cedraz 0 Denunciar post Postado Fevereiro 2, 2008 Venho pedir ajuda pois se for possivel olhem estes relatorios, estou com problemas eu tinha o BANKERFIX e o COMBOFIX. e a ultima vez que fui rodar eles o SPYWARE DOCTOR acusou entrada de trojan se me lembro bem no BANKERFIX era um com final BANCOS, e o COMBOFIX era algo com PWS e meu SPYWARE DOCTOR não localiza mais nada. E agora estou vendo C:/WINDOWS/SYSTEM32/CTFMON.EXE por favor o que está acontecendo com minha maquina? e depois que voces me ajudarem a limpar o que devo fazer pra mante-la segura? OBS: RODEI O HIJACKTHIS COM o MSCONFIG TUDO ATIVADO, BANKERFIX e o COMBOFIX e ocultar arquivos protegidos do sistema desmarcado já remarquei, e mostrar pastas e arquivos ocultos, já ocultei depois de rodar o HIJACKTHIS, BANKERFIX e o COMBOFIX. Logfile of HijackThis v1.99.1 Scan saved at 09:35, on 2008-01-30 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\DAP\DAP.EXE C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe C:\WINDOWS\system32\sistray.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\Arquivos de programas\Spyware Doctor\svcntaux.exe C:\Arquivos de programas\Spyware Doctor\swdsvc.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Hijack\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sDTray] "C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe O4 - HKCU\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKCU\..\Run: [RemoteControl] C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe O4 - HKCU\..\Run: [LphantAutoRun] C:\Arquivos de programas\BitLord2\BitLord.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe O23 - Service: StopGB (Service1) - Unknown owner - C:\WINDOWS\system32\testsvc.exe (file missing) ComboFix 08-02.01.6 - Paulo Cedraz 2008-02-02 10:45:41.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.184 [GMT -3:00] Executando de: C:\Matadores\ComboFix.exe * Criado um novo ponto de restauro WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((( Ficheiros criados de 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))) . 2008-02-01 13:38 . 2008-02-01 13:41 30,479 --a------ C:\WINDOWS\bom 2008-02-01 13:37 . 2008-02-01 13:37 22,528 --a------ C:\WINDOWS\system32\Partizan.exe 2008-01-31 18:12 . 2008-02-01 16:26 <DIR> d---s---- C:\Matadores 2008-01-31 11:06 . 2008-01-31 11:06 <DIR> d-------- C:\Documents and Settings\Paulo Cedraz\Dados de aplicativos\PC Tools 2008-01-31 11:06 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-01-31 11:06 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-01-31 11:06 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-01-31 11:06 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-01-31 10:23 . 2008-01-31 19:32 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor 2008-01-30 20:37 . 2008-01-30 20:37 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-01-29 17:53 . 2008-01-29 18:26 <DIR> d-------- C:\Arquivos de programas\Valve 2008-01-28 13:15 . 2002-02-10 02:00 33,792 --a------ C:\WINDOWS\is-G49FT.exe 2008-01-28 13:15 . 2008-01-28 13:15 319 --a------ C:\WINDOWS\is-G49FT.lst 2008-01-27 19:06 . 2008-01-27 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-01-26 17:55 . 2004-08-04 00:45 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll 2008-01-26 17:51 . 2008-01-26 17:51 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-01-26 17:49 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp 2008-01-26 08:01 . 2006-05-18 16:20 319,488 --a------ C:\WINDOWS\Nero PhotoShow.scr 2008-01-25 22:07 . 2008-01-25 22:07 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead 2008-01-25 22:07 . 2008-01-26 23:28 <DIR> d-------- C:\Arquivos de programas\Ahead 2008-01-25 22:07 . 2005-12-09 15:02 3,051,520 --------- C:\WINDOWS\UNNMP.exe 2008-01-25 22:07 . 2006-01-24 12:10 45,531 --------- C:\WINDOWS\UNNMP.cfg 2008-01-25 20:07 . 2008-01-25 20:10 <DIR> d-------- C:\Documents and Settings\Administrador\Modelos 2008-01-25 20:07 . 2008-01-25 20:10 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos 2008-01-25 20:07 . 2008-02-01 17:30 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais 2008-01-25 08:09 . 2008-01-25 08:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-25 08:09 . 2008-01-25 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab 2008-01-25 07:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-01-25 07:49 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-24 20:24 . 2008-01-24 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage 2008-01-24 18:59 . 2008-01-24 18:59 <DIR> d-------- C:\Arquivos de programas\Real Alternative 2008-01-24 18:59 . 2008-01-31 21:50 116 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-23 20:43 . 2008-01-23 20:43 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-01-23 13:23 . 2008-01-23 13:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero 2008-01-23 13:16 . 2008-01-23 13:16 <DIR> d-------- C:\Arquivos de programas\AskTBar 2008-01-23 11:36 . 2008-01-23 11:36 0 --a------ C:\WINDOWS\Irremote.ini 2008-01-23 09:18 . 2008-01-23 09:18 <DIR> d-------- C:\Documents and Settings\Paulo Cedraz\Dados de aplicativos\Simple Star 2008-01-23 09:17 . 2008-01-23 09:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Simple Star Shared 2008-01-23 09:17 . 2007-02-06 16:37 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll 2008-01-23 09:09 . 2008-01-23 09:09 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Simple Star Shared 2008-01-23 08:32 . 2008-01-23 13:23 <DIR> d-------- C:\Arquivos de programas\Nero 2008-01-23 08:32 . 2008-01-23 15:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero 2008-01-22 11:50 . 2008-01-22 11:50 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared 2008-01-22 11:49 . 2008-01-22 11:50 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real 2008-01-22 08:37 . 2008-01-30 19:40 <DIR> d-------- C:\Documents and Settings\Paulo Cedraz\Dados de aplicativos\Nero 2008-01-21 18:36 . 2008-01-29 10:34 <DIR> d---s---- C:\VideoLan VLC 2008-01-21 18:24 . 2008-01-21 18:25 <DIR> d-------- C:\Arquivos de programas\BitLord2 2008-01-21 17:54 . 2008-01-21 17:54 <DIR> d-------- C:\Arquivos de programas\MicroPower Software 2008-01-21 17:54 . 1998-04-24 00:00 1,045,776 --------- C:\WINDOWS\system32\msjet35.dll 2008-01-21 17:54 . 1998-04-24 00:00 252,176 --------- C:\WINDOWS\system32\msrd2x35.dll 2008-01-21 17:54 . 1997-11-11 00:00 140,560 --------- C:\WINDOWS\system32\msjint35.dll 2008-01-21 17:54 . 1997-11-11 00:00 24,848 --------- C:\WINDOWS\system32\msjter35.dll 2008-01-21 17:45 . 1997-05-29 16:29 315,904 --a------ C:\WINDOWS\IsUn0416.exe 2008-01-14 20:22 . 2008-01-14 20:23 <DIR> d-------- C:\Arquivos de programas\CCleaner 2008-01-14 19:05 . 2008-01-14 19:05 <DIR> d-------- C:\Arquivos de programas\ZoneAlarmSB 2008-01-14 19:04 . 2008-01-14 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\MailFrontier 2008-01-14 19:04 . 2008-01-14 19:06 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-01-14 19:03 . 2008-01-14 19:26 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2008-01-14 19:02 . 2008-01-14 19:26 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-01-14 13:28 . 2007-12-04 10:04 837,496 --a--c--- C:\WINDOWS\system32\aswBoot.exe 2008-01-14 13:28 . 2003-03-18 16:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2008-01-14 13:28 . 2004-01-09 06:13 380,928 --a--c--- C:\WINDOWS\system32\actskin4.ocx 2008-01-14 13:28 . 2003-02-21 00:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2008-01-14 13:28 . 2007-12-04 09:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-14 13:28 . 2007-12-04 11:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-14 13:28 . 2007-12-04 11:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-14 13:28 . 2007-12-04 11:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-14 13:28 . 2007-12-04 11:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-14 13:28 . 2007-12-04 11:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-14 13:19 . 2008-01-14 13:22 <DIR> d-------- C:\Arquivos de programas\DAP 2008-01-14 13:19 . 2008-01-14 13:19 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx 2008-01-14 13:19 . 2008-01-14 13:19 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx 2008-01-14 13:19 . 2008-01-14 13:19 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll 2008-01-11 12:16 . 2008-01-12 17:30 <DIR> d-------- C:\Documents and Settings\Paulo Cedraz\Dados de aplicativos\Lavasoft 2008-01-10 15:24 . 2008-01-10 15:24 <DIR> d-------- C:\Arquivos de programas\SopCast 2008-01-02 21:21 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2008-01-02 21:21 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2008-01-02 21:21 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2008-01-02 21:21 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2008-01-02 21:21 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2008-01-02 21:21 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2008-01-02 21:21 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2008-01-02 21:21 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2008-01-02 20:19 . 2008-01-09 17:51 160 --a------ C:\WINDOWS\mafosav.INI 2008-01-02 20:15 . 2008-01-29 10:38 <DIR> d---s---- C:\Buziol Games . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-02 13:43 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP 2008-01-31 19:57 --------- d-----w C:\Arquivos de programas\Google 2008-01-28 20:58 --------- d-----w C:\Documents and Settings\Paulo Cedraz\Dados de aplicativos\Ahead 2008-01-25 01:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help 2008-01-14 16:33 --------- d-----w C:\Arquivos de programas\Alwil Software 2008-01-12 20:32 --------- d-----w C:\Arquivos de programas\IVT Corporation 2008-01-12 20:32 --------- d-----w C:\Arquivos de programas\DivX 2008-01-12 20:30 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe 2008-01-11 16:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2007-12-19 11:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion 2007-12-19 11:46 --------- d-----w C:\Arquivos de programas\Yahoo! 2007-12-19 11:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft 2007-12-14 22:32 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2007-12-07 02:20 --------- d-----w C:\Documents and Settings\Paulo Cedraz\Dados de aplicativos\Netscape 2007-12-05 21:46 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound 2007-12-05 21:42 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NCH Software 2007-12-05 20:45 --------- d-----w C:\Arquivos de programas\NCH Swift Sound 2007-12-05 20:45 --------- d-----w C:\Arquivos de programas\NCH Software 2007-12-04 20:40 --------- d-----w C:\Arquivos de programas\GbPlugin 2007-11-15 21:42 45,056 -c--a-w C:\WINDOWS\NCUNINST.EXE 2007-11-07 09:28 724,480 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-09-04 17:01 25,811,528 -c--a-w C:\Arquivos de programas\Windows Media Player 11.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-14 19:06 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] "Nero PhotoShow Media Manager"="C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 16:52 249856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224] "SDTray"="C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360] C:\Documents and Settings\Paulo Cedraz\Menu Iniciar\Programas\Inicializar\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 19:05:02 630784] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehCef.dll [2007-08-09 14:39 207944] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Utility Tray.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup R2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe [2007-08-09 14:43] S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2007-10-09 12:52] S3 Revolution1;Revolution1;C:\Documents and Settings\Paulo Cedraz\Meus documentos\anime\REVOLUTION 8.3\SHAK3.sys [] S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-10-09 17:04] S3 XDva031;XDva031;C:\WINDOWS\system32\XDva031.sys [] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-02 10:48:16 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll . Tempo para conclusão: 2008-02-02 10:49:20 . 2008-01-26 21:07:29 --- E O F --- BankerFix 2.5b - Removedor de Bankers Linha Defensiva - http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ Data: 2008-02-02 - 11:5 ------------------------------------------------------- Lista de Definição: 2008-01-16-1 ======================================================= Killando arquivos em Help ----------------------------------- Removendo Arquivos em Help ----------------------------------- ----- Fim ------------------------- Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Fevereiro 3, 2008 Opa cedraz, Submeta o arquivo abaixo ao site da Jotti: C:\WINDOWS\system32\testsvc.exe Retorne com o resultado. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Junho 13, 2008 Tópico Arquivado Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites