[Arquivado] Windows - no disk Exception Processing Message c0000013 Pa

[pteixeira 0]

Viva caros amigos um MICRO do meu trabalho apareceu c\ a seguinte mensagem de erro

 

 

O utilizador dize que só colocou a PENDISK no USB e passou a aprecer a seguinte mensagem.

 

Já tentamos correr o COMBOFIX, FORMATAR a PEN, ALTERAR a UNIDADE DO DISCO e nada.

 

Alguem pode dar uma ajuda.

 

Sei que este tem sido um tema muito badalado na WEB

 

http://www.google.com/search?q=Windows+-+n...mp;sourceid=ie7

 

Obrigado por toda a AJUDA.

[jgarcia 1]

Opa pteixeira,

 

Baixe a EliStarA = no final da página clique no botão Descargar EliStarA.

 

Sugiro que imprima ou salve os procedimentos abaixo, e não utilize a internet até terminado o procedimento.

 

Reinicie em Modo Seguro (pressione repetidamente a tecla F8 durante a inicialização, até que apareça o menu, onde você deverá selecionar Modo Seguro).

 

Execute o EliStarA.exe e aguarde, pois o scan é um pouco demorado.

 

Terminado o processo, reinicie e poste o log (ele estará em C:\infoSat.txt).

 

Abraços.

 

PS.: O pendrive deverá estar conectado ao PC.

[pteixeira 0]

Viva junto anexo o LOG, mas informo que oproblema se mantém.

 

Tue Jul 29 12:53:04 2008

EliStartPage v16.80 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminada Carpeta "%WinDir%\PeerNet"

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Detectado AUTORUN.INF en la Unidad (F)

open=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\cutephoto.exe

Por favor envienos el Ejecutable (copiado en C:\Muestras)

acompañado del AUTORUN.INF a "virus@satinfo.es". Gracias.

 

Tue Jul 29 12:53:40 2008

EliStartPage v16.80 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad F:\

 

Nº Total de Directorios: 689

Nº Total de Ficheros: 9136

Nº de Ficheros Analizados: 730

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Tue Jul 29 12:54:15 2008

EliStartPage v16.80 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 3243

Nº Total de Ficheros: 25789

Nº de Ficheros Analizados: 4268

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

Exploración Detenida por el Usuario.

 

Tue Jul 29 12:56:40 2008

EliStartPage v16.80 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Detectado AUTORUN.INF en la Unidad (F)

open=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\cutephoto.exe

Por favor envienos el Ejecutable (copiado en C:\Muestras)

acompañado del AUTORUN.INF a "virus@satinfo.es". Gracias.

Detectado AUTORUN.INF en la Unidad (G)

open=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\cutephoto.exe

Por favor envienos el Ejecutable (copiado en C:\Muestras)

acompañado del AUTORUN.INF a "virus@satinfo.es". Gracias.

 

Tue Jul 29 12:56:52 2008

EliStartPage v16.80 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad G:\

 

Nº Total de Directorios: 2

Nº Total de Ficheros: 19

Nº de Ficheros Analizados: 2

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Tue Jul 29 12:56:57 2008

EliStartPage v16.80 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad G:\

 

Nº Total de Directorios: 2

Nº Total de Ficheros: 19

Nº de Ficheros Analizados: 2

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Tue Jul 29 12:57:01 2008

EliStartPage v16.80 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad F:\

 

Nº Total de Directorios: 689

Nº Total de Ficheros: 9136

Nº de Ficheros Analizados: 730

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Tue Jul 29 12:57:19 2008

EliStartPage v16.80 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad Z:\

 

Nº Total de Directorios: 0

Nº Total de Ficheros: 0

Nº de Ficheros Analizados: 0

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Tue Jul 29 12:57:23 2008

EliStartPage v16.80 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad E:\

 

Nº Total de Directorios: 0

Nº Total de Ficheros: 0

Nº de Ficheros Analizados: 0

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Tue Jul 29 12:57:25 2008

EliStartPage v16.80 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

 

Nº Total de Directorios: 0

Nº Total de Ficheros: 0

Nº de Ficheros Analizados: 0

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Tue Jul 29 12:57:28 2008

EliStartPage v16.80 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad A:\

 

Nº Total de Directorios: 0

Nº Total de Ficheros: 0

Nº de Ficheros Analizados: 0

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Tue Jul 29 12:57:33 2008

EliStartPage v16.80 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 28 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\SYSTEM.DRAWING.DESIGN.RESOURCES.DLL --> Eliminado, MalWare.Celular

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\SYSTEM.DRAWING.DESIGN.RESOURCES.DLL --> Eliminado, MalWare.Celular

 

Nº Total de Directorios: 6393

Nº Total de Ficheros: 60142

Nº de Ficheros Analizados: 20446

Nº de Ficheros Infectados: 2

Nº de Ficheros Limpiados: 2

[jgarcia 1]

Opa pteixeira,

 

* Baixe o PenClean e salve-o em seu desktop;

* Execute o programa;

* Conecte o seu pendrive ao computador;

* Selecione a opção Verificar todas as unidades e clique sobre o botão Verificar;

<<Aguarde alguns instantes, o exame é bem rápido>>

* Se algo for encontrado será solicitada a reinicialização da máquina. Clique sobre Sim. O computador será reiniciado;

* Um relatório sobre a execução será gerado e salvo em C:\PenClean\PenClean.txt.

* Poste o conteúdo do relatório em sua próxima resposta.

 

Abraços.

[Daniel X 0]

Olá Jgarcia,

 

Executei os 2 programas que voce postou aqui, agora preciso fazer mais alguma coisa?

Parece que a mensagem de erro não aparece mais.

 

Valeu!

Daniel

[pteixeira 0]

Oupa JGARCIA

 

Corri o PENCLEAN e ele detetou MALWARE na PEN em autorun.inf e eliminou.

 

MAS.............. o problema continua desta vez a mensagem é a mesma mas penso que os MALWARES estarão nos controladores USB.

 

Porque que digo isto... ligado a este MICRO temos uma Impressora HP MS 2840 que reserva a UNIDADE F:

 

QUANDO AS UNIDADES ESTÃO LIGADAS SEPARADAMENTE ESTÁ TUDO BEM (ouseja se estiver só ligado a impressora ou só a pen).

 

QUANDO SE LIGA A PEN E A IMPRESSORA ESTIVER CONECTADA APARECE O DITO ERRO~

 

Já estou a dar em doido.

 

JGARCIA, vou postar aqui o LOG do HIJACK

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:15:52, on 29-07-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\mcafee.com\mps\mscifapp.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Programas\iTunes\iTunesHelper.exe

C:\WINDOWS\isys32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programas\Creative\MediaSource\Detector\CTDetect.exe

C:\Programas\Google\Google Talk\googletalk.exe

C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\hpzipm12.exe

C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\PROGRA~1\FICHEI~1\Nokia\MPAPI\MPAPI3s.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE

C:\Programas\iPod\bin\iPodService.exe

C:\Programas\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

C:\Documents and Settings\Admin\temp\TeamViewer3\TeamViewer.exe

C:\Programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acduarte.pt/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\programas\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\programas\mcafee.com\mps\popupkiller.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [internet Explorer Sys32] isys32.exe

O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL

O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programas\Hewlett-Packard\Toolbox\hpbpsttp.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Programas\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [googletalk] "C:\Programas\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [PcSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O12 - Plugin for .jsp: C:\Programas\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programas\Yahoo!\Common\yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{EC273DCE-43A8-4597-B32E-F06F204C4D4C}: NameServer = 195.23.129.126 194.79.69.222

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8557 bytes

 

Muito Agradecido

[jgarcia 1]

Opa pteixeira,

 

Poste um log do ComboFix.

 

Abraços.

[pteixeira 0]

ComboFix 08-07-29.1 - Admin 2008-07-30 0:00:56.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.2070.18.119 [GMT 1:00]

Executando de: C:\Documents and Settings\Admin\Ambiente de trabalho\ComboFix.exe

* Criado um novo ponto de restauro

* Resident AV is active

 

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\InfoSat.txt

F:\autorun.inf

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-28 to 2008-07-29 ))))))))))))))))))))))))))))))))

.

 

2008-07-29 23:52 . 2008-07-29 23:52 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes

2008-07-29 23:52 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-07-29 23:51 . 2008-07-29 23:52 <DIR> d-------- C:\Programas\Malwarebytes' Anti-Malware

2008-07-29 23:51 . 2008-07-29 23:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2008-07-29 23:51 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-07-29 23:14 . 2004-05-10 21:11 40,960 --a------ C:\WINDOWS\system32\d4channel.dll

2008-07-29 23:10 . 2008-07-29 23:12 <DIR> d-------- C:\Programas\Ficheiros comuns\HP

2008-07-29 23:06 . 2007-09-21 17:44 655 --a------ C:\WINDOWS\hpbvspst.hi1

2008-07-29 23:06 . 2007-09-21 17:45 314 --a------ C:\WINDOWS\hpbvspst.bu1

2008-07-29 23:04 . 2008-07-29 23:04 <DIR> d-------- C:\Temp

2008-07-29 23:03 . 2008-07-29 23:11 <DIR> d-------- C:\Programas\HP

2008-07-29 23:01 . 2008-07-29 23:17 54,174 --a------ C:\WINDOWS\hppins01.dat

2008-07-29 23:01 . 2005-04-08 17:52 2,392 --------- C:\WINDOWS\hppmdl01.dat

2008-07-29 22:55 . 2008-07-29 22:55 <DIR> d-------- C:\WINDOWS\peernet

2008-07-29 22:43 . 2008-07-29 22:43 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\TeamViewer

2008-07-29 22:27 . 2008-07-29 22:27 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-07-29 22:14 . 2008-07-29 22:15 <DIR> d-------- C:\Hijack

2008-07-29 21:49 . 2008-07-29 21:49 <DIR> d-------- C:\Documents and Settings\Admin\temp

2008-07-29 21:49 . 2008-07-29 21:49 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\TeamViewer

2008-07-29 21:41 . 2008-07-29 23:46 <DIR> d-------- C:\PenClean

2008-07-29 12:53 . 2008-07-29 12:53 <DIR> d-------- C:\Muestras

2008-07-29 00:09 . 2006-05-25 11:22 <DIR> d-------- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Os meus documentos

2008-07-29 00:09 . 2006-05-25 10:29 <DIR> d--h----- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Modelos

2008-07-29 00:09 . 2006-05-25 11:22 <DIR> dr------- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Menu Iniciar

2008-07-29 00:09 . 2006-05-25 11:22 <DIR> d-------- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Favoritos

2008-07-29 00:09 . 2008-07-30 00:02 <DIR> d--h----- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Definições locais

2008-07-29 00:09 . 2006-05-25 11:22 <DIR> d-------- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Ambiente de trabalho

2008-07-29 00:09 . 2008-07-29 00:09 <DIR> d-------- C:\Documents and Settings\Administrador.A-FC05A56592FB4

2008-07-28 23:28 . 2008-07-28 23:43 <DIR> d-------- C:\Programas\Yahoo!

2008-07-28 22:39 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll

2008-07-28 22:33 . 2008-07-28 22:31 4,437 --a------ C:\WINDOWS\hpbvnstp.hi2

2008-07-28 22:33 . 2008-07-28 22:31 1,156 --a------ C:\WINDOWS\hpbvnstp.bu2

2008-07-28 22:30 . 2008-07-28 22:34 4,433 --a------ C:\WINDOWS\hpbvnstp.hi1

2008-07-28 22:30 . 2008-07-28 22:34 1,152 --a------ C:\WINDOWS\hpbvnstp.bu1

2008-07-28 22:03 . 2008-07-28 22:03 <DIR> d-------- C:\WINDOWS\system32\bits

2008-07-28 22:03 . 2008-07-28 22:03 <DIR> d-------- C:\WINDOWS\l2schemas

2008-07-28 22:00 . 2008-07-28 22:03 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-07-28 21:52 . 2008-07-28 21:52 <DIR> d-------- C:\WINDOWS\EHome

2008-07-28 21:42 . 2004-08-04 00:38 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-07-27 17:21 . 2008-07-29 22:26 8,192 --ahs---- C:\WINDOWS\Thumbs.db

2008-07-27 15:22 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-07-27 15:21 . 2008-07-27 15:21 <DIR> d-------- C:\Programas\Panda Security

2008-07-27 15:06 . 2008-07-18 00:47 20,480 -r-hs---- C:\WINDOWS\isys32.exe

2008-07-11 10:54 . 2008-07-11 10:54 <DIR> d-------- C:\Programas\iTunes

2008-07-11 10:54 . 2008-07-11 10:54 <DIR> d-------- C:\Programas\iPod

2008-07-11 10:54 . 2008-07-11 10:54 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Apple Computer

2008-07-11 10:53 . 2008-07-11 10:53 <DIR> d-------- C:\Programas\Bonjour

2008-07-11 10:52 . 2008-07-11 10:53 <DIR> d-------- C:\Programas\QuickTime

2008-07-11 10:52 . 2008-07-11 10:52 <DIR> d-------- C:\Programas\Apple Software Update

2008-07-11 10:52 . 2008-07-11 10:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer

2008-07-11 10:51 . 2008-07-11 10:51 <DIR> d-------- C:\Programas\Ficheiros comuns\Apple

2008-07-11 10:51 . 2008-07-11 10:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-29 22:14 --------- d--h--w C:\Programas\Zero G Registry

2008-07-29 22:14 --------- d-----w C:\Programas\Hewlett-Packard

2008-07-29 15:29 --------- d-----w C:\Programas\Conta2004

2008-06-26 08:17 --------- d-----w C:\Programas\Ficheiros comuns\Adobe

2008-06-26 08:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\AdobeUM

2008-06-20 17:47 248,320 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-18 12:43 --------- d-----w C:\Programas\Mozilla Firefox 3 Beta 3

2008-06-14 17:33 272,640 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-07 05:11 1,294,848 ----a-w C:\WINDOWS\system32\quartz.dll

2006-02-17 14:42 6,130 ----a-w C:\Programas\Uninst.isu

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative Detector"="C:\Programas\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]

"googletalk"="C:\Programas\Google\Google Talk\googletalk.exe" [2006-08-16 01:42 3661824]

"PcSync"="C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 17:09 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]

"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2004-07-29 14:55 139264]

"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 15:15 139264]

"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 16:55 180224]

"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 18:26 245760]

"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-10-02 16:34 184320]

"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 15:31 1327104]

"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2004-09-28 15:02 249856]

"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2004-06-16 23:33 98304]

"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe" [2004-08-03 18:18 1083392]

"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 13:36 229376]

"AppleSyncNotifier"="C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"QuickTime Task"="C:\Programas\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"iTunesHelper"="C:\Programas\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

"HP Software Update"="C:\Programas\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]

"TomcatStartup 2.5"="C:\Programas\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 17:57 245760]

"Internet Explorer Sys32"="isys32.exe" [2008-07-18 00:47 20480 C:\WINDOWS\isys32.exe]

"AME_CSA"="amecsa.cpl" [2003-01-28 15:47 614400 C:\WINDOWS\system32\AmeCSA.cpl]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 17:09 15360]

 

C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicio\

HP Digital Imaging Monitor.lnk - C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]

Inicializa‡Æo r pida do HP Image Zone.lnk - C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Programas\\Messenger\\msmsgs.exe"=

"C:\\Programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programas\\MSN Messenger\\livecall.exe"=

"C:\\Programas\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Programas\\iTunes\\iTunes.exe"=

 

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

R3 HPPLSBULK;HPPLSBULK;C:\WINDOWS\system32\drivers\hpplsbulk.sys [2005-02-03 00:29]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

 

2008-06-30 C:\WINDOWS\Tasks\GBMPro6 Task - Contabilidade - ContaPlus 2004.job

- C:\Programas\Genie-Soft\GBMPro 6.0\GBMPro.exe [2005-05-10 12:50]

 

2007-10-29 C:\WINDOWS\Tasks\GBMPro6 Task - Contabilidade - Excel.job

- C:\Programas\Genie-Soft\GBMPro 6.0\GBMPro.exe [2005-05-10 12:50]

 

2008-07-29 C:\WINDOWS\Tasks\McAfee.com Update Check (A-FC05A56592FB4-Admin).job

- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2004-10-02 16:34]

 

2008-07-29 C:\WINDOWS\Tasks\McAfee.com Update Check (A-FC05A56592FB4-Admin).job

- C:\PROGRA~1\mcafee.com\agent [2006-08-11 11:01]

 

2008-07-29 C:\WINDOWS\Tasks\WebReg PTB.job

- C:\Programas\HP\digital imaging\bin\hpqwrg.exe [2004-11-04 20:12]

.

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = about:blank

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R0 -: HKLM-Main,Start Page = about:blank

R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore

O8 -: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O17 -: HKLM\CCS\Interface\{EC273DCE-43A8-4597-B32E-F06F204C4D4C}: NameServer = 195.23.129.126 194.79.69.222

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-30 00:03:15

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execuçao ---------------------

 

PROCESSOS: C:\WINDOWS\system32\lsass.exe

-> C:\WINDOWS\system32\McRtl32.dll

.

Tempo para conclusão: 2008-07-30 0:04:25

ComboFix-quarantined-files.txt 2008-07-29 23:04:21

 

Pre-Run: 140,706,820,096 bytes livres

Post-Run: 140,708,876,288 bytes livres

 

183 --- E O F --- 2008-07-29 17:59:15

[pteixeira 0]

Viva JGarcia, :blush: está dificil arranjar solução?

 

É que estou mm sem saber o q fazer.

 

:cry: Qq coisa q precise é só falar.

[jgarcia 1]

Opa pteixeira,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\WINDOWS\isys32.exe

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Internet Explorer Sys32"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000000

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.
  

Abraços.

[pteixeira 0]

Caro Garcia, uma dúvida

 

Queres que execute este script com a PEN e a IMPRESSORA connectada ao computador?

[jgarcia 1]

Caro Garcia, uma dúvida

 

Queres que execute este script com a PEN e a IMPRESSORA connectada ao computador?

Sim.

[pteixeira 0]

Viva Garcia, peço desculpa por só agora responder.

 

Cá vai Log do COMBOFIX+HIJACK

 

ComboFix 08-07-29.1 - Admin 2008-08-03 15:43:50.4 - NTFSx86

Executando de: C:\Documents and Settings\Admin\Ambiente de trabalho\ComboFix.exe

Command switches used :: C:\Documents and Settings\Admin\Ambiente de trabalho\CFScript.txt

* Criado um novo ponto de restauro

* Resident AV is active

 

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

C:\WINDOWS\isys32.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\isys32.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-03 to 2008-08-03 ))))))))))))))))))))))))))))))))

.

 

2008-07-29 23:52 . 2008-07-29 23:52 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes

2008-07-29 23:52 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-07-29 23:51 . 2008-07-29 23:52 <DIR> d-------- C:\Programas\Malwarebytes' Anti-Malware

2008-07-29 23:51 . 2008-07-29 23:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2008-07-29 23:51 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-07-29 23:14 . 2004-05-10 21:11 40,960 --a------ C:\WINDOWS\system32\d4channel.dll

2008-07-29 23:10 . 2008-07-29 23:12 <DIR> d-------- C:\Programas\Ficheiros comuns\HP

2008-07-29 23:06 . 2007-09-21 17:44 655 --a------ C:\WINDOWS\hpbvspst.hi1

2008-07-29 23:06 . 2007-09-21 17:45 314 --a------ C:\WINDOWS\hpbvspst.bu1

2008-07-29 23:04 . 2008-07-29 23:04 <DIR> d-------- C:\Temp

2008-07-29 23:03 . 2008-07-29 23:11 <DIR> d-------- C:\Programas\HP

2008-07-29 23:01 . 2008-07-29 23:17 54,174 --a------ C:\WINDOWS\hppins01.dat

2008-07-29 23:01 . 2005-04-08 17:52 2,392 --------- C:\WINDOWS\hppmdl01.dat

2008-07-29 22:55 . 2008-07-29 22:55 <DIR> d-------- C:\WINDOWS\peernet

2008-07-29 22:43 . 2008-07-29 22:43 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\TeamViewer

2008-07-29 22:27 . 2008-07-29 22:27 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-07-29 22:14 . 2008-07-29 22:15 <DIR> d-------- C:\Hijack

2008-07-29 21:49 . 2008-07-29 21:49 <DIR> d-------- C:\Documents and Settings\Admin\temp

2008-07-29 21:49 . 2008-07-29 21:49 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\TeamViewer

2008-07-29 21:41 . 2008-07-29 23:46 <DIR> d-------- C:\PenClean

2008-07-29 12:53 . 2008-07-29 12:53 <DIR> d-------- C:\Muestras

2008-07-29 00:09 . 2006-05-25 11:22 <DIR> d-------- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Os meus documentos

2008-07-29 00:09 . 2006-05-25 10:29 <DIR> d--h----- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Modelos

2008-07-29 00:09 . 2006-05-25 11:22 <DIR> dr------- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Menu Iniciar

2008-07-29 00:09 . 2006-05-25 11:22 <DIR> d-------- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Favoritos

2008-07-29 00:09 . 2008-08-03 15:45 <DIR> d--h----- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Definições locais

2008-07-29 00:09 . 2006-05-25 11:22 <DIR> d-------- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Ambiente de trabalho

2008-07-29 00:09 . 2008-07-29 00:09 <DIR> d-------- C:\Documents and Settings\Administrador.A-FC05A56592FB4

2008-07-28 23:28 . 2008-07-28 23:43 <DIR> d-------- C:\Programas\Yahoo!

2008-07-28 22:39 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll

2008-07-28 22:33 . 2008-07-28 22:31 4,437 --a------ C:\WINDOWS\hpbvnstp.hi2

2008-07-28 22:33 . 2008-07-28 22:31 1,156 --a------ C:\WINDOWS\hpbvnstp.bu2

2008-07-28 22:30 . 2008-07-28 22:34 4,433 --a------ C:\WINDOWS\hpbvnstp.hi1

2008-07-28 22:30 . 2008-07-28 22:34 1,152 --a------ C:\WINDOWS\hpbvnstp.bu1

2008-07-28 22:03 . 2008-07-28 22:03 <DIR> d-------- C:\WINDOWS\system32\bits

2008-07-28 22:03 . 2008-07-28 22:03 <DIR> d-------- C:\WINDOWS\l2schemas

2008-07-28 22:00 . 2008-07-28 22:03 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-07-28 21:52 . 2008-07-28 21:52 <DIR> d-------- C:\WINDOWS\EHome

2008-07-28 21:42 . 2004-08-04 00:38 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-07-27 17:21 . 2008-08-03 15:41 8,192 --ahs---- C:\WINDOWS\Thumbs.db

2008-07-27 15:22 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-07-27 15:21 . 2008-07-27 15:21 <DIR> d-------- C:\Programas\Panda Security

2008-07-11 10:54 . 2008-07-11 10:54 <DIR> d-------- C:\Programas\iTunes

2008-07-11 10:54 . 2008-07-11 10:54 <DIR> d-------- C:\Programas\iPod

2008-07-11 10:54 . 2008-07-11 10:54 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Apple Computer

2008-07-11 10:53 . 2008-07-11 10:53 <DIR> d-------- C:\Programas\Bonjour

2008-07-11 10:52 . 2008-07-11 10:53 <DIR> d-------- C:\Programas\QuickTime

2008-07-11 10:52 . 2008-07-11 10:52 <DIR> d-------- C:\Programas\Apple Software Update

2008-07-11 10:52 . 2008-07-11 10:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer

2008-07-11 10:51 . 2008-07-11 10:51 <DIR> d-------- C:\Programas\Ficheiros comuns\Apple

2008-07-11 10:51 . 2008-07-11 10:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-30 15:43 --------- d-----w C:\Programas\Conta2004

2008-07-29 22:14 --------- d--h--w C:\Programas\Zero G Registry

2008-07-29 22:14 --------- d-----w C:\Programas\Hewlett-Packard

2008-06-26 08:17 --------- d-----w C:\Programas\Ficheiros comuns\Adobe

2008-06-26 08:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\AdobeUM

2008-06-20 17:47 248,320 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-18 12:43 --------- d-----w C:\Programas\Mozilla Firefox 3 Beta 3

2008-06-14 17:33 272,640 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-07 05:11 1,294,848 ----a-w C:\WINDOWS\system32\quartz.dll

2006-02-17 14:42 6,130 ----a-w C:\Programas\Uninst.isu

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative Detector"="C:\Programas\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]

"googletalk"="C:\Programas\Google\Google Talk\googletalk.exe" [2006-08-16 01:42 3661824]

"PcSync"="C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 17:09 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]

"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2004-07-29 14:55 139264]

"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 15:15 139264]

"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 16:55 180224]

"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 18:26 245760]

"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2004-10-02 16:34 184320]

"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 15:31 1327104]

"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2004-09-28 15:02 249856]

"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2004-06-16 23:33 98304]

"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe" [2004-08-03 18:18 1083392]

"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 13:36 229376]

"AppleSyncNotifier"="C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"QuickTime Task"="C:\Programas\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"iTunesHelper"="C:\Programas\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

"HP Software Update"="C:\Programas\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]

"TomcatStartup 2.5"="C:\Programas\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 17:57 245760]

"AME_CSA"="amecsa.cpl" [2003-01-28 15:47 614400 C:\WINDOWS\system32\AmeCSA.cpl]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 17:09 15360]

 

C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicio\

HP Digital Imaging Monitor.lnk - C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]

Inicializa‡Æo r pida do HP Image Zone.lnk - C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Programas\\Messenger\\msmsgs.exe"=

"C:\\Programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programas\\MSN Messenger\\livecall.exe"=

"C:\\Programas\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Programas\\iTunes\\iTunes.exe"=

 

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

R3 HPPLSBULK;HPPLSBULK;C:\WINDOWS\system32\drivers\hpplsbulk.sys [2005-02-03 00:29]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

 

2008-06-30 C:\WINDOWS\Tasks\GBMPro6 Task - Contabilidade - ContaPlus 2004.job

- C:\Programas\Genie-Soft\GBMPro 6.0\GBMPro.exe [2005-05-10 12:50]

 

2007-10-29 C:\WINDOWS\Tasks\GBMPro6 Task - Contabilidade - Excel.job

- C:\Programas\Genie-Soft\GBMPro 6.0\GBMPro.exe [2005-05-10 12:50]

 

2008-08-03 C:\WINDOWS\Tasks\McAfee.com Update Check (A-FC05A56592FB4-Admin).job

- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2004-10-02 16:34]

 

2008-08-03 C:\WINDOWS\Tasks\McAfee.com Update Check (A-FC05A56592FB4-Admin).job

- C:\PROGRA~1\mcafee.com\agent [2006-08-11 11:01]

 

2008-07-29 C:\WINDOWS\Tasks\WebReg PTB.job

- C:\Programas\HP\digital imaging\bin\hpqwrg.exe [2004-11-04 20:12]

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-03 15:46:07

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execuçao ---------------------

 

PROCESSOS: C:\WINDOWS\system32\lsass.exe

-> C:\WINDOWS\system32\McRtl32.dll

.

Tempo para conclusão: 2008-08-03 15:47:06

ComboFix-quarantined-files.txt 2008-08-03 14:46:58

 

Pre-Run: 140,709,273,600 bytes livres

Post-Run: 140,726,276,096 bytes livres

 

169 --- E O F --- 2008-07-29 17:59:15

 

Log Hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:03:41, on 03-08-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\mcafee.com\mps\mscifapp.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Programas\iTunes\iTunesHelper.exe

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\Creative\MediaSource\Detector\CTDetect.exe

C:\Programas\Google\Google Talk\googletalk.exe

C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\hpzipm12.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\FICHEI~1\Nokia\MPAPI\MPAPI3s.exe

C:\Programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Programas\iPod\bin\iPodService.exe

C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE

C:\Programas\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

C:\Programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\WINDOWS\explorer.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\programas\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\programas\mcafee.com\mps\popupkiller.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programas\Hewlett-Packard\Toolbox\hpbpsttp.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Programas\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [googletalk] "C:\Programas\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [PcSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O12 - Plugin for .jsp: C:\Programas\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programas\Yahoo!\Common\yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{EC273DCE-43A8-4597-B32E-F06F204C4D4C}: NameServer = 195.23.129.126 194.79.69.222

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 9001 bytes

 

Obrigado pela paciência

[jgarcia 1]

Opa pteixeira,

 

Submeta o arquivo abaixo ao site da Jotti:

 

C:\WINDOWS\system32\drivers\pavboot.sys

 

... e retorne com o resultado.

 

Abraços.

[pteixeira 0]

OPA cá vai

 

Scan taken on 05 Aug 2008 12:45:29 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

File: pavboot.sys

Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5: 210a628a0d7b3f45257850efbff27538

[pteixeira 0]

Garcia tem mais alguma coisa a fazer para tentar solucionar este problema?

 

Grato

[jgarcia 1]

Opa pteixeira,

 

Execute uma varredura com o ComboFix em Modo Seguro e retorne com o resultado.

 

Abraços.

[pteixeira 0]

Junto anexo Log do COMBOFIX em modo de segurança + hijack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:06:56, on 13-08-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\Programas\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\mcafee.com\mps\mscifapp.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\Creative\MediaSource\Detector\CTDetect.exe

C:\Programas\Google\Google Talk\googletalk.exe

C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\hpzipm12.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\FICHEI~1\Nokia\MPAPI\MPAPI3s.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

C:\Programas\iPod\bin\iPodService.exe

C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE

C:\Programas\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Hijack\HiJackThis.exe

C:\Programas\Internet Explorer\iexplore.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acduarte.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\programas\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\programas\mcafee.com\mps\popupkiller.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programas\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programas\Hewlett-Packard\Toolbox\hpbpsttp.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Programas\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [googletalk] "C:\Programas\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [PcSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O12 - Plugin for .jsp: C:\Programas\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programas\Yahoo!\Common\yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{EC273DCE-43A8-4597-B32E-F06F204C4D4C}: NameServer = 195.23.129.126 194.79.69.222

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\Firewall\cmdagent.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 9219 bytes

 

COMBO

ComboFix 08-08-12.01 - Admin 2008-08-13 10:59:13.5 - NTFSx86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.2070.18.375 [GMT 1:00]

Executando de: C:\Documents and Settings\Admin\Ambiente de trabalho\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))))

.

 

2008-08-13 10:49 . 2008-08-13 10:51 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-08-13 10:48 . 2008-05-01 15:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-13 10:32 . 2008-04-11 20:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-07 18:24 . 2008-08-11 14:53 <DIR> d-------- C:\Programas\Conta2004

2008-08-07 17:51 . 2008-08-07 18:21 <DIR> d-------- C:\Programas\Conta2004.1

2008-08-03 18:44 . 2008-08-03 18:44 <DIR> d-------- C:\Programas\COMODO

2008-08-03 18:44 . 2008-08-03 18:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\comodo

2008-08-03 18:44 . 2008-08-03 18:44 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Comodo

2008-08-03 18:44 . 2008-08-03 18:44 143,104 --a------ C:\WINDOWS\system32\guard32.dll

2008-08-03 18:44 . 2008-08-03 18:44 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys

2008-08-03 18:44 . 2008-08-03 18:44 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys

2008-08-03 17:37 . 2008-08-03 17:37 <DIR> d-------- C:\Programas\CCleaner

2008-08-03 16:30 . 2008-08-03 16:30 <DIR> d-------- C:\WINDOWS\peernet

2008-07-29 23:52 . 2008-07-29 23:52 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes

2008-07-29 23:52 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-07-29 23:51 . 2008-08-03 16:33 <DIR> d-------- C:\Programas\Malwarebytes' Anti-Malware

2008-07-29 23:51 . 2008-07-29 23:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2008-07-29 23:51 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-07-29 23:14 . 2004-05-10 21:11 40,960 --a------ C:\WINDOWS\system32\d4channel.dll

2008-07-29 23:10 . 2008-07-29 23:12 <DIR> d-------- C:\Programas\Ficheiros comuns\HP

2008-07-29 23:06 . 2007-09-21 17:44 655 --a------ C:\WINDOWS\hpbvspst.hi1

2008-07-29 23:06 . 2007-09-21 17:45 314 --a------ C:\WINDOWS\hpbvspst.bu1

2008-07-29 23:03 . 2008-07-29 23:11 <DIR> d-------- C:\Programas\HP

2008-07-29 23:01 . 2008-07-29 23:17 54,174 --a------ C:\WINDOWS\hppins01.dat

2008-07-29 23:01 . 2005-04-08 17:52 2,392 --------- C:\WINDOWS\hppmdl01.dat

2008-07-29 22:43 . 2008-07-29 22:43 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\TeamViewer

2008-07-29 22:27 . 2008-07-29 22:27 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-07-29 22:14 . 2008-08-03 16:03 <DIR> d-------- C:\Hijack

2008-07-29 21:49 . 2008-07-29 21:49 <DIR> d-------- C:\Documents and Settings\Admin\temp

2008-07-29 21:49 . 2008-07-29 21:49 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\TeamViewer

2008-07-29 00:09 . 2006-05-25 11:22 <DIR> d-------- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Os meus documentos

2008-07-29 00:09 . 2006-05-25 10:29 <DIR> d--h----- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Modelos

2008-07-29 00:09 . 2006-05-25 11:22 <DIR> dr------- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Menu Iniciar

2008-07-29 00:09 . 2006-05-25 11:22 <DIR> d-------- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Favoritos

2008-07-29 00:09 . 2008-08-13 11:01 <DIR> d--h----- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Definições locais

2008-07-29 00:09 . 2006-05-25 11:22 <DIR> d-------- C:\Documents and Settings\Administrador.A-FC05A56592FB4\Ambiente de trabalho

2008-07-29 00:09 . 2008-07-29 00:09 <DIR> d-------- C:\Documents and Settings\Administrador.A-FC05A56592FB4

2008-07-28 23:28 . 2008-07-28 23:43 <DIR> d-------- C:\Programas\Yahoo!

2008-07-28 22:39 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll

2008-07-28 22:33 . 2008-07-28 22:31 4,437 --a------ C:\WINDOWS\hpbvnstp.hi2

2008-07-28 22:33 . 2008-07-28 22:31 1,156 --a------ C:\WINDOWS\hpbvnstp.bu2

2008-07-28 22:30 . 2008-07-28 22:34 4,433 --a------ C:\WINDOWS\hpbvnstp.hi1

2008-07-28 22:30 . 2008-07-28 22:34 1,152 --a------ C:\WINDOWS\hpbvnstp.bu1

2008-07-28 22:03 . 2008-07-28 22:03 <DIR> d-------- C:\WINDOWS\system32\bits

2008-07-28 22:03 . 2008-07-28 22:03 <DIR> d-------- C:\WINDOWS\l2schemas

2008-07-28 22:00 . 2008-07-28 22:03 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-07-28 21:52 . 2008-07-28 21:52 <DIR> d-------- C:\WINDOWS\EHome

2008-07-28 21:42 . 2004-08-04 00:38 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-07-27 17:21 . 2008-08-03 15:51 8,192 --ahs---- C:\WINDOWS\Thumbs.db

2008-07-27 15:22 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-07-27 15:21 . 2008-07-27 15:21 <DIR> d-------- C:\Programas\Panda Security

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-07 17:25 --------- d-----w C:\Programas\Conta2004.3

2008-08-07 16:52 --------- d-----w C:\Programas\Conta2004.2

2008-08-03 16:39 --------- d-----w C:\Programas\Mozilla Firefox 3 Beta 3

2008-07-29 22:14 --------- d--h--w C:\Programas\Zero G Registry

2008-07-29 22:14 --------- d-----w C:\Programas\Hewlett-Packard

2008-07-11 09:54 --------- d-----w C:\Programas\iTunes

2008-07-11 09:54 --------- d-----w C:\Programas\iPod

2008-07-11 09:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer

2008-07-11 09:54 --------- d-----w C:\Documents and Settings\Admin\Application Data\Apple Computer

2008-07-11 09:53 --------- d-----w C:\Programas\QuickTime

2008-07-11 09:53 --------- d-----w C:\Programas\Bonjour

2008-07-11 09:52 --------- d-----w C:\Programas\Apple Software Update

2008-07-11 09:51 --------- d-----w C:\Programas\Ficheiros comuns\Apple

2008-07-11 09:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple

2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-26 08:17 --------- d-----w C:\Programas\Ficheiros comuns\Adobe

2008-06-26 08:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\AdobeUM

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:47 248,320 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:33 272,640 ------w C:\WINDOWS\system32\drivers\bthport.sys

2006-02-17 14:42 6,130 ----a-w C:\Programas\Uninst.isu

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative Detector"="C:\Programas\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]

"googletalk"="C:\Programas\Google\Google Talk\googletalk.exe" [2006-08-16 01:42 3661824]

"PcSync"="C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 17:09 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]

"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2004-07-29 14:55 139264]

"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 15:15 139264]

"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 16:55 180224]

"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 18:26 245760]

"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2004-10-02 16:34 184320]

"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 15:31 1327104]

"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2004-09-28 15:02 249856]

"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2004-06-16 23:33 98304]

"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe" [2004-08-03 18:18 1083392]

"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 13:36 229376]

"AppleSyncNotifier"="C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2008-05-27 10:50 413696]

"iTunesHelper"="C:\Programas\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

"HP Software Update"="C:\Programas\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]

"COMODO Firewall Pro"="C:\Programas\COMODO\Firewall\cfp.exe" [2008-08-03 18:43 1655552]

"TomcatStartup 2.5"="C:\Programas\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 17:57 245760]

"AME_CSA"="amecsa.cpl" [2003-01-28 15:47 614400 C:\WINDOWS\system32\AmeCSA.cpl]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 17:09 15360]

 

C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicio\

HP Digital Imaging Monitor.lnk - C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]

Inicializa‡Æo r pida do HP Image Zone.lnk - C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programas\\Google\\Google Talk\\googletalk.exe"=

"C:\\Programas\\Messenger\\msmsgs.exe"=

"C:\\Programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programas\\MSN Messenger\\livecall.exe"=

"C:\\Programas\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Programas\\iTunes\\iTunes.exe"=

 

R3 HPPLSBULK;HPPLSBULK;C:\WINDOWS\system32\drivers\hpplsbulk.sys [2005-02-03 00:29]

S0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-03 18:44]

S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-03 18:44]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

 

2008-06-30 C:\WINDOWS\Tasks\GBMPro6 Task - Contabilidade - ContaPlus 2004.job

- C:\Programas\Genie-Soft\GBMPro 6.0\GBMPro.exe [2005-05-10 12:50]

 

2007-10-29 C:\WINDOWS\Tasks\GBMPro6 Task - Contabilidade - Excel.job

- C:\Programas\Genie-Soft\GBMPro 6.0\GBMPro.exe [2005-05-10 12:50]

 

2008-08-13 C:\WINDOWS\Tasks\McAfee.com Update Check (A-FC05A56592FB4-Admin).job

- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2004-10-02 16:34]

 

2008-08-13 C:\WINDOWS\Tasks\McAfee.com Update Check (A-FC05A56592FB4-Admin).job

- C:\PROGRA~1\mcafee.com\agent [2006-08-11 11:01]

 

2008-07-29 C:\WINDOWS\Tasks\WebReg PTB.job

- C:\Programas\HP\digital imaging\bin\hpqwrg.exe [2004-11-04 20:12]

.

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.acduarte.pt/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R0 -: HKLM-Main,Start Page = about:blank

R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore

R1 -: HKCU-Internet Settings,ProxyOverride = *.local;<local>

O8 -: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-13 11:01:57

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execuçao ---------------------

 

PROCESSOS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\guard32.dll

 

PROCESSOS: C:\WINDOWS\system32\lsass.exe

-> C:\WINDOWS\system32\guard32.dll

.

Tempo para conclusão: 2008-08-13 11:03:10

ComboFix-quarantined-files.txt 2008-08-13 10:03:03

 

Pre-Run: 141,256,462,336 bytes livres

Post-Run: 141,456,588,800 bytes livres

 

187 --- E O F --- 2008-07-29 17:59:15

[jgarcia 1]

Opa pteixeira,

 

Baixe o SilentRunners.

 

Extraia o arquivo SilentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo.

 

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole em sua próxima resposta.

 

Abraços.

 

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.