c:\windows\system32\mqsnap.dll

2009-06-25 18:36 . 2004-08-04 03:45 48640 ----a-w- c:\windows\system32\mqupgrd.dll

2009-06-25 18:36 . 2004-08-04 03:45 47104 ----a-w- c:\windows\system32\mqdscli.dll

2009-06-25 18:36 . 2004-08-04 03:45 225280 ----a-w- c:\windows\system32\mqoa.dll

2009-06-25 18:36 . 2004-08-04 03:45 186880 ----a-w- c:\windows\system32\mqtrig.dll

2009-06-25 18:36 . 2004-08-04 03:45 177152 ----a-w- c:\windows\system32\mqrt.dll

2009-06-25 18:36 . 2004-08-04 03:45 16896 ----a-w- c:\windows\system32\mqise.dll

2009-06-25 18:36 . 2004-08-04 03:45 138240 ----a-w- c:\windows\system32\mqad.dll

2009-06-25 18:36 . 2004-08-04 03:45 123392 ----a-w- c:\windows\system32\mqrtdep.dll

2009-06-22 11:49 . 2004-08-04 03:45 19968 ----a-w- c:\windows\system32\mqbkup.exe

2009-06-22 11:49 . 2004-08-04 03:45 117248 ----a-w- c:\windows\system32\mqtgsvc.exe

2009-06-22 11:49 . 2004-08-04 03:45 4608 ----a-w- c:\windows\system32\mqsvc.exe

2009-06-22 11:48 . 2004-08-04 01:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys

2009-06-16 14:54 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:54 . 2001-10-28 18:06 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 11:33 . 2004-08-04 03:45 77824 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 11:33 . 2004-08-04 03:45 81408 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-13 16:00 . 2007-11-04 17:14 90112 ----a-w- c:\windows\DUMP82bc.tmp

2009-06-10 14:24 . 2004-08-04 03:45 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:31 . 2004-08-04 03:45 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 07:48 . 2007-11-04 19:26 655872 ----a-w- c:\windows\system32\mstscax.dll

2009-06-03 19:26 . 2004-08-04 03:45 1295360 ----a-w- c:\windows\system32\quartz.dll

2004-10-01 17:00 . 2007-11-15 19:23 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

2008-02-22 02:52 . 2008-02-22 02:52 8 --sh--r- c:\windows\system32\D48C744E00.sys

2009-02-24 16:33 . 2008-02-22 02:52 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-12-18 180269]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2007-06-29 286720]

"ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]

c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GbPlugin\gbiehcef.dll" [2009-07-01 293928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-07-01 18:08 293928 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"c:\\Arquivos de programas\\FileZilla FTP Client\\filezilla.exe"=

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [26/12/2008 18:47 26792]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/4/2008 20:45 114768]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [14/8/2009 22:26 108289]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/4/2008 20:45 20560]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [30/3/2008 16:50 53288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:57]

2009-08-14 c:\windows\Tasks\WebReg Photosmart C4200 series.job

- c:\arquivos de programas\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 23:27]

2009-08-15 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-26 01:18]

.

- - - - ORFÃOS REMOVIDOS - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-Vidalia - c:\arquivos de programas\Vidalia Bundle\Vidalia\vidalia.exe

HKCU-Run-msword98 - c:\documents and settings\herweg.HOME\msword98.exe

Notify-WgaLogon - (no file)

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

IE: Download with GetRight - c:\arquivos de programas\GetRight\GRdownload.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Open with GetRight Browser - c:\arquivos de programas\GetRight\GRbrowse.htm

IE: Sothink SWF Catcher - c:\arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

FF - ProfilePath - c:\documents and settings\herweg.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\yry4gips.default\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-15 12:57

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\e-mail]

@DACL=(02 0000)

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

@=""

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(648)

c:\arquivos de programas\GbPlugin\gbiehcef.dll

- - - - - - - > 'explorer.exe'(2708)

c:\arquivos de programas\GbPlugin\gbiehcef.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-08-15 13:04 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-15 16:04

Pré-execução: 10 pasta(s) 30.310.825.984 bytes disponíveis

Pós execução: 10 pasta(s) 38.922.297.344 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

211 --- E O F --- 2009-08-13 22:11

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em File to upload coloque:

c:\windows\system32\drivers\beep.sys

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Link para o comentário
Compartilhar em outros sites

Um pequeno problema: dada a minha ansiedade em resolver tudo logo, fuçando alguns Fóruns, gerei o seguinte script:

Killall::

Snapshot::

Mia::

c:\windows\system32\drivers\beep.sys

Replicator::

...e o arrastei para o ComboFix. Feita uma segunda análise, o log avisou que este arquivo (beep.sys) estava "faltando". Ignorei e achei que estava tudo bem até o Avira Antivir começar a reclamar novamente quanto aos arquivos da pasta TEMP.

Me precipitei demais? O que devo fazer agora? Usar o "Windows Recovery" instalado no primeiro uso do ComboFix?

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Sim, se precipitou demais. Cada CFScript tem um propósito e executar comandos ao aesmo pode danificar seu computador.

Execute e poste um novo log do ComboFix.

Link para o comentário
Compartilhar em outros sites

ComboFix 09-08-10.06 - herweg 25/08/2009 1:43.2.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.959.783 [GMT -3:00]

Executando de: c:\documents and settings\herweg.HOME\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\herweg.HOME\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1335 [VPS 090817-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

.

ADS - drivers: deleted 220 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\Drivers\hnjbbxnlqefp.sys

c:\windows\system32\drivers\beep.sys . . . está faltando!!

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_hnjbbxnlqefp

-------\Service_hnjbbxnlqefp

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-25 to 2009-08-25 ))))))))))))))))))))))))))))

.

2009-08-17 16:34 . 2009-08-17 16:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2009-08-17 16:34 . 2009-08-17 16:37 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-08-17 07:01 . 2009-08-17 07:02 -------- d-----w- c:\arquivos de programas\Unlocker

2009-08-17 03:39 . 2009-08-17 03:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\F-Secure

2009-08-17 03:29 . 2009-08-17 03:29 -------- d-----w- c:\arquivos de programas\CCleaner

2009-08-17 01:54 . 2009-08-17 01:54 -------- d-----r- c:\documents and settings\LocalService.AUTORIDADE NT\Favoritos

2009-08-16 22:28 . 2009-08-16 22:28 81984 ----a-w- c:\windows\system32\bdod.bin

2009-08-16 22:26 . 2009-08-16 22:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\BitDefender

2009-08-16 22:26 . 2009-08-16 22:26 -------- d-----w- c:\arquivos de programas\Softwin

2009-08-16 22:26 . 2009-08-16 22:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Softwin

2009-08-16 21:43 . 2009-08-16 22:21 -------- d-----w- c:\windows\BDOSCAN8

2009-08-15 01:26 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-15 01:26 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-15 01:26 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-15 01:26 . 2009-08-15 01:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Avira

2009-08-15 01:26 . 2009-08-15 01:26 -------- d-----w- c:\arquivos de programas\Avira

2009-08-15 00:49 . 2009-07-28 19:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-14 03:24 . 2009-08-03 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-14 03:24 . 2009-08-14 03:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

2009-08-14 03:24 . 2009-08-14 03:24 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-08-14 03:24 . 2009-08-03 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-14 02:34 . 2009-08-14 02:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\SUPERAntiSpyware.com

2009-08-14 02:34 . 2009-08-15 00:57 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2009-08-13 22:08 . 2009-08-13 22:08 -------- d-----w- c:\windows\ServicePackFiles

2009-07-31 16:10 . 2009-07-31 16:11 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DivX Shared

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-18 03:03 . 2007-12-29 19:13 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-08-15 23:50 . 2008-04-04 22:36 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\TEMP

2009-08-05 09:06 . 2004-08-04 03:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-01 03:30 . 2008-03-30 19:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

2009-08-01 03:30 . 2008-03-30 19:49 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-07-31 16:11 . 2007-11-10 01:42 -------- d-----w- c:\arquivos de programas\DivX

2009-07-17 18:57 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 02:43 . 2004-08-04 03:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-01 17:58 . 2008-12-26 21:47 26792 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-06-26 16:18 . 2004-08-04 03:45 661504 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 16:18 . 2004-08-04 03:45 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-06-25 18:36 . 2004-08-04 03:45 95744 ----a-w- c:\windows\system32\mqsec.dll

2009-06-25 18:36 . 2004-08-04 03:45 661504 ----a-w- c:\windows\system32\mqqm.dll

2009-06-25 18:36 . 2004-08-04 03:45 523776 ----a-w- c:\windows\system32\mqutil.dll

2009-06-25 18:36 . 2004-08-04 03:45 517120 ----a-w- c:\windows\system32\mqsnap.dll

2009-06-25 18:36 . 2004-08-04 03:45 48640 ----a-w- c:\windows\system32\mqupgrd.dll

2009-06-25 18:36 . 2004-08-04 03:45 47104 ----a-w- c:\windows\system32\mqdscli.dll

2009-06-25 18:36 . 2004-08-04 03:45 225280 ----a-w- c:\windows\system32\mqoa.dll

2009-06-25 18:36 . 2004-08-04 03:45 186880 ----a-w- c:\windows\system32\mqtrig.dll

2009-06-25 18:36 . 2004-08-04 03:45 177152 ----a-w- c:\windows\system32\mqrt.dll

2009-06-25 18:36 . 2004-08-04 03:45 16896 ----a-w- c:\windows\system32\mqise.dll

2009-06-25 18:36 . 2004-08-04 03:45 138240 ----a-w- c:\windows\system32\mqad.dll

2009-06-25 18:36 . 2004-08-04 03:45 123392 ----a-w- c:\windows\system32\mqrtdep.dll

2009-06-25 08:46 . 2004-08-04 03:45 59392 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:46 . 2004-08-04 03:45 56320 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:46 . 2004-08-04 03:45 168448 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:46 . 2004-08-04 03:45 133632 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:46 . 2004-08-04 03:45 727040 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:46 . 2004-08-04 03:45 298496 ----a-w- c:\windows\system32\kerberos.dll

2009-06-22 11:49 . 2004-08-04 03:45 19968 ----a-w- c:\windows\system32\mqbkup.exe

2009-06-22 11:49 . 2004-08-04 03:45 117248 ----a-w- c:\windows\system32\mqtgsvc.exe

2009-06-22 11:49 . 2004-08-04 03:45 4608 ----a-w- c:\windows\system32\mqsvc.exe

2009-06-22 11:48 . 2004-08-04 01:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys

2009-06-22 11:34 . 2004-08-04 01:59 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:54 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:54 . 2001-10-28 18:06 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 11:33 . 2004-08-04 03:45 77824 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 11:33 . 2004-08-04 03:45 81408 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-13 16:00 . 2007-11-04 17:14 90112 ----a-w- c:\windows\DUMP82bc.tmp

2009-06-10 14:24 . 2004-08-04 03:45 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:31 . 2004-08-04 03:45 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 07:48 . 2007-11-04 19:26 655872 ----a-w- c:\windows\system32\mstscax.dll

2009-06-03 19:26 . 2004-08-04 03:45 1295360 ----a-w- c:\windows\system32\quartz.dll

2004-10-01 17:00 . 2007-11-15 19:23 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

2008-02-22 02:52 . 2008-02-22 02:52 8 --sh--r- c:\windows\system32\D48C744E00.sys

2009-02-24 16:33 . 2008-02-22 02:52 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-12-18 180269]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2007-06-29 286720]

"ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]

c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"c:\\Arquivos de programas\\FileZilla FTP Client\\filezilla.exe"=

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [26/12/2008 18:47 26792]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/4/2008 20:45 114768]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [14/8/2009 22:26 108289]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/4/2008 20:45 20560]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [30/3/2008 16:50 53288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:57]

2009-08-14 c:\windows\Tasks\WebReg Photosmart C4200 series.job

- c:\arquivos de programas\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 23:27]

2009-08-18 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-26 01:18]

.

- - - - ORFÃOS REMOVIDOS - - - -

Notify- GbPluginCef - (no file)

.

------- Scan Suplementar -------

.

IE: Download with GetRight - c:\arquivos de programas\GetRight\GRdownload.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Open with GetRight Browser - c:\arquivos de programas\GetRight\GRbrowse.htm

IE: Sothink SWF Catcher - c:\arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

FF - ProfilePath - c:\documents and settings\herweg.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\yry4gips.default\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-18 01:53

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\e-mail]

@DACL=(02 0000)

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

@=""

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(4036)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\browselc.dll

c:\arquivos de programas\Microsoft Office\OFFICE11\msohev.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-08-25 1:59 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-25 04:59

ComboFix2.txt 2009-08-15 16:04

Pré-execução: 10 pasta(s) 38.669.910.016 bytes disponíveis

Pós execução: 10 pasta(s) 38.648.844.288 bytes disponíveis

206 --- E O F --- 2009-08-23 15:51

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Faça download do beep.sys do seguinte link e o coloque em sua devida pasta.

http://andymanchesta.com/Files/XP/beep.sys

Após isso, execute novamente o ComboFix e poste seu log para análise.

Link para o comentário
Compartilhar em outros sites

ComboFix 09-08-20.02 - herweg 31/08/2009 0:31.3.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.959.628 [GMT -3:00]

Executando de: c:\documents and settings\herweg.HOME\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1335 [VPS 090820-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

.

ADS - drivers: deleted 12 bytes in 1 streams.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-31 to 2009-08-31 ))))))))))))))))))))))))))))

.

2009-08-17 16:34 . 2009-08-17 16:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2009-08-17 16:34 . 2009-08-17 16:37 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-08-17 07:01 . 2009-08-17 07:02 -------- d-----w- c:\arquivos de programas\Unlocker

2009-08-17 03:39 . 2009-08-17 03:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\F-Secure

2009-08-17 03:29 . 2009-08-17 03:29 -------- d-----w- c:\arquivos de programas\CCleaner

2009-08-17 01:54 . 2009-08-17 01:54 -------- d-----r- c:\documents and settings\LocalService.AUTORIDADE NT\Favoritos

2009-08-16 22:28 . 2009-08-16 22:28 81984 ----a-w- c:\windows\system32\bdod.bin

2009-08-16 22:26 . 2009-08-16 22:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\BitDefender

2009-08-16 22:26 . 2009-08-16 22:26 -------- d-----w- c:\arquivos de programas\Softwin

2009-08-16 22:26 . 2009-08-16 22:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Softwin

2009-08-16 21:43 . 2009-08-16 22:21 -------- d-----w- c:\windows\BDOSCAN8

2009-08-15 01:26 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-15 01:26 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-15 01:26 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-15 01:26 . 2009-08-15 01:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Avira

2009-08-15 01:26 . 2009-08-15 01:26 -------- d-----w- c:\arquivos de programas\Avira

2009-08-15 00:49 . 2009-07-28 19:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-14 03:24 . 2009-08-03 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-14 03:24 . 2009-08-14 03:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

2009-08-14 03:24 . 2009-08-14 03:24 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-08-14 03:24 . 2009-08-03 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-14 02:34 . 2009-08-14 02:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\SUPERAntiSpyware.com

2009-08-14 02:34 . 2009-08-15 00:57 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2009-08-13 22:08 . 2009-08-13 22:08 -------- d-----w- c:\windows\ServicePackFiles

2009-07-31 16:10 . 2009-07-31 16:11 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DivX Shared

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-18 03:03 . 2007-12-29 19:13 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-08-15 23:50 . 2008-04-04 22:36 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\TEMP

2009-08-05 09:06 . 2004-08-04 03:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-01 03:30 . 2008-03-30 19:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

2009-08-01 03:30 . 2008-03-30 19:49 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-07-31 16:11 . 2007-11-10 01:42 -------- d-----w- c:\arquivos de programas\DivX

2009-07-17 18:57 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 02:43 . 2004-08-04 03:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-01 17:58 . 2008-12-26 21:47 26792 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-06-26 16:18 . 2004-08-04 03:45 661504 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 16:18 . 2004-08-04 03:45 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-06-25 18:36 . 2004-08-04 03:45 95744 ----a-w- c:\windows\system32\mqsec.dll

2009-06-25 18:36 . 2004-08-04 03:45 661504 ----a-w- c:\windows\system32\mqqm.dll

2009-06-25 18:36 . 2004-08-04 03:45 523776 ----a-w- c:\windows\system32\mqutil.dll

2009-06-25 18:36 . 2004-08-04 03:45 517120 ----a-w- c:\windows\system32\mqsnap.dll

2009-06-25 18:36 . 2004-08-04 03:45 48640 ----a-w- c:\windows\system32\mqupgrd.dll

2009-06-25 18:36 . 2004-08-04 03:45 47104 ----a-w- c:\windows\system32\mqdscli.dll

2009-06-25 18:36 . 2004-08-04 03:45 225280 ----a-w- c:\windows\system32\mqoa.dll

2009-06-25 18:36 . 2004-08-04 03:45 186880 ----a-w- c:\windows\system32\mqtrig.dll

2009-06-25 18:36 . 2004-08-04 03:45 177152 ----a-w- c:\windows\system32\mqrt.dll

2009-06-25 18:36 . 2004-08-04 03:45 16896 ----a-w- c:\windows\system32\mqise.dll

2009-06-25 18:36 . 2004-08-04 03:45 138240 ----a-w- c:\windows\system32\mqad.dll

2009-06-25 18:36 . 2004-08-04 03:45 123392 ----a-w- c:\windows\system32\mqrtdep.dll

2009-06-25 08:46 . 2004-08-04 03:45 59392 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:46 . 2004-08-04 03:45 56320 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:46 . 2004-08-04 03:45 168448 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:46 . 2004-08-04 03:45 133632 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:46 . 2004-08-04 03:45 727040 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:46 . 2004-08-04 03:45 298496 ----a-w- c:\windows\system32\kerberos.dll

2009-06-22 11:49 . 2004-08-04 03:45 19968 ----a-w- c:\windows\system32\mqbkup.exe

2009-06-22 11:49 . 2004-08-04 03:45 117248 ----a-w- c:\windows\system32\mqtgsvc.exe

2009-06-22 11:49 . 2004-08-04 03:45 4608 ----a-w- c:\windows\system32\mqsvc.exe

2009-06-22 11:48 . 2004-08-04 01:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys

2009-06-22 11:34 . 2004-08-04 01:59 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:54 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:54 . 2001-10-28 18:06 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 11:33 . 2004-08-04 03:45 77824 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 11:33 . 2004-08-04 03:45 81408 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-13 16:00 . 2007-11-04 17:14 90112 ----a-w- c:\windows\DUMP82bc.tmp

2009-06-10 14:24 . 2004-08-04 03:45 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:31 . 2004-08-04 03:45 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 07:48 . 2007-11-04 19:26 655872 ----a-w- c:\windows\system32\mstscax.dll

2009-06-03 19:26 . 2004-08-04 03:45 1295360 ----a-w- c:\windows\system32\quartz.dll

2004-10-01 17:00 . 2007-11-15 19:23 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

2008-02-22 02:52 . 2008-02-22 02:52 8 --sh--r- c:\windows\system32\D48C744E00.sys

2009-02-24 16:33 . 2008-02-22 02:52 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-08-18_04.53.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-21 03:28 . 2009-08-21 03:28 16384 c:\windows\temp\Perflib_Perfdata_62c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-12-18 180269]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2007-06-29 286720]

"ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]

c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"c:\\Arquivos de programas\\FileZilla FTP Client\\filezilla.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/4/2008 20:45 114768]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [14/8/2009 22:26 108289]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/4/2008 20:45 20560]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [30/3/2008 16:50 53288]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [26/12/2008 18:47 26792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:57]

2009-08-21 c:\windows\Tasks\WebReg Photosmart C4200 series.job

- c:\arquivos de programas\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 23:27]

2009-08-21 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-26 01:18]

.

.

------- Scan Suplementar -------

.

IE: Download with GetRight - c:\arquivos de programas\GetRight\GRdownload.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Open with GetRight Browser - c:\arquivos de programas\GetRight\GRbrowse.htm

IE: Sothink SWF Catcher - c:\arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

FF - ProfilePath - c:\documents and settings\herweg.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\yry4gips.default\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-21 00:37

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\e-mail]

@DACL=(02 0000)

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

@=""

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3196)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-08-31 0:39

ComboFix-quarantined-files.txt 2009-08-31 03:39

ComboFix2.txt 2009-08-25 04:59

ComboFix3.txt 2009-08-15 16:04

Pré-execução: 10 pasta(s) 38.611.910.656 bytes disponíveis

Pós execução: 10 pasta(s) 38.609.518.592 bytes disponíveis

184 --- E O F --- 2009-08-23 15:51

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em File to upload coloque: c:\windows\system32\d3d9caps.dat

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Link para o comentário
Compartilhar em outros sites

Antivírus;Versão;Última Atualização;Resultado

a-squared;4.5.0.24;2009.09.01;-

AhnLab-V3;5.0.0.2;2009.08.31;-

AntiVir;7.9.1.7;2009.08.31;-

Antiy-AVL;2.0.3.7;2009.09.01;-

Authentium;5.1.2.4;2009.08.31;-

Avast;4.8.1335.0;2009.08.31;-

AVG;8.5.0.406;2009.08.31;-

BitDefender;7.2;2009.09.01;-

CAT-QuickHeal;10.00;2009.09.01;-

ClamAV;0.94.1;2009.09.01;-

Comodo;2124;2009.09.01;-

DrWeb;5.0.0.12182;2009.09.01;-

eSafe;7.0.17.0;2009.08.31;-

eTrust-Vet;31.6.6713;2009.08.31;-

F-Prot;4.5.1.85;2009.08.31;-

F-Secure;8.0.14470.0;2009.09.01;-

Fortinet;3.120.0.0;2009.09.01;-

GData;19;2009.09.01;-

Ikarus;T3.1.1.68.0;2009.09.01;-

Jiangmin;11.0.800;2009.08.31;-

K7AntiVirus;7.10.832;2009.08.31;-

Kaspersky;7.0.0.125;2009.09.01;-

McAfee;5726;2009.08.31;-

McAfee+Artemis;5726;2009.08.31;-

McAfee-GW-Edition;6.8.5;2009.09.01;-

Microsoft;1.5005;2009.08.31;-

NOD32;4385;2009.08.31;-

Norman;;2009.08.31;-

nProtect;2009.1.8.0;2009.08.31;-

Panda;10.0.2.2;2009.08.31;-

PCTools;4.4.2.0;2009.08.31;-

Prevx;3.0;2009.09.01;-

Rising;21.45.10.00;2009.09.01;-

Sophos;4.45.0;2009.09.01;-

Sunbelt;3.2.1858.2;2009.08.31;-

Symantec;1.4.4.12;2009.09.01;-

TheHacker;6.3.4.3.393;2009.08.31;-

TrendMicro;8.950.0.1094;2009.09.01;-

VBA32;3.12.10.10;2009.09.01;-

ViRobot;2009.8.31.1909;2009.08.31;-

VirusBuster;4.6.5.0;2009.08.31;-

Informações adicionais

File size: 664 bytes

MD5   : 6fc1dea5b2fa937393099de368e4d988

SHA1  : 6deeb6dd5ea9b5254f9aa57a41940a6bf67f26dd

SHA256: 3d568da88d14d1ea1272b862248fcafb8acfb1f55d0ca56410357280adad610e

TrID  : File type identification<br>Targa bitmap (Original TGA Format) (63.6%)<br>MS Flight Simulator Aircraft Performance Info (36.3%)

ssdeep: 3:dnIlu+6XTyl/l1lllm1molllCltBlljlll/Dll:m8C/4g4llCl

PEiD  : -

RDS   : NSRL Reference Data Set<br>-

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Faça download do Kaspersky Removal Tool. Salve em seu desktop (área de trabalho).

  • Instale o programa normalmente, seguindo todas as instruções.
  • Uma pasta chamada Virus Removal Tool será criada no desktop.
  • Na tela principal do programa clique na opção Meu computador, Startup objects, Disk boot sectors e depois clique no botão Scan.
  • Seja paciente, o scan pode demorar
  • Se ele encontrar alguma infecção abrirá uma janela de alerta clique em skip.
  • Após completar tudo, clique no botão Reports... e clique em Save to file.
  • Dê um nome para o arquivo e salve numa pasta de sua preferência.
  • Feche o resultado clicando no X da janela.
  • Logo em seguida feche o programa também clicando no X da janela. Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em No. Poste o conteúdo desse arquivo em sua próxima resposta e aguarde.

Link para o comentário
Compartilhar em outros sites

Scan

----

Scanned: 348009

Detected: 0

Untreated: 0

Start time: 2/9/2009 17:46:41

Duration: 01:55:54

Finish time: 2/9/2009 19:42:35

Detected

--------

Status Object

------ ------

Events

------

Time Name Status Reason

---- ---- ------ ------

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

Backup

------

Status Object Size

------ ------ ----

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Seu computador não apresenta mais infecções, qual o estado dele atualmente?

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Seu computador não apresenta mais infecções, qual o estado dele atualmente?

Link para o comentário
Compartilhar em outros sites

Meu PC está melhor desde que o arquivo beep.sys infectado foi deletado pelo ComboFix.

Eu estava usando 3 antivírus simultaneamente (cada um acusando vírus diferentes dos demais). Já apaguei dois deles e, como eu disse, de um modo geral o computador aparenta estar em perfeito estado. Meu maior medo era o fato da minha afobação em usar uma série de recursos por conta própria ter danificado meu sistema.

No mais agradeço a ajuda!

Link para o comentário
Compartilhar em outros sites

Ainda fiquei com as seguintes dúvidas:

1) Devo ficar apenas com um programa antivírus rodando?

2) Devo apagar o ComboFix ou não?

3) Quanto ao Kaspersky Virus Removal Tool, ele sempre abre automaticamente quando o PC é reiniciado. Ao fechá-lo clicando no "x", ele repete sempre a mesma pergunta sobre desinstalá-lo ou não. Já posso apagar esse software agora?

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Parabéns, seu log está limpo.

De agora em diante fique ALERTA!

Para finalizar faça o seguinte:

Vá em Iniciar > Executar e digite combofix /u. Isso desinstalará o ComboFix de sua máquina.

Faça download do OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
    [
  • Duplo-clique no icone do OTCleanIt.
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

A escolha de manter o Kaspersky Removal Tool é sua.

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Sugiro também que consulte este artigo: Proteja seu PC

Mais algum problema com o computador?

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Ele exclui os programas usados durante o processo de limpeza.

Mais algum problema com o computador ou podemos dar por resolvido?

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Link para o comentário
Compartilhar em outros sites

Visitante
Este tópico está impedido de receber novos posts.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Curso de Hacker Ético

LANÇAMENTO!

CLIQUE AQUI E CONFIRA!

* Este curso não é ministrado pela equipe do Clube do Hardware.