Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

cedraz

[Arquivado]

Recommended Posts

Venho pedir ajuda pois se for possivel olhem estes relatorios, estou com problemas eu tinha o BANKERFIX e o COMBOFIX.

e a ultima vez que fui rodar eles o SPYWARE DOCTOR acusou entrada de trojan se me lembro bem no BANKERFIX era um com final BANCOS, e o COMBOFIX era algo com PWS e meu SPYWARE DOCTOR não localiza mais nada.

E agora estou vendo C:/WINDOWS/SYSTEM32/CTFMON.EXE por favor o que está acontecendo com minha maquina?

e depois que voces me ajudarem a limpar o que devo fazer pra mante-la segura?

 

OBS: RODEI O HIJACKTHIS COM o MSCONFIG TUDO ATIVADO, BANKERFIX e o COMBOFIX e ocultar arquivos protegidos do sistema desmarcado já remarquei, e mostrar pastas e arquivos ocultos, já ocultei depois de rodar o HIJACKTHIS, BANKERFIX e o COMBOFIX.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 09:35, on 2008-01-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Hijack\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sDTray] "C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

O4 - HKCU\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKCU\..\Run: [RemoteControl] C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKCU\..\Run: [LphantAutoRun] C:\Arquivos de programas\BitLord2\BitLord.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

O23 - Service: StopGB (Service1) - Unknown owner - C:\WINDOWS\system32\testsvc.exe (file missing)

 

 

 

 

 

 

 

 

ComboFix 08-02.01.6 - Paulo Cedraz 2008-02-02 10:45:41.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.184 [GMT -3:00]

Executando de: C:\Matadores\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))))

.

 

2008-02-01 13:38 . 2008-02-01 13:41 30,479 --a------ C:\WINDOWS\bom

2008-02-01 13:37 . 2008-02-01 13:37 22,528 --a------ C:\WINDOWS\system32\Partizan.exe

2008-01-31 18:12 . 2008-02-01 16:26 <DIR> d---s---- C:\Matadores

2008-01-31 11:06 . 2008-01-31 11:06 <DIR> d-------- C:\Documents and Settings\Paulo Cedraz\Dados de aplicativos\PC Tools

2008-01-31 11:06 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-01-31 11:06 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-01-31 11:06 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-01-31 11:06 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-01-31 10:23 . 2008-01-31 19:32 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-01-30 20:37 . 2008-01-30 20:37 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-01-29 17:53 . 2008-01-29 18:26 <DIR> d-------- C:\Arquivos de programas\Valve

2008-01-28 13:15 . 2002-02-10 02:00 33,792 --a------ C:\WINDOWS\is-G49FT.exe

2008-01-28 13:15 . 2008-01-28 13:15 319 --a------ C:\WINDOWS\is-G49FT.lst

2008-01-27 19:06 . 2008-01-27 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-01-26 17:55 . 2004-08-04 00:45 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll

2008-01-26 17:51 . 2008-01-26 17:51 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-01-26 17:49 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp

2008-01-26 08:01 . 2006-05-18 16:20 319,488 --a------ C:\WINDOWS\Nero PhotoShow.scr

2008-01-25 22:07 . 2008-01-25 22:07 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-01-25 22:07 . 2008-01-26 23:28 <DIR> d-------- C:\Arquivos de programas\Ahead

2008-01-25 22:07 . 2005-12-09 15:02 3,051,520 --------- C:\WINDOWS\UNNMP.exe

2008-01-25 22:07 . 2006-01-24 12:10 45,531 --------- C:\WINDOWS\UNNMP.cfg

2008-01-25 20:07 . 2008-01-25 20:10 <DIR> d-------- C:\Documents and Settings\Administrador\Modelos

2008-01-25 20:07 . 2008-01-25 20:10 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-01-25 20:07 . 2008-02-01 17:30 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais

2008-01-25 08:09 . 2008-01-25 08:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-01-25 08:09 . 2008-01-25 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-01-25 07:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-01-25 07:49 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-01-24 20:24 . 2008-01-24 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2008-01-24 18:59 . 2008-01-24 18:59 <DIR> d-------- C:\Arquivos de programas\Real Alternative

2008-01-24 18:59 . 2008-01-31 21:50 116 --a------ C:\WINDOWS\NeroDigital.ini

2008-01-23 20:43 . 2008-01-23 20:43 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-01-23 13:23 . 2008-01-23 13:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-01-23 13:16 . 2008-01-23 13:16 <DIR> d-------- C:\Arquivos de programas\AskTBar

2008-01-23 11:36 . 2008-01-23 11:36 0 --a------ C:\WINDOWS\Irremote.ini

2008-01-23 09:18 . 2008-01-23 09:18 <DIR> d-------- C:\Documents and Settings\Paulo Cedraz\Dados de aplicativos\Simple Star

2008-01-23 09:17 . 2008-01-23 09:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Simple Star Shared

2008-01-23 09:17 . 2007-02-06 16:37 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll

2008-01-23 09:09 . 2008-01-23 09:09 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Simple Star Shared

2008-01-23 08:32 . 2008-01-23 13:23 <DIR> d-------- C:\Arquivos de programas\Nero

2008-01-23 08:32 . 2008-01-23 15:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-01-22 11:50 . 2008-01-22 11:50 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2008-01-22 11:49 . 2008-01-22 11:50 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2008-01-22 08:37 . 2008-01-30 19:40 <DIR> d-------- C:\Documents and Settings\Paulo Cedraz\Dados de aplicativos\Nero

2008-01-21 18:36 . 2008-01-29 10:34 <DIR> d---s---- C:\VideoLan VLC

2008-01-21 18:24 . 2008-01-21 18:25 <DIR> d-------- C:\Arquivos de programas\BitLord2

2008-01-21 17:54 . 2008-01-21 17:54 <DIR> d-------- C:\Arquivos de programas\MicroPower Software

2008-01-21 17:54 . 1998-04-24 00:00 1,045,776 --------- C:\WINDOWS\system32\msjet35.dll

2008-01-21 17:54 . 1998-04-24 00:00 252,176 --------- C:\WINDOWS\system32\msrd2x35.dll

2008-01-21 17:54 . 1997-11-11 00:00 140,560 --------- C:\WINDOWS\system32\msjint35.dll

2008-01-21 17:54 . 1997-11-11 00:00 24,848 --------- C:\WINDOWS\system32\msjter35.dll

2008-01-21 17:45 . 1997-05-29 16:29 315,904 --a------ C:\WINDOWS\IsUn0416.exe

2008-01-14 20:22 . 2008-01-14 20:23 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-01-14 19:05 . 2008-01-14 19:05 <DIR> d-------- C:\Arquivos de programas\ZoneAlarmSB

2008-01-14 19:04 . 2008-01-14 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\MailFrontier

2008-01-14 19:04 . 2008-01-14 19:06 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2008-01-14 19:03 . 2008-01-14 19:26 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs

2008-01-14 19:02 . 2008-01-14 19:26 <DIR> d-------- C:\WINDOWS\Internet Logs

2008-01-14 13:28 . 2007-12-04 10:04 837,496 --a--c--- C:\WINDOWS\system32\aswBoot.exe

2008-01-14 13:28 . 2003-03-18 16:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll

2008-01-14 13:28 . 2004-01-09 06:13 380,928 --a--c--- C:\WINDOWS\system32\actskin4.ocx

2008-01-14 13:28 . 2003-02-21 00:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll

2008-01-14 13:28 . 2007-12-04 09:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-01-14 13:28 . 2007-12-04 11:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-01-14 13:28 . 2007-12-04 11:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-01-14 13:28 . 2007-12-04 11:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-01-14 13:28 . 2007-12-04 11:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-01-14 13:28 . 2007-12-04 11:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-01-14 13:19 . 2008-01-14 13:22 <DIR> d-------- C:\Arquivos de programas\DAP

2008-01-14 13:19 . 2008-01-14 13:19 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx

2008-01-14 13:19 . 2008-01-14 13:19 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx

2008-01-14 13:19 . 2008-01-14 13:19 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

2008-01-11 12:16 . 2008-01-12 17:30 <DIR> d-------- C:\Documents and Settings\Paulo Cedraz\Dados de aplicativos\Lavasoft

2008-01-10 15:24 . 2008-01-10 15:24 <DIR> d-------- C:\Arquivos de programas\SopCast

2008-01-02 21:21 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-01-02 21:21 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-01-02 21:21 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-01-02 21:21 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-01-02 21:21 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-01-02 21:21 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-01-02 21:21 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-01-02 21:21 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2008-01-02 20:19 . 2008-01-09 17:51 160 --a------ C:\WINDOWS\mafosav.INI

2008-01-02 20:15 . 2008-01-29 10:38 <DIR> d---s---- C:\Buziol Games

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-02 13:43 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-01-31 19:57 --------- d-----w C:\Arquivos de programas\Google

2008-01-28 20:58 --------- d-----w C:\Documents and Settings\Paulo Cedraz\Dados de aplicativos\Ahead

2008-01-25 01:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-01-14 16:33 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-01-12 20:32 --------- d-----w C:\Arquivos de programas\IVT Corporation

2008-01-12 20:32 --------- d-----w C:\Arquivos de programas\DivX

2008-01-12 20:30 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-01-11 16:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2007-12-19 11:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2007-12-19 11:46 --------- d-----w C:\Arquivos de programas\Yahoo!

2007-12-19 11:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2007-12-14 22:32 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-07 02:20 --------- d-----w C:\Documents and Settings\Paulo Cedraz\Dados de aplicativos\Netscape

2007-12-05 21:46 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

2007-12-05 21:42 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NCH Software

2007-12-05 20:45 --------- d-----w C:\Arquivos de programas\NCH Swift Sound

2007-12-05 20:45 --------- d-----w C:\Arquivos de programas\NCH Software

2007-12-04 20:40 --------- d-----w C:\Arquivos de programas\GbPlugin

2007-11-15 21:42 45,056 -c--a-w C:\WINDOWS\NCUNINST.EXE

2007-11-07 09:28 724,480 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-09-04 17:01 25,811,528 -c--a-w C:\Arquivos de programas\Windows Media Player 11.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-14 19:06 262144]

 

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

"Nero PhotoShow Media Manager"="C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 16:52 249856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

"SDTray"="C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\Paulo Cedraz\Menu Iniciar\Programas\Inicializar\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 19:05:02 630784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehCef.dll [2007-08-09 14:39 207944]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="LogonUI.EXE"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Utility Tray.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk

backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

 

R2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe [2007-08-09 14:43]

S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2007-10-09 12:52]

S3 Revolution1;Revolution1;C:\Documents and Settings\Paulo Cedraz\Meus documentos\anime\REVOLUTION 8.3\SHAK3.sys []

S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-10-09 17:04]

S3 XDva031;XDva031;C:\WINDOWS\system32\XDva031.sys []

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-02 10:48:16

Windows 5.1.2600 Service Pack 2 NTFS

 

detected NTDLL code modification:

ZwClose

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll

.

Tempo para conclusão: 2008-02-02 10:49:20

.

2008-01-26 21:07:29 --- E O F ---

 

 

 

 

 

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 2008-02-02 - 11:5

-------------------------------------------------------

Lista de Definição: 2008-01-16-1

=======================================================

 

 

Killando arquivos em Help

-----------------------------------

 

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa cedraz,

 

Submeta o arquivo abaixo ao site da Jotti:

 

C:\WINDOWS\system32\testsvc.exe

 

Retorne com o resultado.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.