Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

REDENTOR

[Resolvido!]virus/malware no pen drive

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

PedroN    1

PedroN
Postado
Muito obrigada!! :thumbsup:

 

Só uma perguntinha: porque não consigo rodar o combofix em d: ?

 

Tente roda-lo em modo segurança :thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

REDENTOR    0

REDENTOR
Postado

Sr. Perfect,

 

Consegui rodar o Combofix no modo de segurança. Queria postar ele aqui pois ele deletou alguns arquivos e colocou em quarentena outros :unsure: , só que acho que ele apagou alguns arquivos de sistema, e quase tudo que eu clico (ou mesmo s/ clicar) aparece a msg: "Unknow hard error" para vários aplicativos, para Windows etc :blink:

De uns dias pra cá não consigo atualizar o antivirus, sempre dá uma msg de erro ao conectar ao servidor. Porém tenho o mesmo na outra partição e atualizo diariamente.

OBS: não tenho habilitada restauração do sistema, porém tenho backup, caso seja necessário reverter algo.

 

Obrigada.

 

 

 

ComboFix 08-08-17.03 - CRIS 2008-08-17 21:54:52.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2288 [GMT -3:00]

Executando de: D:\Documents and Settings\CRIS\Desktop\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

D:\Documents and Settings\CRIS\UserData

D:\Documents and Settings\CRIS\UserData\index.dat

D:\Documents and Settings\CRIS\UserData\KH6RSDQV\YL[1].xml

D:\Documents and Settings\CRIS\UserData\SHQROTI7\oWindowsUpdate[1].xml

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))))

.

 

2008-08-17 21:57 . 0 D:\WINDOWS\system32\drivers\mchInjDrv.sys

2008-08-17 21:25 . 2008-08-17 21:49 4,681,416,704 --a------ D:\ATONEMENT.ISO

2008-08-14 03:00 . 2008-08-14 03:02 1,374 --a------ D:\WINDOWS\imsins.BAK

2008-08-05 01:16 . 2008-08-17 21:50 81,984 --a------ D:\WINDOWS\system32\bdod.bin

2008-08-05 01:14 . 2008-08-14 03:08 121 --a------ D:\WINDOWS\bdagent.INI

2008-08-05 01:08 . 2008-08-05 01:08 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\Acronis

2008-08-05 01:08 . 2008-08-05 01:08 <DIR> d-------- D:\Arquivos de programas\Acronis

2008-08-05 00:48 . 2008-08-05 00:48 <DIR> d-------- D:\Documents and Settings\CRIS\Dados de aplicativos\BitDefender

2008-08-05 00:48 . 2008-08-05 00:48 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\BitDefender

2008-08-05 00:48 . 2008-08-05 00:48 <DIR> d-------- D:\Arquivos de programas\BitDefender

2008-08-05 00:47 . 2008-08-05 00:48 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\BitDefender

2008-08-03 22:15 . 2008-08-03 22:15 <DIR> d-------- D:\Documents and Settings\CRIS\Dados de aplicativos\Malwarebytes

2008-08-03 22:15 . 2008-08-03 22:15 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-08-03 22:15 . 2008-08-03 22:15 <DIR> d-------- D:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-08-03 22:15 . 2008-07-30 20:07 38,472 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-03 22:15 . 2008-07-30 20:07 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys

2008-07-19 23:44 . 2008-07-19 23:44 <DIR> d-------- D:\Arquivos de programas\PowerQuest

2008-07-19 17:42 . 2008-07-19 17:42 <DIR> d-------- D:\hijack

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-17 20:01 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-08-05 04:08 441,760 ----a-w D:\WINDOWS\system32\drivers\timntr.sys

2008-08-05 04:08 44,384 ----a-w D:\WINDOWS\system32\drivers\tifsfilt.sys

2008-08-05 04:08 368,544 ----a-w D:\WINDOWS\system32\drivers\tdrpman.sys

2008-08-05 04:08 129,248 ----a-w D:\WINDOWS\system32\drivers\snapman.sys

2008-08-05 04:02 86,792 ----a-w D:\WINDOWS\system32\drivers\bdfndisf.sys

2008-08-05 03:46 --------- d-----w D:\Arquivos de programas\F-Secure

2008-08-05 03:32 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\F-Secure

2008-08-05 03:31 --------- d-----w D:\Arquivos de programas\IObit

2008-07-20 03:23 --------- d-----w D:\Arquivos de programas\DreMule

2008-07-19 20:42 --------- d-----w D:\Arquivos de programas\Trend Micro

2008-07-08 21:01 --------- d-----w D:\Arquivos de programas\Marcos Velasco Security

2008-07-08 20:50 --------- d-----w D:\Arquivos de programas\a-squared Free

2008-07-08 04:17 --------- d-----w D:\Arquivos de programas\Opera

2008-07-08 03:33 --------- d-----w D:\Documents and Settings\CRIS\Dados de aplicativos\ZoomBrowser EX

2008-07-08 03:21 --------- d-----w D:\Documents and Settings\NetworkService\Dados de aplicativos\iolo

2008-07-07 07:37 --------- d-----w D:\Documents and Settings\CRIS\Dados de aplicativos\iolo

2008-07-07 05:52 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\iolo

2008-07-07 05:50 --------- d-----w D:\Arquivos de programas\iolo

2008-07-06 19:51 --------- d-----w D:\Arquivos de programas\Canon

2008-07-06 19:50 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\ZoomBrowser

2008-07-06 19:47 --------- d-----w D:\Arquivos de programas\Arquivos comuns\Canon

2008-07-06 05:06 --------- d-----w D:\Arquivos de programas\7-Zip

2008-06-26 03:43 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-06-26 03:43 --------- d-----w D:\Arquivos de programas\GbPlugin

2008-06-25 03:54 --------- d-----w D:\Arquivos de programas\Unlocker

2008-06-25 03:31 --------- d-----w D:\Documents and Settings\CRIS\Dados de aplicativos\IObit

2008-06-25 03:23 --------- d-----w D:\Documents and Settings\NetworkService\Dados de aplicativos\Acronis

2008-06-25 03:20 --------- d-----w D:\Arquivos de programas\MSXML 4.0

2008-06-25 03:19 --------- d-----w D:\Arquivos de programas\Picasa2

2008-06-25 03:18 --------- d-----w D:\Arquivos de programas\Google

2008-06-25 02:56 --------- d-----w D:\Arquivos de programas\VS Revo Group

2008-06-24 07:05 --------- d-----w D:\Documents and Settings\CRIS\Dados de aplicativos\Roxio

2008-06-24 06:57 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Roxio

2008-06-24 06:55 --------- d-----w D:\Arquivos de programas\Roxio

2008-06-24 06:53 --------- d-----w D:\Arquivos de programas\Arquivos comuns\Sonic Shared

2008-06-24 06:51 --------- d-----w D:\Arquivos de programas\Arquivos comuns\SureThing Shared

2008-06-24 06:50 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\Sonic

2008-06-24 06:50 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2008-06-24 06:50 --------- d-----w D:\Arquivos de programas\Arquivos comuns\Roxio Shared

2008-06-24 06:49 --------- d-----w D:\Arquivos de programas\Arquivos comuns\InstallShield

2008-06-24 06:14 --------- d-----w D:\Arquivos de programas\Edicao Eletronica de Freud 2.0

2008-06-24 04:18 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\fssg

2008-06-23 00:55 --------- d-----w D:\Documents and Settings\CRIS\Dados de aplicativos\OLYMPUS

2008-06-22 23:48 --------- d--h--w D:\Arquivos de programas\InstallShield Installation Information

2008-06-22 23:48 --------- d-----w D:\Arquivos de programas\PIXELA

2008-06-22 23:47 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\QuickTime

2008-06-22 23:47 --------- d-----w D:\Arquivos de programas\QuickTime

2008-06-22 23:39 --------- d-----w D:\Arquivos de programas\Arquivos comuns\McAfee

2008-06-22 23:32 --------- d-----w D:\Arquivos de programas\WinAVIVideoConverter

2008-06-22 22:15 --------- d-----w D:\Documents and Settings\CRIS\Dados de aplicativos\F-Secure

2008-06-22 21:53 --------- d-----w D:\Documents and Settings\CRIS\Dados de aplicativos\Media Player Classic

2008-06-20 15:15 --------- d-----w D:\Arquivos de programas\Arquivos comuns\Adobe

2008-06-20 11:51 361,600 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w D:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w D:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 03:05 --------- d-----w D:\Arquivos de programas\Modem Diagnostic Tool

2008-06-18 04:58 --------- d-----w D:\Arquivos de programas\SiteAdvisor

2008-06-18 03:46 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\SlySoft

2008-06-18 03:40 --------- d-----w D:\Arquivos de programas\SlySoft

2008-06-16 01:08 2,560 ----a-w D:\WINDOWS\_MSRSTRT.EXE

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-13 23:20 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="D:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 15:22 405504]

"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2008-03-17 08:05 135168]

"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2008-03-17 08:05 159744]

"Persistence"="D:\WINDOWS\system32\igfxpers.exe" [2008-03-17 08:05 131072]

"DELL Webcam Manager"="D:\Arquivos de programas\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 16:43 118784]

"Apoint"="D:\Arquivos de programas\DellTPad\Apoint.exe" [2007-10-25 18:31 167936]

"ISUSPM Startup"="D:\ARQUIV~1\ARQUIV~1\INSTAL~1\UpdateService\ISUSPM.exe" [2006-10-03 11:35 221184]

"ISUSScheduler"="D:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]

"RoxWatchTray"="D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]

"BitDefender Antiphishing Helper"="D:\Arquivos de programas\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]

"BDAgent"="D:\Arquivos de programas\BitDefender\BitDefender 2008\bdagent.exe" [2008-08-05 01:01 368640]

"TrueImageMonitor.exe"="D:\Arquivos de programas\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 20:06 2595616]

"AcronisTimounterMonitor"="D:\Arquivos de programas\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 20:11 909208]

"Acronis Scheduler2 Service"="D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedhlp.exe" [2007-10-30 20:07 140568]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 23:20 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "D:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2008-06-11 14:47 366672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2008-06-11 14:47 366672 D:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

"VIDC.MJPG"= pvmjpg21.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare 3

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

R0 tdrpman;Acronis Try&Decide and Restore Points filter;D:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-08-05 01:08]

R1 DLARTL_M;DLARTL_M;D:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]

R2 ioloFileInfoList;iolo FileInfoList Service;D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]

R2 ioloSystemService;iolo System Service;D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]

R2 TryAndDecideService;Acronis Try And Decide Service;D:\Arquivos de programas\Arquivos comuns\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 20:51]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;D:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-08-05 01:02]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;D:\WINDOWS\system32\drivers\IntcHdmi.sys [2007-05-04 16:00]

R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;D:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-06-07 17:00]

R3 OEM02Dev;Creative Camera OEM002 Driver;D:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;D:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 10:45]

S3 MBAMSwissArmy;MBAMSwissArmy;D:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-07-30 20:07]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

.

Conte£do da pasta 'Tarefas Agendadas'

 

2008-06-16 D:\WINDOWS\Tasks\McDefragTask.job

- D:\WINDOWS\system32\defrag.exe [2008-04-13 23:20]

 

2008-06-16 D:\WINDOWS\Tasks\McQcTask.job

- d:\arquivos de programas\mcafee\mqc\QcConsol.exe []

.

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O8 -: E&xportar para o Microsoft Excel - D:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O18 -: Handler: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\WRS.dll

 

O16 -: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-17 21:57:15

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GbpSv]

"ImagePath"="D:\ARQUIV~1\GbPlugin\GbpSv.exe"

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

 

PROCESSOS: D:\WINDOWS\system32\winlogon.exe

-> D:\WINDOWS\system32\ntdll.dll

-> D:\Arquivos de programas\iolo\common\lib\ioloHL.dll

 

PROCESSOS: D:\WINDOWS\system32\lsass.exe

-> D:\WINDOWS\system32\ntdll.dll

-> D:\Arquivos de programas\iolo\common\lib\ioloHL.dll

 

PROCESSOS: D:\WINDOWS\explorer.exe

-> D:\WINDOWS\system32\ntdll.dll

-> D:\Arquivos de programas\iolo\common\lib\ioloHL.dll

 

PROCESSOS: D:\WINDOWS\system32\csrss.exe

-> D:\WINDOWS\system32\ntdll.dll

-> D:\Arquivos de programas\iolo\common\lib\ioloHL.dll

.

Tempo para conclusÆo: 2008-08-17 22:01:58 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-18 00:59:33

 

Pre-Run: 7 pasta(s) 21,096,681,472 bytes disponíveis

Post-Run: 12 pasta(s) 21,024,096,256 bytes dispon¡veis

 

195 --- E O F --- 2008-08-14 06:03:03

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Poste um novo log do hijackthis.

Compartilhar este post

Link para o post
Compartilhar em outros sites

REDENTOR    0

REDENTOR
Postado

Sr. Perfect,

segue o log do hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:14:55, on 18/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\ARQUIV~1\GbPlugin\GbpSv.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedul2.exe

D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

D:\Arquivos de programas\iolo\System Mechanic Professional\IoloSGCtrl.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

D:\Arquivos de programas\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Arquivos comuns\Acronis\Fomatik\TrueImageTryStartService.exe

D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

D:\Arquivos de programas\Canon\CAL\CALMAIN.exe

D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe

D:\Arquivos de programas\BitDefender\BitDefender 2008\vsserv.exe

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\alg.exe

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Arquivos de programas\Dell\Dell Webcam Manager\DellWMgr.exe

D:\Arquivos de programas\DellTPad\Apoint.exe

D:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

D:\Arquivos de programas\BitDefender\BitDefender 2008\bdagent.exe

D:\Arquivos de programas\Acronis\TrueImageHome\TrueImageMonitor.exe

D:\Arquivos de programas\Acronis\TrueImageHome\TimounterMonitor.exe

D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedhlp.exe

D:\Arquivos de programas\iolo\System Mechanic Professional\SystemGuardAlerter.exe

D:\Arquivos de programas\DellTPad\ApMsgFwd.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\DellTPad\Apntex.exe

D:\Arquivos de programas\DellTPad\HidFind.exe

D:\WINDOWS\system32\wbem\wmiprvse.exe

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll

O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DELL Webcam Manager] D:\Arquivos de programas\Dell\Dell Webcam Manager\DellWMgr.exe /s

O4 - HKLM\..\Run: [Apoint] D:\Arquivos de programas\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [iSUSPM Startup] D:\ARQUIV~1\ARQUIV~1\INSTAL~1\UpdateService\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "D:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "D:\Arquivos de programas\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "D:\Arquivos de programas\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Arquivos de programas\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Arquivos de programas\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [systemGuardAlerter] D:\Arquivos de programas\iolo\System Mechanic Professional\SystemGuardAlerter.exe

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll

O20 - Winlogon Notify: GbPluginCef - D:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: a-squared Free Service (a2free) - - (no file)

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedul2.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - D:\Arquivos de programas\iolo\System Mechanic Professional\IoloSGCtrl.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - D:\Arquivos de programas\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - D:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - D:\Arquivos de programas\Arquivos comuns\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\Arquivos de programas\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 9264 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Seu log estar limpo, caso quera realizar o backup, fica ao seu critério.

 

:)

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado
Então o Combofix eliminou todas as infecções e não sobrou sequelas, é isso?

 

Seu log ja estava limpo ;)

pedi para rodar o combofix, porque com ele temos uma melhor análise dos registro e chaves do seu PC.

 

:)

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito